I was wondering whether it is possible to blacklist an interface and stop Wireshark from scanning it? We have a user who is wanting to create virtual network adapters with Mininet, they will need wireshark to debug and check packets are moving between virtual adapters. The problem is we have a fairly strict network policy which states port scanning and packet scanning is not allowed. I was hoping that there was some config that would let me blacklist wireshark from using the main physical network adapter and restrict the ability of a user scanning packets on the network. Thanks asked 24 Apr '17, 08:40 fyberoptik edited 24 Apr '17, 08:44 |
One Answer:
Well, the short and fast answer is: no, it's not possible to blacklist an interface. Even if you select to 'hide' an interface, the user can 'unhide' it, and the traffic will still show up on the 'All' interface. answered 25 Apr '17, 07:14 Jaap ♦ Thanks for your help Jaap, I think I will have to admit defeat on this one. (26 Apr '17, 03:30) fyberoptik |
Why is that a problem if all is inside a VM? What platform are we talking about?
The main issue with a VM type solution is that it would give users free reign to install other unmanaged operating systems on a network which closely managed.
This solution is needed for a Linux/Ubuntu 16.04 machine.
I still wonder how you would manage mininet in such context anyway. Attaching a real network interface to the topology can have some interesting consequences.