This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

My roomate just announced he installed wireshark on our home network. He claims "for security" but from what? Anyways, is there a way to block him from reading my network traffic if we are on the same router? We have Comcast cable if that helps. What can I do o protect my privacy outside of asking him to remove the software?

asked 09 Aug '11, 19:13

loki6279's gravatar image

loki6279
1111
accept rate: 0%

edited 09 Aug '11, 20:51

helloworld's gravatar image

helloworld
3.1k42041

More details: Roomate is very computer savvy, we are both using wired connections to cable router, both running windows. Hes removed it from what he claims as of today (8/10) because He heard that "Comcast (ISP) will cancel service if they detect a packet sniffer on their network."

(10 Aug '11, 20:42) loki6279

Well, good for you! :)

In this case, Comcast would only suspend or terminate your service if you use Wireshark maliciously (e.g., sniffing for passwords). As it turns out, I just learned that I've violated Comcast's AUP (easy to do if you're a power user), and I'm obligated to notify them so that they can close my account (right...).

I'm not sure how they'd detect Wireshark since it's a passive application. Someone would have to report you in order for Comcast to act.

(10 Aug '11, 22:10) helloworld

First of all, "security reasons" can be that he wants to check if his own computer is communicating in ways he didn't authorize - meaning, checking if a trojan horse or botnet has taken over his PC without him knowing. It has to be said that very often those bad boy programs also do prohibit Wireshark to see what they're doing, so running it on an possibly infected PC doesn't always help.

If you're on one of these usual home routers it depends how you connect to it. If you both connect over WiFi he might be able to capture all data (unless he's running Windows and without an AirPCAP adapter, in which case he'll only see his own traffic). If you have a wired setup you'll all be connected to the integrated switch within the router, which means that your traffic is separated from his and he can't record anything you do except (mostly harmless) broadcast frames.

What you could do is make sure that you only login to important services using SSL encryption, meaning HTTPS etc. That way he might be able to record, but not able to decode.

permanent link

answered 09 Aug '11, 20:23

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

I don't know if I'd call this example a "security reason" because by that time, security might already have been breached. Wireshark would then be used only as a troubleshooting / post-analysis tool.

If he wants to secure his computer from viruses/worms and attacks (which might be what he meant), the obvious is to use anti-virus and firewall software.

(09 Aug '11, 20:48) helloworld

Depends on how savvy your roommate is. If your household is connected to the Internet via a switch, as is common these days, and if he has installed wireshark only on his own PC, then he will only be able to monitor his own traffic.

If, on the other hand, he has managed to insert a network tap or an older-style hub device into the path to the Internet, then he may be able to monitor all household traffic. This would require a higher than average level of network savvy on the part of your roommate, but it would not be particularly difficult.

If the latter, then you should prevail upon your roommate to remove wireshark and stop any monitoring. Short of that, you would have to set up some sort of encrypted tunnel (VPN), or provision a separate physical connection for your own traffic to the Internet.

The above assumes wired connections within the household. If you are using wireless, then you should also be using WPA2 encryption for the wireless connections themselves. (Note that WEP or WPA encryption are insufficient). This is simply good practice, and goes beyond anything your roommate might be doing. If your wireless connections are not encrypted in the first place, then you should also be worried about what your neighbors may be monitoring.

permanent link

answered 09 Aug '11, 20:58

griff's gravatar image

griff
36139
accept rate: 10%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×36
×34

question asked: 09 Aug '11, 19:13

question was seen: 6,249 times

last updated: 18 Aug '11, 07:23

p​o​w​e​r​e​d by O​S​Q​A