Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Ethereal

Jun 14, 2004 11:08AM PDT

G'day. Have any of you guys/gals heard of Ethereal?
If I have suspected that someone in my LAN has installed Ethereal on his/her PC. How do I block Ethereal from monitoring my LAN traffic?
Thank you.

Regards,
Sim.

Discussion is locked

- Collapse -
Protection from Ethereal is real simple.
Jun 14, 2004 11:26AM PDT

Make sure your HUBS are "switching hubs." That way, only packets bound for their machine are seen. Of course, if it's the Admin that is doing this, then you'd better watch out, you'd better not cry,
You'd better not pout, I'm tellin' you why,
Santa Claus is comin' to town.

Bob

- Collapse -
Re: Protection from Ethereal is real simple.
Jun 14, 2004 12:28PM PDT

G'day Bob. what are switching hubs?
I am using 2 Lantech 16-port switches on my LAN. Thus, what work around do I have?
Please advise. Thank you.

Regards,
Sim.

- Collapse -
Re: Protection from Ethereal is real simple.
Jun 14, 2004 10:43PM PDT

"G'day Bob. what are switching hubs?
I am using 2 Lantech 16-port switches on my LAN. Thus, what work around do I have?
Please advise. Thank you."

Switched hubs only send packets to machines that need to see the packets. So ethernet sniffers can't see all lan traffic on an all switched network.

Bob

- Collapse -
Re: Protection from Ethereal is real simple.
Aug 13, 2004 5:53AM PDT

Not necessarily true... Some switches come out of the box set up as hubs. It is the responsibility of the 'Network Administrator' to set up these boxes so as to restrict access. Typically, connection (for purposses of set-up) is made to the switch through either a serial connection, or via browser (after the ip address is assigned). At least two alternatives for zoning (Virtual LANs) exist. Mapping a group of ports as a Virtual LAN, or using some form of hardware or software supplied identifiers (ip addresses, WWIDs, MAC addresses) to allow those, and only those, self identified machines to see each other's traffic.

- Collapse -
Re: Protection from Ethereal is real simple.
Aug 13, 2004 6:00AM PDT

This is easy. Just run up ethereal and see if you see the other traffic. Despite any naysayer, common switched hubs don't leak traffic. Broadcast messages will show up, but that's by design.

Bob