Security Basics mailing list archives
RE: A Solution for sniffing
From: <David () cawdgw net>
Date: Thu, 19 Dec 2002 00:36:22 +0100
For a network card to "Sniff" it must be in promiscuous mode, reading all packets coming in and not dumping those not addressed to it. Google the web for tools that can find network interface cards in promiscuous mode. I can think of only two legit reasons to be in that mode: some firewall/IDS's need that mode to pull in all packets, and someone sniffing the network with permission. Therefore, after you look and find a netcard in promiscuous mode, you can check the system files for WHY it is in that mode. As far as hardware sniffers, Someone else will have to say it with authority. I think the technique that finds software driven promiscuous netcards works on hardware sniffers, but I may be wrong. d. weiss mcse/ccna/ssp2 -----Original Message----- From: Bruce.Orcutt () alltel com [mailto:Bruce.Orcutt () alltel com] Sent: Tuesday, December 17, 2002 6:19 PM To: fadi () lebrocks com; security-basics () securityfocus com Subject: RE: A Solution for sniffing As sniffing is a passive act, there is no way that you can detect the act itself, unless you have access to the machine that's doing the possible sniffing itself. Perhaps one of the simplest ways to ensure sniffing is made much more difficult at the least is by switching from a hub type network to a switched network. In a switched environment, other users cannot see each others network streams, thus providing a layer of protection. Of course, like all techniques, this can be gotten around by various additional techniques, but it does make life more difficult to would be sniffers. (ie: user installs a hub via an uplink port to switched segment, and connects target's system and a sniffing machine to the hub.) -----Original Message----- From: fadi () lebrocks com [mailto:fadi () lebrocks com] Sent: Tuesday, December 17, 2002 5:41 AM To: security-basics () securityfocus com Subject: A Solution for sniffing Hello Folks, I think i am being sniffed by somone on my network, and i was wondering. is there an application to check wether i am being sniffed or not, and if i was, how can i fix that ?(like PGP for mail, what about other protocols) P.S. : Running Linux Slackware 8.1 (if that would help) cheers, Fadi R. Khouja
Current thread:
- Re: Windows 2k Sniffer Detection, (continued)
- Re: Windows 2k Sniffer Detection Gene (Dec 20)
- Re: A Solution for sniffing Mattias Hedenskog (Dec 18)
- Re: A Solution for sniffing Sumit Dhar (Dec 18)
- Re: A Solution for sniffing Matti Haack (Dec 18)
- Re: A Solution for sniffing phani (Dec 18)
- Re: A Solution for sniffing Alberto Cozer (Dec 19)
- Re: A Solution for sniffing Peter Letford (Dec 19)
- Re: A Solution for sniffing Aydin Kocas (Dec 19)
- Re: A Solution for sniffing Joe H. (Dec 20)
- Re: A Solution for sniffing Aydin Kocas (Dec 19)
- RE: A Solution for sniffing Bruce.Orcutt (Dec 18)
- RE: A Solution for sniffing David (Dec 19)
- RE: A Solution for sniffing Jason Kohles (Dec 20)
- RE: A Solution for sniffing David (Dec 19)
- Re: A Solution for sniffing brien mac (Dec 18)
- RE: A Solution for sniffing herakel (Dec 18)
- RE: A Solution for sniffing Bruce.Orcutt (Dec 19)
- Re: A Solution for sniffing Shanon (Dec 20)
- RE: A Solution for sniffing wbjw (Dec 19)
- RE: A Solution for sniffing Jose Avila III (Dec 20)
- RE: A Solution for sniffing Jason Kohles (Dec 20)
- RE: A Solution for sniffing Jose Avila III (Dec 20)
- RE: A Solution for sniffing Anthony, Shayla (Dec 20)
- RE: A Solution for sniffing Chris Berry (Dec 20)
(Thread continues...)