Thread Tools Search this Thread
Special Forums IP Networking Ethereal
# 1  
Old 04-03-2002

One of the users on my network took my aside and showed me a program called ethereal that can sniff out packets on the network. He was able to re-build a packet stream and see pretty clearly what other users where looking at.

I am using a hub. If I use a switch will that stop ability to be able to view the packets?

How do i detect if some one is using such a program? (ehtereal, snort)
# 2  
Old 04-03-2002
Using a switched network will cut down on the amount of snooping that can be done, although it can still be possible under some circumstances. Also, you will still be able to snoop arp and other broadcast traffic. There is no way to detect these passive sniffers.
# 3  
Old 04-03-2002
If your network has controlled IP addresses and MAC addresses you can determine if a new device that is not authorized is on the network. This might help if you know that authorized users are not sniffing.... (based on trust and/or policy)... that depends on the size of your network under administration.

As PxT says, there is no way to know if a device is running a sniffer, except by looking at the device and seeing what software is installed and what processes are being executed.

Segmenting your traffic on a switch, as you suggest, helps, but if your device talks to devices outside the segment or across the switch, then the problem still exists... for example, when you talk to 'me' from your place, then people will be able to sniff from many points across the Internet.

If you need confidentiality, then I recommend you look at different cryptographic systems such as SSH, OpenSSH, SSLeay, PHP and a host of other cryptographic systems available to insure your traffic invisible to sniffers.
# 4  
Old 04-04-2002
Switched environments can still be sniffed via ARP poisoning, although in some cases it can cause a good amount of problems, so it's not failsafe.

It's not free, and I haven't tried it, but some tools like AntiSniff can detect interfaces in promiscuous mode on the network. It's worth a try if you want to watch for this on your network.
# 5  
Old 04-04-2002
As far as hackers go is the arp information that powerful or will a switch reduce data enough to make it pretty difficult?
# 6  
Old 04-04-2002
network Analyzing

What types of software do you suggent for network analyzing.

I am Larning Snort
and now use ethereal
and cheops

any other good ones.
# 7  
Old 04-06-2002
a way to check if some one is using an sniffer on your network, is by sending a broadcast to a diferent masc that your network have.
a normal network interface don't have to answer to this broadcast, but if is promiscuous mode... Smilie
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Solaris

Ethereal Solaris i386

Hello guys, I am trying to install ethereal in Solaris10 based on i386 system. But i can find only packet for sparc. Any idea? Thanks a lot! (2 Replies)
Discussion started by: @dagio
2 Replies

2. Solaris

ethereal problem

I have installed ethereal on solaris 10. however I can execute the ./ethereal using the root account. if tried to execute same from non-root users i am facing the following error. ethereal: The capture session could not be initiated (/dev/ce: Permission denied). Please check to make sure... (2 Replies)
Discussion started by: vishwanathhcl
2 Replies

3. Shell Programming and Scripting

tracing ethereal traces

Hi All........ i need a perl script that can trace the traces of the ethereal tool. PLZ help me out...............!!!!!!!!! (1 Reply)
Discussion started by: trupti_rinku
1 Replies

4. Shell Programming and Scripting

interfacing ethereal

Hi All; plz suggest me any perl script to get the ethereal messeges.To be more specific, i need to write a perl script that when an ethereal tool is started and captures any traces, can get that trace......... :) (0 Replies)
Discussion started by: trupti_rinku
0 Replies

5. AIX

Ethereal and AIX 5.3

Hi to all .... i must install ethereal-0.8.18-1 on aix system , for do some problems determination about network problems . I have a .bff file of ethereal but for resolve dependencies i need this two .bff package needed : freeware.gtk+.rte # Base Level Fileset... (1 Reply)
Discussion started by: BabylonRocker
1 Replies

6. UNIX for Dummies Questions & Answers

Ethereal installation on unix

Hi , Has any one installed ethereal on a unix machien ?? I m trying to install it on an hpux 11i machine and getting the following error * Summary of Analysis Phase: ERROR: Exclude ethereal.ethereal-RUN,r=0.10.11 ERROR: Exclude ... (0 Replies)
Discussion started by: binums
0 Replies

7. UNIX for Dummies Questions & Answers

Installing ethereal on red hat

Has anybody installed ethereal on red hat linux. If so how ?, ie a a step by step process. I 've been to but it says not to use the RPM's on the site. When I do attempt to install using binaries or RPM's the list of dependancies seems endless, ie it says I need x I try to install x and... (4 Replies)
Discussion started by: alien12
4 Replies

8. SCO

Ethereal problems on SCO OpenServer 5.0.7

I have installed the Ethereal package (ethereal-0.8.14.pkg) on a SCO Openserver 5.0.7. Installation went OK but when I try to start Ethereal I get error messages about "linking problems". I have studied the SCO Technical article 116949 but my filenames differ from article. Please help!! (1 Reply)
Discussion started by: bean2
1 Replies

9. SCO

Ethereal for SCO OpenServer 5.0.7???

Which version of Ethereal can I use for SCO OpenServer 5.0.7??? (0 Replies)
Discussion started by: bean2
0 Replies

10. IP Networking


Hi, I work with an interface which connects to a Switch company and pulls information from certain sockets. During the night, somehow disconnects and it is difficult to prove if it is the interface or the Switch company responsible. I had the suggestion to install sniffers to do some network... (2 Replies)
Discussion started by: giulianob
2 Replies
Login or Register to Ask a Question