detecting sniffers
hi ya
i was playing over the weekend ..
looking at various sniffer detectors to see what it finds
#
# Problem was to find any/all sniffers on the local subnet
# from the playing i did, they'd still remain hidden while sniffing
#
i was running some sniffers of various flavors on various machines
( debian, slackware, redhat - various versions )
tcpdump, ethereal, pfilt.pl, pl00000.pl (debian mailing list)
.. etc ..
pfilt.pl working the best and easiest to get running, which
recreates a human readable file of the sniffed incoming emails
- none of the ethernet cards was in promiscuous mode
and was still sniffable
some of the psuedo sniffer detectors i played with:
( most all of these didn't find any of the sniffers running )
cpm -- no *.deb
ifstat -- no *.deb
ifstatus2 -- no *.deb
kstat -- no *.deb
neped.c -- no *.deb, but works nicely
sentinel -- no *.deb
sniffdet -- no *.deb
urls for the above ...
http://www.linux-sec.net/Sniffer
c ya
alvin
*.deb apps i installed on the debian boxes
( i didnt play with wireless sniffing though )
apt-get install airsnort darkstat tcptrack
apt-get install vnstat tcpick tethereal
apt-get install sniffdet sniffit scapy prismstumbler nwatch
apt-get install ngrep nast kismet karpski hunt ettercap ettercap-gtk
apt-get install ethereal dsniff darkstat
.. end of apps ..
Reply to: