|
EtherealRe: [Ethereal-users] Help |
|
||
|
|
EtherealRe: [Ethereal-users] Help |
|
||
I think I just answered the counter-oppositee of your question. to get it straight: A) libpcap sometimes looses packets B) corrupt ethernet frames usually are not passed to the kernel by the NIC so libpcap cannot get them. C) If you are using a mirror port on a heavy loaded switch you might not be able to get all the frames that go through. while for B and C there's little to do. for Ago to Statistics->Summary Dropped Packets is what you are looking for. Sorry for the counteropposite answer. On Apr 7, 2005 8:29 PM, LEGO <luis.ontanon@xxxxxxxxx> wrote: > > Hi all, > > Is it true that ethereal is not able to capture all data...if > > yes then how can we find that ethereal is not capturing all data...... > > Yes and no, it depends on your network setup. > > Some years ago in the l0pht.com site it said they have a system to > detect whether or not a card in a network was in promiscuous mode, I > personally did not took it seriously (as a matter of fact the paper > has disappeared from the @stake site). The only reference to it I > could found googling was > http://www.securityfocus.com/tools/category/74 . > I am ready to bet a huge sum that it doesn't work, but I cannot say > that under oath. > > Anyway security in your network should not depend on a third party not > being able to listen. As a rule of thumb If there's sensitive data USE > encryption. > -- This information is top security. When you have read it, destroy yourself. -- Marshall McLuhan
Powered by MHonArc 2.6.10