Full Disclosure mailing list archives
RE: Caching a sniffer
From: David Vincent <david.vincent () mightyoaks com>
Date: Wed, 10 Mar 2004 20:51:08 -0800
How can i know if there a sniffer running in my network?
if you're lucky, they are stupid and are using microsoft's network monitor. Tools --> Identify Network Monitor Users http://www.comptechdoc.org/os/windows/ntserverguide/ntsnetmon.html ----- http://www.microsoft.com/windows2000/techinfo/reskit/en-us/default.asp?url=/ WINDOWS2000/techinfo/reskit/en-us/core/fneg_net_zrgm.asp?frame=true&hidetoc= true ... For security reasons, Windows 2000 Network Monitor captures only those frames, including broadcast and multicast frames, sent to or from the local computer. Network Monitor also displays overall network segment statistics for broadcast frames, multicast frames, network utilization, total bytes received per second, and total frames received per second. In addition, to help protect your network from unauthorized use of Network Monitor installations, Network Monitor can detect other installations of Network Monitor that are running on the local segment of your network. Network Monitor also detects all instances of the Network Monitor driver being used remotely (by either Network Monitor from Systems Management Server or the Network Segment object in System Monitor) to capture data on your network. When Network Monitor detects other Network Monitor installations running on the network, it displays the following information: * The name of the computer * The name of the user logged on at the computer * The state of Network Monitor on the remote computer (running, capturing, or transmitting) * The adapter address of the remote computer * The version number of Network Monitor on the remote computer In some instances, your network architecture might prevent one installation of Network Monitor from detecting another. For example, if an installation is separated from yours by a router that does not forward multicasts, your installation cannot detect that installation. ... ----- but I digress. a quick google: http://www.packet-sniffer.co.uk/content/detect/ - the king! http://www.gfi.com/news/en/lansniffer.htm http://www.linux4biz.net/articles/articlesniff.htm -d _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Caching a sniffer, (continued)
- Re: Caching a sniffer Simon Richter (Mar 11)
- Re: Caching a sniffer Kenton Smith (Mar 11)
- RE: Caching a sniffer Mike Fratto (Mar 11)
- RE: Caching a sniffer Kenton Smith (Mar 11)
- RE: Caching a sniffer David Bartholomew (Mar 11)
- Re: Caching a sniffer Simon Richter (Mar 12)
- RE: Caching a sniffer Justin Baldini (Mar 12)
- RE: Caching a sniffer Mike Fratto (Mar 11)
- Re: Caching a sniffer Cael Abal (Mar 10)
- Re: Caching a sniffer Lan Guy (Mar 11)
- RE: Caching a sniffer Dave Horsfall (Mar 11)