Solved

Detecting network packet analyzers

Posted on 1999-01-28
2
216 Views
Last Modified: 2010-03-18
So Ive got this rogue laptop thats running some crap OS like 95 who keeps jacking into misc. ethernet ports and running some comercial packet grabber like netxray, LANanalyzer, etc. (Im not sure if its happening but Ive heard rumors).

I know in order for an app like that to work it has to drop the NIC into "promiscuous mode" so that it will grab every packet that goes by.

So my question is.. Is there any way to detect if someone is really grabbing packets or not? Anyone know of some slick tool or software package to detect this?

thanks in advance
0
Comment
Question by:TMcSinly
2 Comments
 
LVL 2

Accepted Solution

by:
jeffa072897 earned 100 total points
ID: 1588256
In the last 8+ years I have not seen anything that will do this.
I doubt it is possible because of the way promiscuous mode works.
A system just watching the net would not have any reason to send packets back out.
You wouldn't get any where with broadcasts unless the system is configured to
answer them, which the only do normally when used for active troubleshooting.
As long as the traffic is valid and the hardware of the net is correct I don't
see any way to go about finding such a device. To for such a system to work
on the network it would have to function just like any other node even while
in promiscous mode.
The remotest idea I could suggest would presume that the person running the machine you want to find puts the machine on the network using an IP address that works and you
didn't give it out.
The you could write a script to single ping all the addresses on the network and log the
responding adresses. Compare the results to known issued addresses and you might
find the culprit. This is real shakey and may not work, but it could be something to try.

0
 

Author Comment

by:TMcSinly
ID: 1588257
ok, thats what i though.... but I just wanted a second opinon
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now