lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <6130FAF67D15D411BF7100E01899071F1DB59B@stork.mightyoaks.local>
From: david.vincent at mightyoaks.com (David Vincent)
Subject: Caching a sniffer

 
> How can i know if there a sniffer running in my network?

if you're lucky, they are stupid and are using microsoft's network monitor.
Tools --> Identify Network Monitor Users

http://www.comptechdoc.org/os/windows/ntserverguide/ntsnetmon.html

-----

http://www.microsoft.com/windows2000/techinfo/reskit/en-us/default.asp?url=/
WINDOWS2000/techinfo/reskit/en-us/core/fneg_net_zrgm.asp?frame=true&hidetoc=
true

...

For security reasons, Windows 2000 Network Monitor captures only those
frames, including broadcast and multicast frames, sent to or from the local
computer. Network Monitor also displays overall network segment statistics
for broadcast frames, multicast frames, network utilization, total bytes
received per second, and total frames received per second.

In addition, to help protect your network from unauthorized use of Network
Monitor installations, Network Monitor can detect other installations of
Network Monitor that are running on the local segment of your network.
Network Monitor also detects all instances of the Network Monitor driver
being used remotely (by either Network Monitor from Systems Management
Server or the Network Segment object in System Monitor) to capture data on
your network.

When Network Monitor detects other Network Monitor installations running on
the network, it displays the following information:

    * The name of the computer
    * The name of the user logged on at the computer
    * The state of Network Monitor on the remote computer (running,
capturing, or transmitting)
    * The adapter address of the remote computer
    * The version number of Network Monitor on the remote computer

In some instances, your network architecture might prevent one installation
of Network Monitor from detecting another. For example, if an installation
is separated from yours by a router that does not forward multicasts, your
installation cannot detect that installation.

...

-----

but I digress.  a quick google:

http://www.packet-sniffer.co.uk/content/detect/
- the king!

http://www.gfi.com/news/en/lansniffer.htm
http://www.linux4biz.net/articles/articlesniff.htm

-d

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ