Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 294
  • Last Modified:

Detecting network packet analyzers

So Ive got this rogue laptop thats running some crap OS like 95 who keeps jacking into misc. ethernet ports and running some comercial packet grabber like netxray, LANanalyzer, etc. (Im not sure if its happening but Ive heard rumors).

I know in order for an app like that to work it has to drop the NIC into "promiscuous mode" so that it will grab every packet that goes by.

So my question is.. Is there any way to detect if someone is really grabbing packets or not? Anyone know of some slick tool or software package to detect this?

thanks in advance
0
TMcSinly
Asked:
TMcSinly
1 Solution
 
jeffa072897Commented:
In the last 8+ years I have not seen anything that will do this.
I doubt it is possible because of the way promiscuous mode works.
A system just watching the net would not have any reason to send packets back out.
You wouldn't get any where with broadcasts unless the system is configured to
answer them, which the only do normally when used for active troubleshooting.
As long as the traffic is valid and the hardware of the net is correct I don't
see any way to go about finding such a device. To for such a system to work
on the network it would have to function just like any other node even while
in promiscous mode.
The remotest idea I could suggest would presume that the person running the machine you want to find puts the machine on the network using an IP address that works and you
didn't give it out.
The you could write a script to single ping all the addresses on the network and log the
responding adresses. Compare the results to known issued addresses and you might
find the culprit. This is real shakey and may not work, but it could be something to try.

0
 
TMcSinlyAuthor Commented:
ok, thats what i though.... but I just wanted a second opinon
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now