I know that port scanning can set off IDS systems on certain networks due to the suspicious traffic it generates. Can the usage of Wireshark be detected on a network? If so, will using it set off any alert systems, and can it be traced back to you?
Asked
Active
Viewed 130 times
1 Answers
0
You can't detect it by passively listening on the network. But the switches will by default only relay broadcast traffic and traffic destined for a port to a port. One technique to overcome this is to flood the switches with too many addresses, so that the tables overflow and the switch is forced to relay packets to all ports. This is however trivially detectable.
When it comes to active scanning, there may be attacks that can distinguish hosts that have their NIC in promiscuous mode.
vidarlo
- 12,850
- 2
- 35
- 47