Re: A Solution for sniffing

["Sumit Dhar" <ml_dhar () yahoo com>]

> I think i am being sniffed by somone on my network, and i was wondering.
is
> there an application to check wether i am being sniffed or not, and if i

There are applications like AntiSniff that seek to find out if someone on
the network is carrying out sniffing. But these cannot give you guaranteed
results. I played around a little with AntiSniff but the results were not
that great.

> From the tone of your mail, I am assuming it is a malicious user and not an
administrator with permissions who is performing this sniffing. If you are
using a hub then I dont think there is too much you can do. But if you are
using a switch, it is possible that the user might have to perform ARP
Spoofing. Try and detect cases of ARP Spoofing on the network. You can use
ARP Watch for that. If you have Snort running on the network, it too can
detect such cases.

Usually the sniffer will try and ARP Spoof the gateway. Hard code the MAC
address of the Gateway on your machine using the /etc/ethers file. Install
ARP Watch on your machine too.

> was, how can i fix that ?(like PGP for mail, what about other protocols)

Use encryption. HTTPS/SSL have the advantage of being very *HARD* to sniff.
Also if you are using hubs, it might be a good idea to switch to switches.
If you are interested, there is a brief document I had written on topic of
Sniffers that might be of use to you. It is available at
http://www.rootshell.be/~dhar/downloads/Sniffers.pdf

Hope this helps!!

With Regards,
Sumit Dhar
http://www.rootshell.be/~dhar