I think I just answered the counter-oppositee of your question.
to get it straight:
A) libpcap sometimes looses packets
B) corrupt ethernet frames usually are not passed to the kernel by the
NIC so libpcap cannot get them.
C) If you are using a mirror port on a heavy loaded switch you might
not be able to get all the frames that go through.
while for B and C there's little to do.
for Ago to Statistics->Summary
Dropped Packets is what you are looking for.
Sorry for the counteropposite answer.
On Apr 7, 2005 8:29 PM, LEGO <luis.ontanon@xxxxxxxxx> wrote:
> > Hi all,
> > Is it true that ethereal is not able to capture all data...if
> > yes then how can we find that ethereal is not capturing all data......
>
> Yes and no, it depends on your network setup.
>
> Some years ago in the l0pht.com site it said they have a system to
> detect whether or not a card in a network was in promiscuous mode, I
> personally did not took it seriously (as a matter of fact the paper
> has disappeared from the @stake site). The only reference to it I
> could found googling was
> http://www.securityfocus.com/tools/category/74 .
> I am ready to bet a huge sum that it doesn't work, but I cannot say
> that under oath.
>
> Anyway security in your network should not depend on a third party not
> being able to listen. As a rule of thumb If there's sensitive data USE
> encryption.
>
--
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan
