detecting wireshark and ethereal
Bookmark this page:
 Yahoo!
 Google
 Windows Live
 del.icio.us
 digg
 Netscape
|
|
||||||||||||||||||||||
|
Posted by on September 23, 2008, 9:13 pm
Please log in for more thread options anyway to detect wireshark and ethereal users on a wireless network? | ||||||||||||||||||||||
|
Posted by Jeff Liebermann on September 23, 2008, 10:12 pm
Please log in for more thread options On Tue, 23 Sep 2008 18:13:59 -0700 (PDT), genericprofile13@gmail.com wrote: >anyway to detect wireshark and ethereal users on a wireless network?
Nope. Both are passive sniffers and do not require any transmitting by the sniffer (unlike Netstumbler). -- # Jeff Liebermann 150 Felker St #D Santa Cruz CA 95060 # 831-336-2558 jeffl@comix.santa-cruz.ca.us # http://802.11junk.com jeffl@cruzio.com # http://www.LearnByDestroying.com AE6KS | ||||||||||||||||||||||
|
Posted by Axel Hammerschmidt on September 24, 2008, 2:11 pm
Please log in for more thread options
> anyway to detect wireshark and ethereal users on a wireless network?
Send out a packet to a MAC address you know is not on the network. I think an ARP packet or something like that - any packet that a card in passive mode would normally respond to. Here are two (Google) hits explaining in more detail how, along with some of the exceptions: <http://www.linuxjournal.com/article/5201>
<http://cns.tstc.edu/cpate/LINUX/Linux_How2/Sniffers.htm>
| ||||||||||||||||||||||
|
Posted by Jesse Thompson on September 25, 2008, 1:58 pm
Please log in for more thread options
Unfortunately, Axel's advice only applies on an ethernet network. If people are sniffing your traffic wirelessly (either via unencrypted wireless, or comprimised WEP keys) they are likely using an application like KISMET to collect the packet data. (this dumped packet data can then be analyzed offline via Wireshark). KISMET does not participate in the wireless network to collect packets, in essense it represents a level of passivity that even Wireshark alone doesn't match. Active arp/mac/latency probes on your part will elicit no response from the KISMET user's wireless interface. Your best defense as always is to: * use WPA or WPA2 encryption at all sites you control * At untrusted hotspots or where WPA is not available, handle all truly sensitive data (bank, financial, corporate email) via SSL, TLS, VPN, IPSEC, or SSH Tunnel * Consider all wireless data you handle not protected by either of the above measures as non-private, similar to a conversation in a crowded room. Anyone genuinely interested will hear what you have to say or may interrupt the conversation. Good luck, friend! :) Jesse Thompson, Systems Administrator Webformix, Broadband Internet for Bend, Oregon http://www.webformix.com/bend.html On Sep 24, 11:11=A0am, hl...@hotmail.com (Axel Hammerschmidt) wrote: > > anyway to detect wireshark and ethereal users on a wireless network?
>
> Send out a packet to a MAC address you know is not on the network. I > think an ARP packet or something like that - any packet that a card in > passive mode would normally respond to. > > Here are two (Google) hits explaining in more detail how, along with > some of the exceptions: > > <http://www.linuxjournal.com/article/5201> > > <http://cns.tstc.edu/cpate/LINUX/Linux_How2/Sniffers.htm> | ||||||||||||||||||||||
| Similar Threads | Posted |
| detecting wireshark and ethereal | September 23, 2008, 9:13 pm |
| Ethereal | January 9, 2005, 3:37 pm |
| Ethereal/winpcap over USB | April 21, 2005, 4:00 am |
| Ethereal not working | December 2, 2005, 10:52 am |
| Ethereal see no packets, while SmartSniff sees it all? | July 8, 2006, 9:50 am |
| Ethereal with Intel 2200BG card | May 15, 2007, 11:18 am |
| Using Ethereal for Sniffing Wireless but No Packets on WindowsXP | November 26, 2004, 12:54 am |
| Detecting or Scanning for Clients | October 19, 2004, 4:20 pm |
| Detecting a wireless SSID | January 30, 2005, 12:26 am |
| Detecting intruders wirelessly... | October 3, 2005, 11:03 am |
| Laptop not detecting wireless | August 15, 2007, 8:08 pm |
| Trouble detecting network | October 11, 2007, 10:44 pm |
| xp not detecting correct dhcp address | July 2, 2006, 8:12 pm |
| XP not detecting Linksys Wireless USB Adaptor Properly | February 15, 2006, 7:24 pm |
| Tips and Tricks for Detecting Eavesdropping Devices | August 17, 2006, 9:14 am |