Security Basics mailing list archives

RE: Detecting Network Sniffers ???

From: "Sutton, Nathan" <nathan.sutton () hp com>
Date: Wed, 26 May 2004 09:36:23 +1000

Hi Jonny,

I am a network security person but not yet an expert in this field so
you may wish to seek clarification on my point below.

In sniffer must put the network card attached to the network in
promiscuous mode. The presence of a network card in promiscuous mode is
what you must be looking for. Some IDS's can actually detect this.


Have a look at

http://www.securiteam.com/unixfocus/Detecting_sniffers_on_your_network.h
tml

That will set you on the path to finding other ways of detecting
sniffers on you network.

Regards,

Nathan Sutton (cissp)
Security and Technology consultant
Global Delivery
Hewlett Packard Australia

-----Original Message-----
From: Jonny Boy [mailto:jonny () de21comp net] 
Sent: Saturday, 22 May 2004 3:08 PM
To: security-basics () securityfocus com
Subject: Detecting Network Sniffers ???

Hello!

Can somebody guide me on detecting a sniffer on my network. can i still 
detect a sniffer even if the computer running the sniffer has disabled
the 
TCP/IP stack or decompiled it altogether from the kernel. can i somehow
go 
onto the datalink layer and use 802.3 protocol to test for the presence
of 
the sniffer.

Thankyou.

Jonny


------------------------------------------------------------------------
---
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545
off 
any course! All of our class sizes are guaranteed to be 10 students or
less 
to facilitate one-on-one interaction with one of our expert instructors.

Attend a course taught by an expert instructor with years of
in-the-field 
pen testing experience in our state of the art hacking lab. Master the
skills 
of an Ethical Hacker to better assess the security of your organization.

Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------
----




---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

Current thread:

Detecting Network Sniffers ??? Jonny Boy (May 25)
- <Possible follow-ups>
- RE: Detecting Network Sniffers ??? Sutton, Nathan (May 26)
  - Re: Detecting Network Sniffers ??? Alvin Oga (May 27)
- Re: Detecting Network Sniffers ??? H Carvey (May 28)
- RE: Detecting Network Sniffers ??? Amin Tora (May 31)