Home page logo
/

basics logo Security Basics mailing list archives

Re: Sniffing
From: Jimi Thompson <jimit () myrealbox com>
Date: Tue, 16 Dec 2003 22:49:14 -0600

While sniffing in and of itself is a "passive" technique it does tend to throw NIC's into promiscous mode and that can be scanned for. I know of several previous employers who scan their networks for nic in that mode on a regular basis. It is a practice I highly recommend. You'd be surprised what you can uncover that way.

2 cents,

Jimi

H Carvey wrote:

In-Reply-To: <B555CE4216275341AB6496922236D2B32A0A90 () mailserv3 uni glam ac uk>


2) Can Sniffing be detected using a Network Intrusion Detection System
and if yes then are there any Sniffing ways which are not detected by NDIS?

I'm not sure what you're referring to when you say "NDIS", but to answer the first part of your question, most NIDS are 
based on sniffing.  Since sniffing is a passive technique, using another sniffer to detect a sniffer is...well, I'll leave that one open...

With regards to detecting sniffing, you might want to check out AntiSniff:
http://www.securiteam.com/tools/AntiSniff_-_find_sniffers_on_your_local_network.html

On Windows systems, there's another way that may be quicker. Most of the freeware tools that provide sniffing functionality (Ethereal, Windump, Analyzer, etc) use the Winpcap libraries and driver. If you dump all of the device drivers on the system and find the Winpcap one running, then it's likely that a sniffer is involved.
HTH,

Harlan

---------------------------------------------------------------------------
----------------------------------------------------------------------------





---------------------------------------------------------------------------
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]