http://www.Linux-Sec.net Hardening-Tightening Security_Policy Hardening-HOWTO Linux Distros Distro Patches Kernel-Patches Dedicated Servers Firewalls DNS Servers Mail Servers Web Servers Turn-Off Daemons Tighten Inetd Services Top-10 Vulnerabilities Top-7 Security Mistakes Top-10 Vulnerabilities Top-20 Most Critical Vulnerability Top-10 Virus Scans/Attacks Stats Top-10 Attacks Hacked Servers One Minute Audits OpenPorts Audit AntiVirus - AntiSpam Anti-Spam Anti-Virus spam.wav Wireless [In]Security Sniffers Security Tools SSH_SSL Firewalls MailServer FileSystem VPN Port Scan Detectors IDS Tools LogFile Analysis Ethernet Monitoring Server Monitoring Tracking & Forensics Hackers Tools Audit Tools Port Scanners Hacking Tools DDOS Tools Sniffer Tools Spoof Tools Exploits & Vulnerbilities Wireless Wireless [In]Security Misc Statistics Linux/BSD Distros Links,Articles,WatchDogs Security Mailing Lists/FAQs Liability Insurance 1U Rackmount Chassis Custom-Chassis.com Linux-1U.net 1U-ITX.net ITX-Blades.net Small PC cases Mini-Box.net Wrap-Box.net Wrap-OS.net Wan-Sim.net Linux-Consulting.com Linux-CAE.net Linux-Sec.net Linux-Boot.net Linux-Backup.net Linux-Wireless.org Linux-Office.net Linux-Video.net Linux-VOIP.net Linux-Jobs.net Linux-Diff.net 1U-Raid5.net Linux-Howto.net Spam Reporting Free Linux CDs ISO9660.org Distro-CD.org Patch-CD.org Contact Linux is a registered trademark of Linus Torvalds More Linux Legalese

Sniffer Detectors Sniffers Linux-Sec.net/Sniffer Sniffer Scripts Linux-Sec.net/Sniffer/Scripts Sniffer.pl scripts Hunting for Sniffers ( Sniffer Detector ) Howto Check for local sniffers Check for Remote sniffers ( wireless, vpn, upstream isp, colo, ... ) Check for sniffers on the other side of the switch Check for ipv6 sniffers Check for "sniffer drivers" ( e.g. winpcap/libpcap ) used by the sniffers Search for any NIC card in promiscuous mode Search for sniffer apps: tcpdump, ethereal, ethapp, etc.. Search for hidden processes Search for rogue ( un-authorized ) machines Perform kernel tests Perform DNS tests Perform ARP tests Perform latency tests Perform icmp ( ping ) tests Sniffer Detectors SecuriTeam.com Find Sniffers on your LAN RobertGraham.com Sniffing FAQ - #2.5 PacketWatch.net Packet Sniffer Detetion w/ AntiSniffer ( local copy ) MegaGlobal.net AntiSniffer RootShell.be Sniffers Basics and Detection ( local copy ) Sniffer Detector Comparison Hack.gr la-samhna.de SniffDet.SourceForge.net SniffDet ICMP, arp, dns, latency tests IPv6 Sniffer Detectors La-Samhna.de ifstat - ipv6 capable Misc Sniffer Detectors SecurityFriday.com PromiScan ( windoze ) S0ftpj.org/tools AASniff.tgz - patching sniffer to hide itself S0ftPr0ject.org kstat ( SoftPJ.org ) Promiscuous Detectors Check for Promiscuous mode ifconfig -v | grep -i Promisc # Turn Off Promiscuous mode ifconfig eth0 -promisc CPM Check for network interfaces in Promiscuous Mode Ceritas ifstatus Triumf.ca ifstatus2.0.tar fi.Infn.it ifstatus-2.1.tar.gz ( local copy ) AntiSniff --> atstake.com --> symantec L0pht.com AntiSniff --> deadlink PacketStormSecurity.nl antisniff --> deadlink ./anti_sniffer -t -n 100 -f TCPSYN -1 -t 10.0.0.11 neped.c = Neped = NEtwork Promiscuous Ethernet Detector ( local copy ) gcc -o neped neped.c ./neped eth0 Apostols.org = dead links RootShell.com dead links SecuritTeam.com Neped PacketStormSecurity.org PacketStormSecuirty.nl Martnet.com RFXNetworks.com DSInet.org proscan.c promiscuous mode scanner S0ftpj.org ( local copy ) Sentinel remote promiscuous detection techniques PacketFactory.net Handels.gu.se Network Based Sniffer Detection ( local copy ) handels.gu.se pic of promiscuous mode Windoze-based Sniffer Detectors ProDetect promiscuous mode scanner SourceForge.net/projects/prodetect Boun.edu.tr ProDetect

Copyright © 2000	Linux-Consulting	All Rights Reserved.	Updated: Sat Feb 12 06:56:40 2005 PDT