• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 299
  • Last Modified:

Detecting network packet analyzers

So Ive got this rogue laptop thats running some crap OS like 95 who keeps jacking into misc. ethernet ports and running some comercial packet grabber like netxray, LANanalyzer, etc. (Im not sure if its happening but Ive heard rumors).

I know in order for an app like that to work it has to drop the NIC into "promiscuous mode" so that it will grab every packet that goes by.

So my question is.. Is there any way to detect if someone is really grabbing packets or not? Anyone know of some slick tool or software package to detect this?

thanks in advance
1 Solution
In the last 8+ years I have not seen anything that will do this.
I doubt it is possible because of the way promiscuous mode works.
A system just watching the net would not have any reason to send packets back out.
You wouldn't get any where with broadcasts unless the system is configured to
answer them, which the only do normally when used for active troubleshooting.
As long as the traffic is valid and the hardware of the net is correct I don't
see any way to go about finding such a device. To for such a system to work
on the network it would have to function just like any other node even while
in promiscous mode.
The remotest idea I could suggest would presume that the person running the machine you want to find puts the machine on the network using an IP address that works and you
didn't give it out.
The you could write a script to single ping all the addresses on the network and log the
responding adresses. Compare the results to known issued addresses and you might
find the culprit. This is real shakey and may not work, but it could be something to try.

TMcSinlyAuthor Commented:
ok, thats what i though.... but I just wanted a second opinon
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now