detecting wireshark and ethereal

Nope. Both are passive sniffers and do not require any transmitting by the sniffer (unlike Netstumbler).

Send out a packet to a MAC address you know is not on the network. I think an ARP packet or something like that - any packet that a card in passive mode would normally respond to.

Here are two (Google) hits explaining in more detail how, along with some of the exceptions:

Unfortunately, Axel's advice only applies on an ethernet network. If people are sniffing your traffic wirelessly (either via unencrypted wireless, or comprimised WEP keys) they are likely using an application like KISMET to collect the packet data. (this dumped packet data can then be analyzed offline via Wireshark). KISMET does not participate in the wireless network to collect packets, in essense it represents a level of passivity that even Wireshark alone doesn't match. Active arp/mac/latency probes on your part will elicit no response from the KISMET user's wireless interface.

Your best defense as always is to:

• use WPA or WPA2 encryption at all sites you control

• At untrusted hotspots or where WPA is not available, handle all truly sensitive data (bank, financial, corporate email) via SSL, TLS, VPN, IPSEC, or SSH Tunnel

• Consider all wireless data you handle not protected by either of the above measures as non-private, similar to a conversation in a crowded room. Anyone genuinely interested will hear what you have to say or may interrupt the conversation.

Good luck, friend! :)

Jesse Thomps> wrote: