Re: Detecting Network Sniffers ???

From: H Carvey (keydet89_at_yahoo.com)
Date: 05/28/04

  • Next message: Sean Michaelson: "Re: modifying configuration registrar inside cisco 2600 so as to change password"
    Date: 28 May 2004 14:00:39 -0000
    To: security-basics@securityfocus.com
    
    
    ('binary' encoding is not supported, stored as-is) In-Reply-To: <EDA6886713F7F94081284F78EEB0B1B026DC7F@arvexc01.asiapacific.cpqcorp.net>

    Yet another way to detect sniffers on your network, specifically on Windows systems, is to scan for the presence of the WinPcap driver. Most of the freely available sniffers (L0phtcrack4.0, Ethereal, etc) use this driver, and you can scan for it using WMI or SCM queries.

    >Can somebody guide me on detecting a sniffer on my network. can i still=20
    >detect a sniffer even if the computer running the sniffer has disabled
    >the=20
    >TCP/IP stack

    Just out of curiosity, how would someone be able to sniff if they disabled the TCP/IP stack? Are you saying that they'd capture all ethernet frames, and then parse those apart? If the IP stack is disabled (and not replaced), then how would the IP packets be parsed, or passed up to the application layer?

    Also, I think moreso that "decompiling the kernel", someone would be more likely to patch it.

    ---------------------------------------------------------------------------
    Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
    any course! All of our class sizes are guaranteed to be 10 students or less
    to facilitate one-on-one interaction with one of our expert instructors.
    Attend a course taught by an expert instructor with years of in-the-field
    pen testing experience in our state of the art hacking lab. Master the skills
    of an Ethical Hacker to better assess the security of your organization.
    Visit us at:
    http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    ----------------------------------------------------------------------------


  • Next message: Sean Michaelson: "Re: modifying configuration registrar inside cisco 2600 so as to change password"

    Relevant Pages

    • RE: Removing Local Admin Rights...
      ... Ethical Hacking at the InfoSec Institute. ... to facilitate one-on-one interaction with one of our expert instructors. ... Attend a course taught by an expert instructor with years of in-the-field ... pen testing experience in our state of the art hacking lab. ...
      (Security-Basics)
    • RE: Cisco CSA
      ... Ethical Hacking at the InfoSec Institute. ... to facilitate one-on-one interaction with one of our expert instructors. ... Attend a course taught by an expert instructor with years of in-the-field ... pen testing experience in our state of the art hacking lab. ...
      (Security-Basics)
    • RE: Minimum password requirements
      ... Ethical Hacking at the InfoSec Institute. ... to facilitate one-on-one interaction with one of our expert instructors. ... Attend a course taught by an expert instructor with years of in-the-field ... pen testing experience in our state of the art hacking lab. ...
      (Security-Basics)
    • Betr.: RE: fax software in the domain
      ... Ethical Hacking at the InfoSec Institute. ... to facilitate one-on-one interaction with one of our expert instructors. ... pen testing experience in our state of the art hacking lab. ... Attend a course taught by an expert instructor with years of in-the-field ...
      (Security-Basics)
    • RE: HIPAA_Compliance
      ... Ethical Hacking at the InfoSec Institute. ... to facilitate one-on-one interaction with one of our expert instructors. ... Attend a course taught by an expert instructor with years of in-the-field ... pen testing experience in our state of the art hacking lab. ...
      (Security-Basics)