Determining the presence of wireshark

  • Thread starter Karthik Balaguru
  • Start date
S

Shadow

Hi,
How to determine the presence of wireshark in a network ?
Are there any specific packet types exchanged while it
is present in the network so that it can be used to determine
its presence in the network . Any tool to identify its presence
in either Windows or Linux ? Any ideas ?

Thx in advans,
Karthik Balaguru
Click to expand...
Wireshark has DNS resolving on by default (or it used to, as
far as I can remember). If the sniffer is an amateur, and leaves it
on, you can try to ping an imaginary address. The sniffer's wireshark
will pick up the address and try to resolve it. So just filter with
"dns and "pinged IP"") and you can see which computer wireshark is on.
Duh.
[]'s
Kismet and aircrack of course are MUCH less detectable than
wireshark.......they are totally non intrusive.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Ephemeral ports 3
'netstat' and '-f inet' option 2
Raw socket support in Winsock ? 9
netstat -p UDP -o -> PID and the process name in Windows 4
Internet explorer 8 and Download accelerator 6
Protecting the Windows using Linux 36
Row Height > 409.50 10
Xshell equivalent - Free 7

Top