Security Basics mailing list archives
Re: Sniffing
From: Jimi Thompson <jimit () myrealbox com>
Date: Tue, 16 Dec 2003 22:49:14 -0600
While sniffing in and of itself is a "passive" technique it does tend to throw NIC's into promiscous mode and that can be scanned for. I know of several previous employers who scan their networks for nic in that mode on a regular basis. It is a practice I highly recommend. You'd be surprised what you can uncover that way.
2 cents, Jimi H Carvey wrote:
In-Reply-To: <B555CE4216275341AB6496922236D2B32A0A90 () mailserv3 uni glam ac uk>2) Can Sniffing be detected using a Network Intrusion Detection System and if yes then are there any Sniffing ways which are not detected by NDIS?I'm not sure what you're referring to when you say "NDIS", but to answer the first part of your question, most NIDS are based on sniffing. Since sniffing is a passive technique, using another sniffer to detect a sniffer is...well, I'll leave that one open... With regards to detecting sniffing, you might want to check out AntiSniff: http://www.securiteam.com/tools/AntiSniff_-_find_sniffers_on_your_local_network.htmlOn Windows systems, there's another way that may be quicker. Most of the freeware tools that provide sniffing functionality (Ethereal, Windump, Analyzer, etc) use the Winpcap libraries and driver. If you dump all of the device drivers on the system and find the Winpcap one running, then it's likely that a sniffer is involved.HTH, Harlan --------------------------------------------------------------------------- ----------------------------------------------------------------------------
--------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Sniffing Shah H (Comp) (Dec 15)
- Re: Sniffing Devilscrow Sr (Dec 15)
- RE: Sniffing Zachary Mutrux (Dec 16)
- <Possible follow-ups>
- RE: Sniffing Timothy Donahue (Dec 15)
- Re: Sniffing H Carvey (Dec 15)
- Re: Sniffing Jimi Thompson (Dec 17)