April 12th, 2004, 10:59 PM
AntiSniff program... is there any Better?
I try AntiSniff v1.02.1 under Windows 2000 to catch who steal my passwords on LAN but when I start scan my PC rebooted.
Then I start program under XP and it told that it canít find network card or something I donít remember...
Is there anyone for whom this program works? Or is there any analog programs to catch whoís sniffing packets?
April 12th, 2004, 11:05 PM
You might need winpcap installed, but I thought it wasn't reasonably possible to find a sniffer on a network.
April 13th, 2004, 12:05 PM
Where can i find it i try google but it show so many different results so i dont know... this prog have homepage?
I try this one http://winpcap.polito.it/default.htm but dunno what it do, anyway it reboots after i run antisniff.
April 13th, 2004, 12:26 PM
you can get the winpcap driver here-
April 13th, 2004, 12:28 PM
But what it do i dont understand anything from site.
April 13th, 2004, 12:30 PM
Passive monitoring, be it a network sniffer, wiretap, tempest monitoring, microwave side-lobe, etc tend to be infeasible to detect.
As a rule the only way to detect is to verify all the weak points secure (every network node, every inch of cable and perhaps the area around the cables, everything that might be emiting anything useful, checking all the potential side-lobe access hot spots to ensure they are monitoring equipment free)
With all areas of security, assume a compromise and limit its effects. (application isolation, personel seperation of duties, or in this case encrypt the data in such a manner to render a monitor useless) Other anti-monitoring techniques are fundementally flawed and shouldn't have resources wasted on them. (same for all security models that attempt to prevent the inevitable rather than contain it)
April 13th, 2004, 12:37 PM
Well i am not expert so i dont know stuff you told me.
And i am most denfenetly will not search every inch of cable.
April 13th, 2004, 01:56 PM
I really need to make a better point of paying attention to which forum threads on the front page are in.
jo... you cannot reliably (read "cost effectively") prevent or detect the monitoring of data in transit, so don't worry about it.
April 13th, 2004, 01:59 PM
How would you define "cost effectively"? Couldn't encryption be used to "prevent" monitoring of data in transit (say through SSH Tunnelling or other methods like VPNs)?
you cannot reliably (read "cost effectively") prevent or detect the monitoring of data in transit, so don't worry about it.
April 13th, 2004, 02:11 PM
Encryption does not prevent or detect monitoring, it merely presents the monitor with (in theory) unusable data. This may seem nitpicky, but I did mention encryption in my first post as a better answer to his situation.