Detecting network packet analyzers

Posted on 1999-01-28
Last Modified: 2010-03-18
So Ive got this rogue laptop thats running some crap OS like 95 who keeps jacking into misc. ethernet ports and running some comercial packet grabber like netxray, LANanalyzer, etc. (Im not sure if its happening but Ive heard rumors).

I know in order for an app like that to work it has to drop the NIC into "promiscuous mode" so that it will grab every packet that goes by.

So my question is.. Is there any way to detect if someone is really grabbing packets or not? Anyone know of some slick tool or software package to detect this?

thanks in advance
Question by:TMcSinly
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Accepted Solution

jeffa072897 earned 100 total points
ID: 1588256
In the last 8+ years I have not seen anything that will do this.
I doubt it is possible because of the way promiscuous mode works.
A system just watching the net would not have any reason to send packets back out.
You wouldn't get any where with broadcasts unless the system is configured to
answer them, which the only do normally when used for active troubleshooting.
As long as the traffic is valid and the hardware of the net is correct I don't
see any way to go about finding such a device. To for such a system to work
on the network it would have to function just like any other node even while
in promiscous mode.
The remotest idea I could suggest would presume that the person running the machine you want to find puts the machine on the network using an IP address that works and you
didn't give it out.
The you could write a script to single ping all the addresses on the network and log the
responding adresses. Compare the results to known issued addresses and you might
find the culprit. This is real shakey and may not work, but it could be something to try.


Author Comment

ID: 1588257
ok, thats what i though.... but I just wanted a second opinon

Featured Post

Create the perfect environment for any meeting

You might have a modern environment with all sorts of high-tech equipment, but what makes it worthwhile is how you seamlessly bring together the presentation with audio, video and lighting. The ATEN Control System provides integrated control and system automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
In a recent question ( here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…
In an interesting question ( here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question