|
-
September 21st, 2004, 02:35 PM
#1
Senior Member
Sniffing Detection
is there a way that i can detect someone is sniffing packets in my network?
-
September 21st, 2004, 02:37 PM
#2
if the sniffer machine is totally passive and never sends/replies a packet, no.
Meu sítio
FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
If I die before I sleep, I pray the Lord my soul to encrypt. If I die before I wake, I pray the Lord my soul to brake.
-
September 21st, 2004, 02:37 PM
#3
Sure enough....
Google
Well... depending on how they are setup.
Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.
-
September 21st, 2004, 02:42 PM
#4
Do you have switches or hubs?
If you use switches "they" must "attack" the switch first to be able to sniff your network. So your switch logs would the first thing to check.
I know there are also some programs out there that send specially crafted packets to detect sniffers if the sniffer runs in promiscuous mode. IIRC one is called Anti-sniffer.
Oliver's Law:
Experience is something you don't get until just after you need it.
-
September 21st, 2004, 02:47 PM
#5
Senior Member
ermm.. i'm just thinking.. i've learnt that i cannot sniff on a switched network.. but ppl say that u can use dsniff to sniff switched network.. it seems like there is not measures to prevent snifers.. so what can i do to detect a sniffer on my LAN?
-
September 21st, 2004, 03:10 PM
#6
If you are using switches you could run Arpwatch (http://www.securityfocus.com/tools/142 ) to see if anyone is ARPspoofing on your network My understanding is that there are tools that detect network cards on your network that are in promiscuous mode, but I have not tested them. One such tool is Neped, (http://www.securiteam.com/tools/2GUQ8QAQOU.html )I need to look for some others.
-
September 21st, 2004, 03:14 PM
#7
you can sniff a switched network just using a switch option usually called as "port copy". but you need to have access to switch conf to do that.
on most companies that ive audited switch conf password = manufacturer name, like "cisco", "cabletron", etc --- very good admins there :P
Meu sítio
FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
If I die before I sleep, I pray the Lord my soul to encrypt. If I die before I wake, I pray the Lord my soul to brake.
-
September 21st, 2004, 03:50 PM
#8
Senior Member
btw how do i use dsniff in windows?
what do i put for the interface
-
September 21st, 2004, 04:06 PM
#9
I've only used it in linux. Check with these guys: http://www.datanerds.net/~mike/dsniff.html
-
September 21st, 2004, 06:13 PM
#10
Ok, I did some more looking around, and it looks like you can use Ettercap-NG to find Slutty network cards. Here is the command:
Code:
ettercap -TP search_promisc // //
You can also use another plugin to find ARP poisoners. Get the app from:
http://ettercap.sourceforge.net/
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
