Wireshark mailing list archives

Re: Secured way of using Wireshark

From: Nagendrababu Maseedu <Nagendra.Babu.Maseedu () convergys com>
Date: Wed, 16 Jun 2010 10:21:21 +0530

Hi Martin,

There is an option to set the remote interface in the wireshark. If my understanding is correct, any wireshark user can 
start capturing packets from a remote machine using this option in wireshark. Am I right?
Of course, there must be some service running on the remote machine to which wireshark on my local box can hook on and 
read packets.

This way of sniffing (hacking?) can make any network vulnerable. At the same time, I cannot restrict the usage of 
wireshark tool itself since this is #1 tool for packet capturing and very useful for my team to debug SIP call flows.

My suggestions for this issue are....
1. Disable/Remove the selection of "Remote" interface in the drop down thus allowing the user to only capture packets 
form/to his/her Local machine.
2. Disable the check box "Capture packets in promiscuous mode".
3. In worst case, individual developers must make sure that there is no service "Remote Packet Capture Protocol" 
running on their local box.

Do you agree if this will satisfy my need?

If yes, how to disable these options (on Windows XP box)?

Thanks and regards,
Nag.


________________________________
From: wireshark-users-bounces () wireshark org [mailto:wireshark-users-bounces () wireshark org] On Behalf Of Martin 
Visser
Sent: Wednesday, June 16, 2010 6:27 AM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] Secured way of using Wireshark

Nag,

I'm not sure what you mean by your question. Capturing packets is for the most part passive, in that you are saving 
packets to a file for viewing. Wireshark does not propagate packets to the rest of the network, no matter how virus 
laden they are. (Certainly as long as those packets are not specially crafted to maybe exploit a vulnerability in 
wireshark itself, which while it ihas been done, is very very rarely actually seen in the wild).

Regards, Martin

MartinVisser99 () gmail com<mailto:MartinVisser99 () gmail com>

On Tue, Jun 15, 2010 at 6:55 PM, Nagendrababu Maseedu <Nagendra.Babu.Maseedu () convergys 
com<mailto:Nagendra.Babu.Maseedu () convergys com>> wrote:
Hi,

Is there a way to capture packets from/to a selected list of IP address on a LAN?
The need is to restrict the packet capturing to a set of machines so that security breach does not happen on other 
machines on the same network.

Please let me know if you have any other mechanism to satisfy this need.


Kind regards,
Nag.

________________________________
NOTICE: The information contained in this electronic mail transmission is intended by Convergys Corporation for the use 
of the named individual or entity to which it is directed and may contain information that is privileged or otherwise 
confidential. If you have received this electronic mail transmission in error, please delete it from your system 
without copying or forwarding it, and notify the sender of the error by reply email or by telephone (collect), so that 
the sender's address records can be corrected.

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org<mailto:wireshark-users () wireshark org>>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request () wireshark org<mailto:wireshark-users-request () wireshark 
org>?subject=unsubscribe


________________________________
NOTICE: The information contained in this electronic mail transmission is intended by Convergys Corporation for the use 
of the named individual or entity to which it is directed and may contain information that is privileged or otherwise 
confidential. If you have received this electronic mail transmission in error, please delete it from your system 
without copying or forwarding it, and notify the sender of the error by reply email or by telephone (collect), so that 
the sender's address records can be corrected.

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

Secured way of using Wireshark Nagendrababu Maseedu (Jun 15)
- Re: Secured way of using Wireshark Martin Visser (Jun 15)
  - Re: Secured way of using Wireshark Nagendrababu Maseedu (Jun 15)
    - Re: Secured way of using Wireshark Guy Harris (Jun 15)
    - Re: Secured way of using Wireshark David H. Lipman (Jun 16)
    - Re: Secured way of using Wireshark Maynard, Chris (Jun 17)
    - Troubleshooting VoIP RTP streams with Wireshark Charles Wu (Jun 17)
    - Re: Troubleshooting VoIP RTP streams with Wireshark Jaap Keuter (Jun 17)
    - Re: Secured way of using Wireshark Jakub Zawadzki (Jun 17)
    - Re: Secured way of using Wireshark Maynard, Chris (Jun 17)
    - Re: Secured way of using Wireshark David H. Lipman (Jun 17)
  - Re: Secured way of using Wireshark Maynard, Chris (Jun 15)
    - Re: Secured way of using Wireshark Martin Visser (Jun 15)

(Thread continues...)