AntiSniff program... is there any Better? - Page 2
Page 2 of 2 FirstFirst 12
Results 11 to 20 of 20

Thread: AntiSniff program... is there any Better?

  1. #11
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    Sorry. 3 days and no sleep can make my eyes miss things.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  2. #12
    Senior Member Maestr0's Avatar
    Join Date
    May 2003
    Posts
    604
    "AntiSniff is network card promiscuous mode detector. It works by sending a series of carefully crafted packets in a certain order to a target machine, sniffing the results, and performing timing tests against the target. By measuring timing results and monitoring the target's responses on the network, it can be determined if the target is in promiscuous mode, i.e. sniffing the network. "

    It actually works quite well, although you have to be on the same segment.

    -Maestr0
    \"If computers are to become smart enough to design their own successors, initiating a process that will lead to God-like omniscience after a number of ever swifter passages from one generation of computers to the next, someone is going to have to write the software that gets the process going, and humans have given absolutely no evidence of being able to write such software.\" -Jaron Lanier

  3. #13
    Senior Member
    Join Date
    Feb 2004
    Posts
    105

    re: AntiSniff

    First, I have to agree and echo Catch's statement. Data is most vulnerable whilst in transit. The most popular and efficient means of protecting data in transit is encryption.

    Secondly, I agree with Maestr0- Antisniff is a decent application which will work as intended.

    From the overall context of this thread and the original question, you [jojo...] may be putting the cart before the horse imho. If you're truly worried about someone sniffing on your network, then implement safeguards before it happens rather than worrying about catching it after-the-fact. Doing the former instead of the latter will not only teach you more about information assurance but also be much more productive in both the short and long term.

    Cheers,
    <0
    Ego is the great Logic killer

  4. #14
    Junior Member
    Join Date
    Apr 2004
    Posts
    7
    First its not my network i am just one of users its my isp network my internet works as LAN.
    Second lessthanzero how can i implement safeguards like what, encryption?
    Third i am just wanted help on making antisniff work or getting any program with same function lik antisniff to try check whos sniffing in promiscuous mode thats all i need not network security tutorial.

    Thanks all for help but i still see no help on my subject.

  5. #15
    AO Decepticon CXGJarrod's Avatar
    Join Date
    Jul 2002
    Posts
    2,038
    Originally posted here by jojojojojoj
    Third i am just wanted help on making antisniff work or getting any program with same function lik antisniff to try check whos sniffing in promiscuous mode thats all i need not network security tutorial.[/COLOR]

    Thanks all for help but i still see no help on my subject. [/B]
    "AntiSniff v1.021 - Antisniff is Windows software which will detect if any sniffers are running on the network. Works on Win 95, 98, and NT, but not Win2k . Changes: This release fixes yet another security hole - all users should upgrade again. Homepage here."

    So if you have Win2k or Xp it will not work. Serious work on that tool has not been done since 2000. Look around the net and I am sure you will find something.

    Thanks all for help but i still see no help on my subject.
    You ask us for help. (probably before searching around on Google) Then you complain to us that we are not helping you.
    N00b> STFU i r teh 1337 (english: You must be mistaken, good sir or madam. I believe myself to be quite a good player. On an unrelated matter, I also apparently enjoy math.)

  6. #16
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    Boy. This requires some fancy footwork with Google. I have to admit never looking for these kinds of tools for Windows. But I have found some!

    proDETECT

    Promisc Detect

    That's what I've found thus far. I shall still endeavour to find more...
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  7. #17
    Junior Member
    Join Date
    Apr 2004
    Posts
    7
    Originally posted here by CXGJarrod
    So if you have Win2k or Xp it will not work. Serious work on that tool has not been done since 2000. Look around the net and I am sure you will find something.

    I try under windows 98 to but BsOD apeared as son as i opened prog.
    And i search google but found nothing.

  8. #18
    Junior Member
    Join Date
    Apr 2004
    Posts
    7
    Also i remember i have same reboot problem with SpyNet sniffer when i try to run it couple formats ago, but not it works fine i dont know why.
    I have build in network card BroadCom NetExtreme Gigabit Ethernet or something BCM57xx with latest driver.

  9. #19
    Senior Member
    Join Date
    Mar 2004
    Posts
    139

    Yo, jojojojoj,
    I did a bit of research on Antisniff. This is not a simple tool to use, and requires an understanding of network protocols. I don't think that you need 'winpcap', but more importantly, you would need to be able to establish a baseline of the network segment
    you are trying to check, meaning that you need an idea of how your data looks like "without"
    a network sniffer installed. Once you have a "signature", you can then compare packet data to find irregularities.

    In addition, Antisniff uses a lot of resources, a high level app, so you shouldn't be running any
    other programs in the background.

    On a side note:

    When I installed 'Ethereal', I downloaded winpcap (a windows packet capturing library file), and placed both winpcap and Ethereal into the same folder, for example C:\Documents & Settings\user \Computer Utilities\Networking Tools\Ethereal...

    click on winpcap to install the library file, then click on Ethereal to install the sniffer...it will install itself into a program folder and place a shortcut on your desktop...
    winpcap runs in the background when you run Ethereal, so there is nothing to click on, as far as winpcap is concerned. You will have to make sure you get the correct version of winpcap for Ethereal. This should work for Snort as well, apart from having to tweak some configs in Snort. Also, once winpcap is installed, you don't need to install it again, should you want to add Snort to Ethereal or vice versa.

    Running Ethereal, you can capture packets by placing your NIC into promiscuous mode, and for example read the passwords of your e-mail accounts as they query the mail server, provided you told your client to remember them, or even as you type them in. Tons of fun...
    Now I haven't tried to encrypt my passwords, but it seems that that woud be the only way to prevent someone with a sniffer from reading them...so you may want to check on that.

    I caution you not to install a sniffer on a network for which you do not have authority to do so, and to be aware that you may be infringing on privacy rights of other users on that network!!! But it is a great way to learn about Network Protocols by installing it on your own computer, and capturing your 'own' data.

    Once you understand that, Antisniff may be a useful tool to you.

    g8way2u

  10. #20
    Banned
    Join Date
    Mar 2004
    Posts
    20
    just wanna make sure that can sniffer run under switch network??? why some article mention can be sniff under a switch ethernet network? can i do it with those technique like ARP poisoning, or level 2 compromising? any way or method i can perform a sniff under switch? any nice sniffer tool recommend?? Ethereal? Cain and Abel? sTerm? EtherPeek? or Spynet(does it work under W2K)??

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •