Re: Sniffing

[Jimi Thompson <jimit () myrealbox com>]

While sniffing in and of itself is a "passive" technique it does tend to 
throw NIC's into promiscous mode and that can be scanned for.  I know of 
several previous employers who scan their networks for nic in that mode 
on a regular basis.  It is a practice I highly recommend.  You'd be 
surprised what you can uncover that way.

2 cents,

Jimi

H Carvey wrote:

> In-Reply-To: <B555CE4216275341AB6496922236D2B32A0A90 () mailserv3 uni glam ac uk>
>
>
>  
>
> > 2) Can Sniffing be detected using a Network Intrusion Detection System
> > and if yes then are there any Sniffing ways which are not detected by NDIS?
> >    
>
> I'm not sure what you're referring to when you say "NDIS", but to answer the first part of your question, most NIDS are 
> based on sniffing.  Since sniffing is a passive technique, using another sniffer to detect a sniffer is...well, I'll leave that one open...
>
> With regards to detecting sniffing, you might want to check out AntiSniff:
> http://www.securiteam.com/tools/AntiSniff_-_find_sniffers_on_your_local_network.html
>
> On Windows systems, there's another way that may be quicker.  Most of the freeware tools that provide sniffing functionality (Ethereal, Windump, Analyzer, etc) use the Winpcap libraries and driver.  If you dump all of the device drivers on the system and find the Winpcap one running, then it's likely that a sniffer is involved.  
>
> HTH,
>
> Harlan
>
> ---------------------------------------------------------------------------
> ----------------------------------------------------------------------------
>
>
>
>  


---------------------------------------------------------------------------
----------------------------------------------------------------------------