Re: Detect Network Sniffing



Try 2 in plain text format this time...

Shameless plug for an old program I wrote, windows only, needs
winpcap, hasn't been updated in 3 or more years:
http://myweb.cableone.net/xnih/download/sam.zip

It was actually designed to do OS fingerprinting by ARP packets,
though one of the side things I found was that I could detect systems
running in promiscous mode.

2 links I have in my notes for detecting systems in promiscous mode are here:
http://www.securityfriday.com/promiscuous_detection_01.pdf
http://www.nta-monitor.com/wiki/index.php/Arp-scan_User_Guide#Detecting_Promiscuous_Mode_Interfaces

Not sure if both are still good links and I'm too lazy to check right now.

So if you are on the same segment, by using ARP packets you can tell
if a system is in promisicous and can tell if it is windows or linux,
but as others have noted, this will only tell you about your current
network.

If there is a span port on the router or if your ISP is doing
something there really isn't any way you are going to be able to
detect this.

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------



Relevant Pages

  • RE: [Full-disclosure] anybody remember the name of this tool
    ... I have the Windows version of Ettercap 0.6.b installed and running, ... I also have Ettercap-NG running which sports a GUI, but needed WinPcap 3.1 beta 4 for that one I think. ...
    (Full-Disclosure)
  • WinPcap NPF.SYS Privilege Elevation Vulnerability
    ... WinPcap NPF.SYS Privilege Elevation Vulnerability PoC exploit ... Windows 2003 Server ... The exploit code is a PoC and was tested only against Windows XP SP2, ...
    (Bugtraq)
  • The Cleaner reports WinPCap contains WinRAT trojan
    ... Windows platform, allowing Windows users to do such ... along with the Developer Pack of WinPCap are all ... Remote Administration Toolkit) client/server trojan. ... Cleaner are reported as containing WinRAT. ...
    (Vuln-Dev)
  • Re: The Cleaner reports WinPCap contains WinRAT trojan
    ... I don't use WinPCap (or Windows much ... If WinPCap offers a hash checksum, use it to confirm you have downloaded ... If it's not, then the 'WinRAT', if it's there, is certainly ... /* Cleaner (a trojan AV product from MooSoft), ...
    (Vuln-Dev)
  • RE: The Cleaner reports WinPCap contains WinRAT trojan
    ... My first guess would be that one or more strings of code in WinPCap ... Pest Patrol even reports that Cygwin (a Windows ... The Cleaner reports WinPCap contains WinRAT trojan ... Cleaner (a trojan AV product from MooSoft), ...
    (Vuln-Dev)