[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

detecting sniffers

hi ya

i was playing over the weekend .. 
looking at various sniffer detectors to see what it finds

# Problem was to find any/all sniffers on the local subnet
# from the playing i did, they'd still remain hidden while sniffing

i was running some sniffers of various flavors on various machines
	( debian, slackware, redhat - various versions )
	tcpdump, ethereal, pfilt.pl, pl00000.pl (debian mailing list)
	.. etc ..

	pfilt.pl working the best and easiest to get running, which
	recreates a human readable file of the sniffed incoming emails

	- none of the ethernet cards was in promiscuous mode
	and was still sniffable

some of the psuedo sniffer detectors i played with:
( most all of these didn't find any of the sniffers running )
	cpm		-- no *.deb
	ifstat		-- no *.deb
	ifstatus2	-- no *.deb
	kstat		-- no *.deb
	neped.c		-- no *.deb, but works nicely
	sentinel	-- no *.deb
	sniffdet	-- no *.deb

urls for the above ...

c ya

*.deb apps i installed on the debian boxes
	( i didnt play with wireless sniffing though )
apt-get install airsnort darkstat tcptrack  
apt-get install vnstat  tcpick tethereal
apt-get install sniffdet sniffit  scapy  prismstumbler nwatch
apt-get install ngrep nast kismet karpski hunt ettercap ettercap-gtk
apt-get install ethereal dsniff darkstat
.. end of apps ..

Reply to: