KBTAG: kben10000063
URL: http://www.securityportal.com/lskb/10000050/kben10000063.html
Date created: 17/07/2000
Date modified:
Date removed:
Authors(s): Kurt Seifried seifried@securityportal.com
Topic: Detecting packet sniffers
Keywords: Network
In theory most operating systems leave tell tale signs when packet sniffing (that is to say their network interfaces respond in certain, non standard ways to network traffic). If the attacker is not to savvy, or is using a compromised machine then chances are you can detect them. On the other hand if they are using a specially built cable, or induction ring there is no chance of detecting them unless you trace every physical piece of network cable and check what is plugged into it.
As mentioned before AntiSniff i a tool that probes network devices to try and see if they are running in promiscuous mode, as opposed to normal modes of operation. It is supposedly effective, and will work against most sniffers. You can get it from: http://www.l0pht.com/antisniff/.