This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Blacklist an Interface

0

I was wondering whether it is possible to blacklist an interface and stop Wireshark from scanning it?

We have a user who is wanting to create virtual network adapters with Mininet, they will need wireshark to debug and check packets are moving between virtual adapters.

The problem is we have a fairly strict network policy which states port scanning and packet scanning is not allowed.

I was hoping that there was some config that would let me blacklist wireshark from using the main physical network adapter and restrict the ability of a user scanning packets on the network.

Thanks

asked 24 Apr '17, 08:40

fyberoptik's gravatar image

fyberoptik
11114
accept rate: 0%

edited 24 Apr '17, 08:44

Why is that a problem if all is inside a VM? What platform are we talking about?

(24 Apr '17, 09:37) Jaap ♦

The main issue with a VM type solution is that it would give users free reign to install other unmanaged operating systems on a network which closely managed.

This solution is needed for a Linux/Ubuntu 16.04 machine.

(25 Apr '17, 02:11) fyberoptik

I still wonder how you would manage mininet in such context anyway. Attaching a real network interface to the topology can have some interesting consequences.

(25 Apr '17, 07:14) Jaap ♦

One Answer:

0

Well, the short and fast answer is: no, it's not possible to blacklist an interface. Even if you select to 'hide' an interface, the user can 'unhide' it, and the traffic will still show up on the 'All' interface.

answered 25 Apr '17, 07:14

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%

Thanks for your help Jaap, I think I will have to admit defeat on this one.

(26 Apr '17, 03:30) fyberoptik