[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2199
  • Last Modified:

Help me detect packet sniffing on my DSL line

I downloaded Promiscan to detect this activity. Do you know any other packet sniffing detector? Shall I shut down windows and ZoneAlarm firewalls for it to work? Shall I be ethernet connected to the DSL/Cable router or wireless is fine?

Thanks for your help.
0
oscardelahoya
Asked:
oscardelahoya
  • 4
  • 3
  • 3
  • +1
2 Solutions
 
Farhan KaziSystems EngineerCommented:
Use Wireshark (formerly known as Ethereal) is a free software protocol analyzer, or "packet sniffer" application, used for network troubleshooting, analysis, software and protocol development, and education. It has all of the standard features of a protocol analyzer.

Download it from:
http://www.wireshark.org/download.html
0
 
oscardelahoyaAuthor Commented:
Looks good. From the data gathered by Wireshark, how do I know if I'm being sniffed? I'm not very good at networking.
0
 
TolomirAdministratorCommented:
Well I don't think that a packet sniffer will help you here.

A network card set to promiscuous mode is rather passiv. You packet sniffer is fully passive.

So both of you will not meet.

The named Promiscan does detection a bit more actively: It simply "asks" other network cards if they are in promiscuous mode. If it gets a positive answer it informs you.

Please do never disable your firewalls even for a tests (at least keep your DSL router's firewall active) you will be infected with some malware within a few minutes if your windows is not fully patched and/or a 0-day exploit is  launched to find it's targets.

Well such detections aren't easy, when you claim to be a beginner on this subject, I really see no way in detecting it yourself. I studied that subject and know how difficult the network stack is, with all of it's standards and features. Just the "simply" TCP/IP protocols take a lot of time to understand the ideas behind.

If you really want to get into this you must get common with the arp protocol:

See for details (1) Chapter 5

5. Basics of Promiscuous Node Detection

...packets are filtered differently when the NIC (network interface card) is set to promiscuous mode and to normal mode. When the NIC is set to promiscuous mode, packets that are supposed to be filtered by the NIC are now passed to the system kernel. By using this mechanism, we come up with a new way to detect promiscuous  mode: if we configure an ARP packet such that it does not have broadcast address as the destination address, send it to every node on the network and discover that some nodes respond to it, than those nodes are in promiscuous  mode.

See for details (2) and (3).

Btw. why don't you want to stick with Promiscan? There is a free non commercial version (4)


Tolomir

(1) http://www.securityfriday.com/promiscuous_detection_01.pdf

(2) RFC 826 - Ethernet Address Resolution Protocol: Or converting network protocol addresses to 48.bit Ethernet address for transmission on Ethernet hardware
http://www.faqs.org/rfcs/rfc826.html 

(3) RFC 2390 - Inverse Address Resolution Protocol
http://www.faqs.org/rfcs/rfc2390.html

(4) http://www.securityfriday.com/tools/promiscan_sla.html
0
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

 
justchat_1Commented:
I think theres a very important part of your question that needs to be addressed....packet sniffing your dsl line??

The only way to packet sniff an internet connection is from your house or from your ISPs routers so im kinda confused on what you are trying to protect yourself from.

As far as detecting packet sniffing (in general), anyone experienced will isolate their network card for receive only and there is no way to detect that.
0
 
oscardelahoyaAuthor Commented:
justchat_1,
If they know my IP address ( a static one) isn't it fairly easy for them to use tcpdump or other sniffer to get my emails, passwords and other email activity?
0
 
justchat_1Commented:
not at all...think of it like phones, its only possible to listen in if your plugged into another phone jack in the same house or if your listening from the phone company-you cant just listen in if you know a phone number
0
 
TolomirAdministratorCommented:
@justchat_1: good point!
0
 
oscardelahoyaAuthor Commented:
So packet sniffing is only possible on a local network (unless you place sniffing software on a target computer)?
0
 
TolomirAdministratorCommented:
yes

or on the way between your computer and the internet service provider.

E.g. someone is tapping your physical phoneline.

Tolomir
0
 
oscardelahoyaAuthor Commented:
A neighbor on my building that connects his cable modem to the same cable box as mine could sniff my connection with the standard setup?
0
 
justchat_1Commented:
No because they are isolated connections....each cable modem receives a unique internet connection stream that could not be tapped (at the cable line) without some pretty sophisticated equipment.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 4
  • 3
  • 3
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now