detecting use of WIRESHARK on network?

mrbinarymrbinary Member Posts: 19 ■□□□□□□□□□
i am currently learning how to use wireshark, i use it at home alot but i have lots of free time at work, all i do is build images for desktop rollouts, and i plan on going into network/security at one point in my career, first networking then later specializez in network/security,

i often run wireshark at work to learn the tool, but with me doing passive scanning how can the network team know i am running it if they don't do arp poisining or flooding?

i work for the school district and we have about 1000 plus computers on our network.

thx

Comments

  • TechGuru80TechGuru80 Member Posts: 1,539 ■■■■■■□□□□
    Basically the only way you can view other traffic is if there is a hub (doubtful), by using port mirroring, or a nic that will go into promiscuous mode for wireless (these are the normal ways). Right now you are only looking at your traffic without changing network equipment settings. If you are using a school owned computer they can go through your activity and see Wireshark. Generally if you aren't on the network team, there will be some serious questions around why you are using the tool and how you should not be using the tool on the network. The only other people who may use Wireshark outside the network team are malicious most of the time.
  • mrbinarymrbinary Member Posts: 19 ■□□□□□□□□□
    ok makes sense, what about not runnning it but having it installed on my computer for use at home? i often will go off the company network and use lte wifi hotspot off my cell data plan and use it that way. but then i am not on any real network other than the mobile providers.
  • SephStormSephStorm Member Posts: 1,731 ■■■■■■■□□□
    Depends if you connect to a company network that query's or scans connected computers, wireshark would likely come up as an installed program. If its allowed for personal devices, little chance of it being an issue, if it is for work use, then yes, it can be an issue, especially considering that Wireshark does often have vulnerabilities that can be exploited, opening a gateway into the corporate network. Best bet, don't risk your career/ and your freedom, do it at home only, or get written authorization.
  • YFZbluYFZblu Member Posts: 1,462 ■■■■■■■■□□
    Realistically they won't detect it unless they're explicitly looking for Wireshark installs on the network, which they probably are not - And if you're only sniffing passively it's not like there will be a ton more traffic hitting your NIC that wouldn't otherwise be there.

    That being said, I wouldn't do it.
  • mrbinarymrbinary Member Posts: 19 ■□□□□□□□□□
  • jvrlopezjvrlopez Member Posts: 913 ■■■■□□□□□□
    I've seen people smoked for having Wireshark on their work computers without written permission.
    And so you touch this limit, something happens and you suddenly can go a little bit further. With your mind power, your determination, your instinct, and the experience as well, you can fly very high. ~Ayrton Senna
  • VeritiesVerities Member Posts: 1,162
    Honestly, I would not use Wireshark on your work network. If you want to test it out/learn it, do it at home or like you said at a WiFi spot. You can get into some serious trouble if someone finds out you're using it at work for learning purposes. In any case, I've heard the book by Laura Chappell Wireshark Network Analysis (Second Edition): The Official Wireshark Certified Network Analyst Study Guide, is a good read and will teach all you need to know about the program.
Sign In or Register to comment.