How to detect/avoid packet sniffer ?

Fujitsu Enterprise mat3073nc 73.5gb hard...
May 7, 2010 at 09:01:36
Specs: Linux i686, 256mb

How will I be able to know if someone runs packet sniffer on my ip in the lan. Is it possible to detect and avoid it?


See More: How to detect/avoid packet sniffer ?

Report •

May 7, 2010 at 09:48:04
packet sniffer takes, it does not give. No broadcast on the network = no detection.

Why the concern?

Report •

May 7, 2010 at 11:05:53
If it is WiFi you can not but you can avoid them by setting up collision domains. The easiest way to do this is using Switches instead of Hubs because switches separate all ports in separate collision domains because it learns the source ports and it writes it to an ARP table. The problem is there is ARP poisoning which can either change the port the switch will direct the packets to or it will wipe the table forcing a flood making the switch act like a hub until it relearns the ports. So the only solution to that it to use VLANs.

Report •

May 7, 2010 at 11:11:16
If someone is on the same vlan with a packet sniffer they can still read the packets

Report •

Related Solutions

May 7, 2010 at 11:31:35
True, there really is no way to stop it 100% just minimize the impact. Truth of the matter is if some one has physical access to your systems there is very little you can to prevent them from doing this.

You can look for rouge MAC address or computer names but if it is installed on one of your work stations as a hidden service then that will not work. If you keep an audit of the services running on your workstations and some kind of IDS that monitors the audit then you can catch some one trying to install a sniffer.

You could also use a sniffer your self to detect the number of floods are being initiated on your network and where from and try to be a white hat hacker to track them down but this is an after the fact.

Report •

May 13, 2010 at 02:22:08
I apologize for being late. Thank you for your help. I've got the idea. Plz allow me to inform Wanderer (first answere with a bit skeptical tone :-) ) that I suspect the hub in-charge of our local cable broadband use sniffer, not to administer the lan but to satiate himself. That's the concern of mine.... It's an infringment on privacy I believe.
Regards and thanx.

Report •

May 13, 2010 at 06:47:53
Astle you sure read a lot into a question :-)

Might want to consider ipsec and/or transfer encryption.

Report •

May 13, 2010 at 07:09:04
I suspect the hub in-charge of our local cable broadband use sniffer, not to administer the lan but to satiate himself.

I'm not exactly sure what you mean by "hub in-charge of our local cable broadband" but if you're referring to your provider I hate to break it to you but, they have every right in the world to monitor any/all traffic on it.

They own the network you're connecting to. Not the other way around. This not only gives them the right to monitor, but they pretty much have to by law.

What if you're doing something illegal (which I suspect you are or you wouldn't care) and the police come with a warrant. The ISP needs to be able to provide logs of your activity.

The same is true at work. You don't own the computer or the network at work (although many people seem to think they own it) so your company has every right to monitor all email and traffic.

Report •

May 13, 2010 at 08:46:31
"pretty much have to by law"

The law does not require them to but it has been a president that all ISPs follow. If a Goverment Agency requests, the ISP will give them the information they are looking for.

There are rights activist out there that are trying to get privacy laws written to protect privacy because right now the Government is required to get a Warrant before tapping your phone line but in the case of the Internet they are not required to. Same goes for WiFi. The only thing they can not do is monitor your LAN (Unless it is a WIFi LAN) or come in your house and take your computer without a Warrant.

So just don't do any thing bad.

Report •

May 13, 2010 at 09:50:29
So just don't do any thing bad.

Now that says it all!

I don't worry about logging or anything because I'm not doing anything anybody really cares about.

Technically, to get info from an ISP requires a warrant so there is protection for the private citizen. Wireless is inherently insecure (and that's one of the biggest reasons I don't use it) so all you can do with it is ensure you use the highest level of encryption on your wireless network possible. Don't forget to use a long, and complex encryption key as well.

The law does not require them to but it has been a president that all ISPs follow. I

Actually, ISP's intially started logging as a means to protect themselves. If someone tries to hack an ISP, this is how they track it. If it's a client, they cut them. I said, "pretty much have to by law" because while it isn't yet required by law, you can bet law enforcement agencies would prefer it were a law.

It's common practice and pretty much always has been for ISP's to log. So it makes a convenient way for police to get info on hackers and child pornographers as well.

They're not the only ones. Pretty much every business does as well. Most definitely businesses that have "appropriate use" policies do. They use the logging to enforce the policy. Again, they don't have people monitoring all activity all day, this isn't cost effective. If you've ever seen a log file from say an outbound connection (I have) you'd understand why they don't monitor real-time. But, if something comes up and an employee gets in trouble, they can easily access a complete log of every website that employee has visited as well as access that employee's email.

Report •

Ask Question