anyway to detect wireshark and ethereal users on a wireless network?
- posted
15 years ago
anyway to detect wireshark and ethereal users on a wireless network?
Nope. Both are passive sniffers and do not require any transmitting by the sniffer (unlike Netstumbler).
Send out a packet to a MAC address you know is not on the network. I think an ARP packet or something like that - any packet that a card in passive mode would normally respond to.
Here are two (Google) hits explaining in more detail how, along with some of the exceptions:
Unfortunately, Axel's advice only applies on an ethernet network. If people are sniffing your traffic wirelessly (either via unencrypted wireless, or comprimised WEP keys) they are likely using an application like KISMET to collect the packet data. (this dumped packet data can then be analyzed offline via Wireshark). KISMET does not participate in the wireless network to collect packets, in essense it represents a level of passivity that even Wireshark alone doesn't match. Active arp/mac/latency probes on your part will elicit no response from the KISMET user's wireless interface.
Your best defense as always is to:
Good luck, friend! :)
Jesse Thomps> wrote:
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.