RE: Detecting Network Sniffers ???
From: Sutton, Nathan (nathan.sutton_at_hp.com)
Date: 05/26/04
- Previous message: defiance: "Re: IDS"
- Maybe in reply to: Jonny Boy: "Detecting Network Sniffers ???"
- Next in thread: Alvin Oga: "Re: Detecting Network Sniffers ???"
- Reply: Alvin Oga: "Re: Detecting Network Sniffers ???"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 26 May 2004 09:36:23 +1000 To: "Jonny Boy" <jonny@de21comp.net>, <security-basics@securityfocus.com>
Hi Jonny,
I am a network security person but not yet an expert in this field so
you may wish to seek clarification on my point below.
In sniffer must put the network card attached to the network in
promiscuous mode. The presence of a network card in promiscuous mode is
what you must be looking for. Some IDS's can actually detect this.
Have a look at
http://www.securiteam.com/unixfocus/Detecting_sniffers_on_your_network.h
tml
That will set you on the path to finding other ways of detecting
sniffers on you network.
Regards,
Nathan Sutton (cissp)
Security and Technology consultant
Global Delivery
Hewlett Packard Australia
-----Original Message-----
From: Jonny Boy [mailto:jonny@de21comp.net]
Sent: Saturday, 22 May 2004 3:08 PM
To: security-basics@securityfocus.com
Subject: Detecting Network Sniffers ???
Hello!
Can somebody guide me on detecting a sniffer on my network. can i still
detect a sniffer even if the computer running the sniffer has disabled
the
TCP/IP stack or decompiled it altogether from the kernel. can i somehow
go
onto the datalink layer and use 802.3 protocol to test for the presence
of
the sniffer.
Thankyou.
Jonny
------------------------------------------------------------------------
--- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
- Previous message: defiance: "Re: IDS"
- Maybe in reply to: Jonny Boy: "Detecting Network Sniffers ???"
- Next in thread: Alvin Oga: "Re: Detecting Network Sniffers ???"
- Reply: Alvin Oga: "Re: Detecting Network Sniffers ???"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
