Sniffers: what are they and how to protect

Discussion in 'other anti-malware software' started by Paul Wilders, Feb 27, 2002.

Thread Status:
Not open for further replies.
  1. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Read the full story here:

    http://online.securityfocus.com/infocus/1549
     
  2. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    Surely - surely - there's a simple, tiny program that can tell you if your adaptor's in promiscuous mode or not?
     
  3. UNICRON

    UNICRON Technical Expert

    Joined:
    Feb 14, 2002
    Posts:
    1,935
    Location:
    Nanaimo BC Canada
    http://www.securitysoftwaretech.com/antisniff/
     
  4. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    Very much appreciated, Unicron - but the tag of $350 is about as attractive as a (insert your own image of something antisocial happening) in a crowded elevator.

    Say, are you any good at detecting promiscuity?  Mwahahaha! :cool:
     
  5. javacool

    javacool BrightFort Moderator

    Joined:
    Feb 10, 2002
    Posts:
    3,997
    Brief synopsis for people:

    It shouldn't matter, in many cases, if the network is sent through "routers" as the data is ONLY sent to one computer, unlike "hubs" which simply "scream" out the data (i.e. it is broadcast to everyone).

    In the instance of a hub, a sniffer will work.

    In most cases, many of the sniffers will NOT work on routered networks (unless, of course, they exploit some sort of not-yet-discovered vulnerability in how routers work - or use certain types of spoofing techniques).

    On a side note, does anyone know of a tool to somehow discover if your network is on routers or on hubs or switches? (Given that many people do not have the physical access to the hardware, and *might* want to know such a thing.)
     
  6. UNICRON

    UNICRON Technical Expert

    Joined:
    Feb 14, 2002
    Posts:
    1,935
    Location:
    Nanaimo BC Canada
    well.....running a packet sniffer might give you some clues......

    http://www.ethereal.com

    PS a trace route normally will report all the routers between you and a target IP. Pay attention to the routers on your ISPs network.
     
  7. javacool

    javacool BrightFort Moderator

    Joined:
    Feb 10, 2002
    Posts:
    3,997
    I realize those are two good options - I was asking specficially for any programs that use some other method to determine if you are on a hubbed or routered network...(if there is any other way to determine such a thing)
     
  8. UNICRON

    UNICRON Technical Expert

    Joined:
    Feb 14, 2002
    Posts:
    1,935
    Location:
    Nanaimo BC Canada
    No packets not intended for your machine will reach you if a router is between you and other computers. I am unsure what network you are referring to. Is it an office network, or your ISP's network that your home computer is on? I would be amazed if your ISP has all its customers on a hub, that would be rather scary.

    So, it there is traffic not bound for you, then there are some computers not isolated from you by a router. Now most networks aren't a single tier system, and employ many routers and switches ect. That is what the trace may discover.

    Also MS systems generally anounce their arrival on  a network via netbios (port 139) so a sweep of that port over the network may bear fruit.

    if you are looking for a tool to analyze a network, there are many, but most are enterprise level tools and are expensive. There are fewer tools designed for smaller applications since in that environment said tools are of limited use.
     
  9. javacool

    javacool BrightFort Moderator

    Joined:
    Feb 10, 2002
    Posts:
    3,997

    Do you happen to have any suggestions on enterprise level tools? That's what I was aiming my question at...sorry if I wasn't specific enough.
     
Loading...
Thread Status:
Not open for further replies.