RE: A Solution for sniffing

For a network card to "Sniff" it must be in promiscuous mode, reading all packets coming in and not dumping those not addressed to it. Google the web for tools that can find network interface cards in promiscuous mode. I can think of only two legit reasons to be in that mode: some firewall/IDS's need that mode to pull in all packets, and someone sniffing the network with permission. Therefore, after you look and find a netcard in promiscuous mode, you can check the system files for WHY it is in that mode.

As far as hardware sniffers, Someone else will have to say it with authority. I think the technique that finds software driven promiscuous netcards works on hardware sniffers, but I may be wrong.

d. weiss
mcse/ccna/ssp2

-----Original Message-----

From: Bruce.Orcutt@alltel.com [mailto:Bruce.Orcutt@alltel.com] Sent: Tuesday, December 17, 2002 6:19 PM To: fadi@lebrocks.com; security-basics@securityfocus.com Subject: RE: A Solution for sniffing

As sniffing is a passive act, there is no way that you can detect the act itself, unless you have access to the machine that's doing the possible sniffing itself.

Perhaps one of the simplest ways to ensure sniffing is made much more difficult at the least is by switching from a hub type network to a switched network. In a switched environment, other users cannot see each others network streams, thus providing a layer of protection.

Of course, like all techniques, this can be gotten around by various additional techniques, but it does make life more difficult to would be sniffers. (ie: user installs a hub via an uplink port to switched segment, and connects target's system and a sniffing machine to the hub.)

-----Original Message-----

From: fadi@lebrocks.com [mailto:fadi@lebrocks.com] Sent: Tuesday, December 17, 2002 5:41 AM To: security-basics@securityfocus.com
Subject: A Solution for sniffing

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Hello Folks,
I think i am being sniffed by somone on my network, and i was wondering. is there an application to check wether i am being sniffed or not, and if i was, how can i fix that ?(like PGP for mail, what about other protocols)

P.S. : Running Linux Slackware 8.1 (if that would help)

cheers,
Fadi R. Khouja Received on Thu Dec 19 14:55:05 2002