David Durgee wrote: > I have downloaded and installed Wireshark 0.99.4 on a > Windows 2000 system. I am able to capture packets on > my ethernet interface with the interface enabled and > in full operation, but if I disable the interface as I > expect I will need to in order to operate "stealthy" > the interface is not available to select for capture > in Wireshark. > Obviously, if you disable an interface - it's disabled :-) > How do I need to configure things to be able to do > what I need? Can I define another ethernet interface > using the same NIC that has no protocols enabled on it > and then swap which one is enabled? Do I need to > disable all protocols on the existing interface for > the capture and then manually re-enable them when I > want to reconnect to the network? > Disabling the TCP/IP stack of that interface should be usually enough to keep the interface quiet - however, never tried it myself if it's really quiet then.
There are potentially a lot of services running on top of a network interface, some common today are: - TCP/IP (switch this off - this will prevent ARP, DNS, NBNS, ... to get on the network) - VPN (switch this off) - services to capture network traffic (should send no packets) - personal firewall software (should send no packets) Hope this helps, Regards, ULFL _______________________________________________ Wireshark-users mailing list [email protected] http://www.wireshark.org/mailman/listinfo/wireshark-users
