# Detecting Packet Sniffers



## moroniccow

What is a good way to detect someone that is packet sniffing? Or is there a program that can catch them?

Thanks


----------



## johnwill

By definition, packet sniffing isn't leaving any trace. It's like trying to detect someone sniffing the air outside your house. :smile:


----------



## moroniccow

well ive seen programs about anti stiffing, antisniffer is one. but there has to be a way to check that... i heard of monitoring the dns lookups by other computers. and seeing which computers on the network are doing it the most. but i just dont know how to do that, so i would rather just find a program to help me..

Reason: im going to a technology forum and with a wireless network (unencrypted) i want to have a good idea who is packet sniffing on the network.


----------



## fwwizards

you're just paranoid! :winkgrin: 

back 2 the topic.No one can attached a sniffer in your
network unless he/she had access to your switches to 
configure what ports to be monitored or sniff.

if you're still in doubt you can monitor your ports,
which ever has tons of traffic there's no doubt that
something's going on to that interface/port.


----------



## moroniccow

well, im not talking about my wireless network, im talking about this wireless network that i will be using and i know of 2 people that are going to packet sniff, and out of 1200 i garuntee that more people will be doing it.

So to keep in mind of secruity id like your guys opninon on what i should/ can do to find out who is packet sniffing, ive already downloaded a prog to encrypt all my data.

Ive heard stories about passwords being hacked, stuff being messed with. I just dont want that to be me..

Thanks


----------



## cjessee

*Packet Sniffing*

Packet sniffing across a switched network is very difficult, and unless you are connecting to a high end switch, it is nearly impossible. If you are connecting on a hub, well, that's a different story all together. But for this to happen on a switched network (which is what the majority of the current networks are) then the sniffer would have to mirror the port in which all traffic was going out on. So he would mirror the port that is your uplink and then, and only then, would he be able to sniff... If he doesn't do that.. he will be sniffing his own butt so to speak.

Switched networks are very hard to sniff because of how they work, unless it is a network broadcast, he will not be able to just plug into the network and listen. Your friends might be blowing smoke up your tail.

Most "Home" networks or switches, do not have the management capability to mirror ports.

Use packet sniffers for the good of mankind, not the bad!


----------



## moroniccow

yeah well this network is not a switched network, and from what it sounds like its very easy, i dont know if i am going to sniff or not. I just want to, if there is anyway, to idenitfy the packet sniffers. So i know who is on the network, and who is sniffing, so i know if its safe or not.


----------



## cjessee

How do you know that it is very easy? Is this a "Secured" wireless network? Are you on a college network? You see, the very topology of the network may help your question get answered. I doubt that it is "very easy". A lot of guys like to talk tought about being able to "hack", but don't let them bother you... the guys who do it... don't talk about it... because they don't want to get caught. The guys who talk about it... wish they knew how to start doing it.


----------



## moroniccow

well it wasnt easy getting this info, but i know for a fact its unsecured hotel network, its only on 2 floors and people are going to shoot the wifi up the tower so everyone can get on the internet, because if you cant get internet up in your room its like 15 bucks a day for wired internet...


----------



## cjessee

Somebody is blowing smoke up your tail. "shoot wifi up the tower"?? hmm... too much imagination.


----------



## moroniccow

well i hope your right, so there isnt anyway to strenghten the wireless all the way up the tower? and if they do packet sniff on me, there is no way to catch them i take it..


----------



## cjessee

You can put your mind at ease. I doubt that they will be able to sniff you at all. Just talk.

I can't tell you how they would be able to use the tower as an antenne because I believe that is far beyond the scope of the forum. If they were to use it for personal gain it would be considered illegal. But I doubt very much that by them saying "shoot the wifi up the tower" that they have the capability of doing it.


----------



## whardman

But considering that it is a wireless network wouldn't they be able to pick up any wireless packet that is sent?



> Shoot the wifi up the tower


Just sounds as if someone is amplifying the wireless so that it has a longer range.


----------



## fwwizards

This dude wants to sniff wireless users activity maybe to get
some credit card info..back-off,get a real job!

Actually,you can sniff wireless network even those WEP/WPA
enabled APs.


----------



## moroniccow

fwwizards said:


> This dude wants to sniff wireless users activity maybe to get
> some credit card info..back-off,get a real job!
> 
> Actually,you can sniff wireless network even those WEP/WPA
> enabled APs.


no, im not, im wondering if it is able to CATCH the people that are sniffing packets. i will not be sniffing myself.... i just wanna know if anyone is accually going to do it.

Plus im not the type of guy that will do idenity fraud or steal credit cards, passwords, etc...

i dont even illegally download music lol..


----------



## Squashman

Apparently none of you have heard of Ettercap.
http://ettercap.sourceforge.net/

Check out the Anti Sniff toolbox. They also have a promiscous mode detector.


----------



## johnwill

fwwizards said:


> Actually,you can sniff wireless network even those WEP/WPA enabled APs.


While you can see the encrypted packets, on a properly keyed WPA network, you won't be reading any data.


----------



## moroniccow

Squashman said:


> Apparently none of you have heard of Ettercap.
> http://ettercap.sourceforge.net/
> 
> Check out the Anti Sniff toolbox. They also have a promiscous mode detector.



is that a sniffer or a program to see who is sniffing.


----------



## whardman

Ettercap is a Sniffing Program. Antisniff Toolbox is a program (or set of programs) that allow you to see who is sniffing on the network.


----------



## moroniccow

where is this antisniff toolbox.... i never say it on the ettercap website.. could you link me if possible?


----------



## whardman

google "antisniff tolbox" it is not on the same web site.


----------



## moroniccow

i cant find where to download it.... do you have a link where to download it?


----------



## whardman

Its 'anti sniff' not 'antisniff'. That was my mistake. 

http://webteca.altervista.org/AntiSniffToolbox.htm This is the website that has the descriptions. Once you find which you want to download this is where to download it. http://webteca.altervista.org/download.php You will have to match up the abbreviations.


----------



## johnwill

I'll say it again. You can't detect passive sniffing, because there's nothing to detect. While you may find a NIC in promiscuous mode, that doesn't necessarily indicate someone sniffing the network.


----------



## moroniccow

alright i d/led it thanks


----------



## Squashman

What are the odds of a Network Card being in Promiscious and not sniffing. People just don't do that by mistake. Most people wouldn't even know how to do it.


----------

