Security Basics mailing list archives
RE: Detecting Network Sniffers ???
From: "Sutton, Nathan" <nathan.sutton () hp com>
Date: Wed, 26 May 2004 09:36:23 +1000
Hi Jonny, I am a network security person but not yet an expert in this field so you may wish to seek clarification on my point below. In sniffer must put the network card attached to the network in promiscuous mode. The presence of a network card in promiscuous mode is what you must be looking for. Some IDS's can actually detect this. Have a look at http://www.securiteam.com/unixfocus/Detecting_sniffers_on_your_network.h tml That will set you on the path to finding other ways of detecting sniffers on you network. Regards, Nathan Sutton (cissp) Security and Technology consultant Global Delivery Hewlett Packard Australia -----Original Message----- From: Jonny Boy [mailto:jonny () de21comp net] Sent: Saturday, 22 May 2004 3:08 PM To: security-basics () securityfocus com Subject: Detecting Network Sniffers ??? Hello! Can somebody guide me on detecting a sniffer on my network. can i still detect a sniffer even if the computer running the sniffer has disabled the TCP/IP stack or decompiled it altogether from the kernel. can i somehow go onto the datalink layer and use 802.3 protocol to test for the presence of the sniffer. Thankyou. Jonny ------------------------------------------------------------------------ --- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- Detecting Network Sniffers ??? Jonny Boy (May 25)
- <Possible follow-ups>
- RE: Detecting Network Sniffers ??? Sutton, Nathan (May 26)
- Re: Detecting Network Sniffers ??? Alvin Oga (May 27)
- Re: Detecting Network Sniffers ??? H Carvey (May 28)
- RE: Detecting Network Sniffers ??? Amin Tora (May 31)