Snort mailing list archives

RE: detecting a sniff application

From: Kevin Brown <Kevin.M.Brown () asu edu>
Date: Tue, 09 Jul 2002 12:56:26 -0700

If the application is a passive sniffer, then no.  Same reason that snort
can't be directly detected sniffing a network.  By actively scanning a
network you can find NICs that are in promisc mode, but that doesn't tell
you why (ethereal, tcpdump, snort, showeq, some other packet sniffer).

Now it might be able to detect someone intruding on the DSL connection.
Depends what they are doing and if snort has a rule for the behavior.

-----Original Message-----
From: Wissam Halawani
To: snort-users () lists sourceforge net
Sent: 7/9/02 12:47 PM
Subject: [Snort-users] detecting a sniff application

Hello,
 
is Snort capable of detecting a sniff application on a network, or an
Internet segment. 
Is it capable of detecting whether someone is intruding or sniffing a
DSL line for an internet user?

Current thread:

RE: detecting a sniff application Kevin Brown (Jul 09)
- <Possible follow-ups>
- detecting a sniff application Wissam Halawani (Jul 09)
  - RE: detecting a sniff application emil (needguide.com) (Jul 09)
  - Re: detecting a sniff application Ian Macdonald (Jul 10)
- RE: detecting a sniff application Hicks, John (Jul 09)
- RE: detecting a sniff application McCammon, Keith (Jul 09)
  - RE: detecting a sniff application Rob Hughes (Jul 10)