Re: Wireshark in Network - Windows/Linux

[ronnie sahlberg <ronniesahlberg () gmail com>]

On Sat, Mar 13, 2010 at 2:23 PM, Karthik Balaguru
<karthikbalaguru79 () gmail com> wrote:

> Interesting to know that Linux TCP/IP stack implementation answers to
> TCP/IP packets even if the MAC address on that packet is
> wrong(Promiscuous mode). But, Is this made intentionally in Linux to
> be different from standard behavior in helping the determination of
> presence of sniffer in network ? Any thoughts ?

No, this has nothing to do with sniffer detection but just that linux
is much more flexible with its network stack than traditional unix.
Linux defaults to a very loose association between interfaces and
addresses   while legacy systems traditionally had a very strong
association.

See it as linux defaults to all addresses being loopback addresses,
while other systems default to all addresses being interface
addresses.


It just makes it easier to do a lot of fancy stuff that was
traditionally only done inside routers but seldom in hosts.
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe