Wireshark · Wireshark-users: Re: [Wireshark-users] capturing packets in "stealth" mode on Windows

Wireshark-users: Re: [Wireshark-users] capturing packets in "stealth" mode on Windows

From: Ulf Lamping <ulf.lamping@xxxxxx>

Date: Sat, 03 Feb 2007 18:55:34 +0100

David Durgee wrote:

I have downloaded and installed Wireshark 0.99.4 on a
Windows 2000 system.  I am able to capture packets on
my ethernet interface with the interface enabled and
in full operation, but if I disable the interface as I
expect I will need to in order to operate "stealthy"
the interface is not available to select for capture
in Wireshark.

Obviously, if you disable an interface - it's disabled :-)

How do I need to configure things to be able to do
what I need?  Can I define another ethernet interface
using the same NIC that has no protocols enabled on it
and then swap which one is enabled?  Do I need to
disable all protocols on the existing interface for
the capture and then manually re-enable them when I
want to reconnect to the network?

Disabling the TCP/IP stack of that interface should be usually enough tokeep the interface quiet - however, never tried it myself if it's reallyquiet then.

There are potentially a lot of services running on top of a networkinterface, some common today are:

- TCP/IP (switch this off - this will prevent ARP, DNS, NBNS, ... to geton the network)

- VPN (switch this off)
- services to capture network traffic (should send no packets)
- personal firewall software (should send no packets)

Hope this helps,

Regards, ULFL

References:
- [Wireshark-users] capturing packets in "stealth" mode on Windows
  - From: David Durgee

Prev by Date: Re: [Wireshark-users] R: U3 Package?
Next by Date: Re: [Wireshark-users] Reassemble packets from Gnutella download?
Previous by thread: [Wireshark-users] capturing packets in "stealth" mode on Windows
Next by thread: Re: [Wireshark-users] capturing packets in "stealth" mode on Windows
Index(es):
- Date
- Thread