Home
Certification Preparation
Cisco
CCNA & CCENT
CCNA Security
detecting use of WIRESHARK on network?
mrbinary
i am currently learning how to use wireshark, i use it at home alot but i have lots of free time at work, all i do is build images for desktop rollouts, and i plan on going into network/security at one point in my career, first networking then later specializez in network/security,
i often run wireshark at work to learn the tool, but with me doing passive scanning how can the network team know i am running it if they don't do arp poisining or flooding?
i work for the school district and we have about 1000 plus computers on our network.
thx
Find more posts tagged with
Comments
TechGuru80
Basically the only way you can view other traffic is if there is a hub (doubtful), by using port mirroring, or a nic that will go into promiscuous mode for wireless (these are the normal ways). Right now you are only looking at your traffic without changing network equipment settings. If you are using a school owned computer they can go through your activity and see Wireshark. Generally if you aren't on the network team, there will be some serious questions around why you are using the tool and how you should not be using the tool on the network. The only other people who may use Wireshark outside the network team are malicious most of the time.
mrbinary
ok makes sense, what about not runnning it but having it installed on my computer for use at home? i often will go off the company network and use lte wifi hotspot off my cell data plan and use it that way. but then i am not on any real network other than the mobile providers.
SephStorm
Depends if you connect to a company network that query's or scans connected computers, wireshark would likely come up as an installed program. If its allowed for personal devices, little chance of it being an issue, if it is for work use, then yes, it can be an issue, especially considering that Wireshark does often have vulnerabilities that can be exploited, opening a gateway into the corporate network. Best bet, don't risk your career/ and your freedom, do it at home only, or get written authorization.
YFZblu
Realistically they won't detect it unless they're explicitly looking for Wireshark installs on the network, which they probably are not - And if you're only sniffing passively it's not like there will be a ton more traffic hitting your NIC that wouldn't otherwise be there.
That being said, I wouldn't do it.
mrbinary
thanks guys.
jvrlopez
I've seen people smoked for having Wireshark on their work computers without written permission.
Verities
Honestly, I would not use Wireshark on your work network. If you want to test it out/learn it, do it at home or like you said at a WiFi spot. You can get into some serious trouble if someone finds out you're using it at work for learning purposes. In any case, I've heard the book by Laura Chappell
Wireshark Network Analysis (Second Edition): The Official Wireshark Certified Network Analyst Study Guide,
is a good read and will teach all you need to know about the program.
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
