Sniffing Detection
Page 1 of 2 12 LastLast
Results 1 to 10 of 19

Thread: Sniffing Detection

  1. #1
    Senior Member
    Join Date
    Dec 2002
    Posts
    144

    Sniffing Detection

    is there a way that i can detect someone is sniffing packets in my network?
    BlAcKiE
    GearBlitz

  2. #2
    Senior Member
    Join Date
    Apr 2004
    Posts
    1,130
    if the sniffer machine is totally passive and never sends/replies a packet, no.
    Meu sítio

    FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
    If I die before I sleep, I pray the Lord my soul to encrypt.
    If I die before I wake, I pray the Lord my soul to brake.

  3. #3
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    Sure enough....

    Google

    Well... depending on how they are setup.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  4. #4
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Do you have switches or hubs?

    If you use switches "they" must "attack" the switch first to be able to sniff your network. So your switch logs would the first thing to check.

    I know there are also some programs out there that send specially crafted packets to detect sniffers if the sniffer runs in promiscuous mode. IIRC one is called Anti-sniffer.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  5. #5
    Senior Member
    Join Date
    Dec 2002
    Posts
    144
    ermm.. i'm just thinking.. i've learnt that i cannot sniff on a switched network.. but ppl say that u can use dsniff to sniff switched network.. it seems like there is not measures to prevent snifers.. so what can i do to detect a sniffer on my LAN?
    BlAcKiE
    GearBlitz

  6. #6
    King Tutorial-ankhamun
    Join Date
    Jul 2004
    Posts
    897
    If you are using switches you could run Arpwatch (http://www.securityfocus.com/tools/142 ) to see if anyone is ARPspoofing on your network My understanding is that there are tools that detect network cards on your network that are in promiscuous mode, but I have not tested them. One such tool is Neped, (http://www.securiteam.com/tools/2GUQ8QAQOU.html )I need to look for some others.

  7. #7
    Senior Member
    Join Date
    Apr 2004
    Posts
    1,130
    you can sniff a switched network just using a switch option usually called as "port copy". but you need to have access to switch conf to do that.

    on most companies that ive audited switch conf password = manufacturer name, like "cisco", "cabletron", etc --- very good admins there :P
    Meu sítio

    FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
    If I die before I sleep, I pray the Lord my soul to encrypt.
    If I die before I wake, I pray the Lord my soul to brake.

  8. #8
    Senior Member
    Join Date
    Dec 2002
    Posts
    144
    btw how do i use dsniff in windows?
    what do i put for the interface
    BlAcKiE
    GearBlitz

  9. #9
    King Tutorial-ankhamun
    Join Date
    Jul 2004
    Posts
    897
    I've only used it in linux. Check with these guys: http://www.datanerds.net/~mike/dsniff.html

  10. #10
    King Tutorial-ankhamun
    Join Date
    Jul 2004
    Posts
    897
    Ok, I did some more looking around, and it looks like you can use Ettercap-NG to find Slutty network cards. Here is the command:
    Code:
    ettercap -TP search_promisc // //
    You can also use another plugin to find ARP poisoners. Get the app from:

    http://ettercap.sourceforge.net/

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •