IDS mailing list archives
Re: Counter detect Network Sniffer
From: Chris Caydes <chris_caydes () yahoo com>
Date: Mon, 23 Feb 2004 14:05:25 -0800 (PST)
Hello Bill, In order to capture the entire traffic passing on a network segment, the sniffer needs to be put in promiscuous mode. One thing that should work to detect if a particular NIC is configured in promiscuous mode on your network segment is the following : - determine the IP address and associated MAC address of the suspected host, using ARP. - send IP traffic to that node using its legitimate IP address (for instance, ping) but forge the destination MAC address to a different value than that of the suspected node. - if the node responds to that traffic despite the MAC address being bogus, you can suspect the node to be in promiscuous mode. Note : if the target host runs a firewall, or if the segment is on a switch instead of a hub, the trick might not work. Disclaimer : I haven't tried this trick myself, i'm just assuming it would work. Also, I read a similar idea a long time ago, but don't remember where. Regards, Chris --- Bill Mok <billmok2002 () yahoo com hk> wrote:
Is there any method to detect one using sniffer, say ethereal, in the same network?
__________________________________ Do you Yahoo!? Yahoo! Mail SpamGuard - Read only the mail you want. http://antispam.yahoo.com/tools --------------------------------------------------------------------------- Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection Protect your network with the comprehensive security solution that integrates six applications for ease of use and lower TCO. Firewall - Virus protection - Spam protection - URL blocking - VPN - Wireless security. Download 30-day evaluation at: http://www.securityfocus.com/sponsor/Astaro_focus-ids_040219 ---------------------------------------------------------------------------
Current thread:
- Counter detect Network Sniffer Bill Mok (Feb 20)
- Re: Counter detect Network Sniffer Jochen Bartl (Feb 23)
- Re: Counter detect Network Sniffer M. Dodge Mumford (Feb 23)
- Message not available
- Re: Counter detect Network Sniffer M. Dodge Mumford (Feb 24)
- RE: Counter detect Network Sniffer Fergus Brooks (Feb 25)
- Message not available
- Re: Counter detect Network Sniffer Raistlin (Feb 23)
- RE: Counter detect Network Sniffer Poulsennet Securityfocus (Feb 23)
- 答复: Counter detect Network Sniffer Peng Xuena (Feb 25)
- Re: Counter detect Network Sniffer Mike Hoskins (Feb 23)
- Re: Counter detect Network Sniffer Chris Caydes (Feb 23)
- Re: Counter detect Network Sniffer gatekeeper (Feb 24)
- Re: Counter detect Network Sniffer Pablo Scherer (Feb 24)
- <Possible follow-ups>
- Re: Counter detect Network Sniffer Tace (Feb 23)
- RE: Counter detect Network Sniffer Micheal Thompson (Feb 24)