Home page logo
/

basics logo Security Basics mailing list archives

Re: Sniffing
From: H Carvey <keydet89 () yahoo com>
Date: 15 Dec 2003 20:33:29 -0000

In-Reply-To: <B555CE4216275341AB6496922236D2B32A0A90 () mailserv3 uni glam ac uk>


2) Can Sniffing be detected using a Network Intrusion Detection System
and if yes then are there any Sniffing ways which are not detected by NDIS?

I'm not sure what you're referring to when you say "NDIS", but to answer the first part of your question, most NIDS are 
based on sniffing.  Since sniffing is a passive technique, using another sniffer to detect a sniffer is...well, I'll 
leave that one open...

With regards to detecting sniffing, you might want to check out AntiSniff:
http://www.securiteam.com/tools/AntiSniff_-_find_sniffers_on_your_local_network.html

On Windows systems, there's another way that may be quicker.  Most of the freeware tools that provide sniffing 
functionality (Ethereal, Windump, Analyzer, etc) use the Winpcap libraries and driver.  If you dump all of the device 
drivers on the system and find the Winpcap one running, then it's likely that a sniffer is involved.  

HTH,

Harlan

---------------------------------------------------------------------------
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]