How to detect sniffer on lan

[Ardiana]

I know I am asking a bit complicated question, but I need urgent help here. In my office we are independent to choose the operating system on which we have to work. Some of my colleagues are working on Linux Ubuntu while some of them are on Windows. I notice that somehow my facebook password was leaked. This was weird. We are also using a lan messenger. I received a popup send by my own id. I think there is someone who is using a sniffer to collect login information on the network. Can I detect that.

[Sargam]

First of all it is quiet difficult to find sniffers. The tools which are designed to act as sniffer works quietly and are well known to protocol.They work like regular software which get green pass through security softwares. Also they generate relatively small amount of traffic which is hard to locate.

[Beckett]

Sniffing is a passive activity. So somehow it is a bit complicated to locate the person who is runing a sniffer on your network. It is not impossible but a bit complicated. You have to work over the gateway level to detect the same. There are some tools that simply scan your network to locate a file which act as sniffer. This term is used widely under security stuff. I had notice the same when last time my office colleague had got my Yahoo password. He installed a keylogger over the network.

This was a very tiny script but it well spreaded every where. Such people are quiet risk for privacy. If you are finding any of those stuff, you can ask your network admin to get a proper solution. Because if you download any third party script of application, your antivirus might block it due to lack of proper security certificate. This thing comes under Social Engineering which is a broader concept. For temporary support you can try Wireshark. This thing scan your network and monitor the activity. You can check the logs and easily locate suspicious computer. Sniffers are well designed to hide themselves from such monitoring software. I am too trying to locate something better to get rid of this sniffing thing.

[Chesnokov]

The best way to protect your information from sniffers is working under secure tunnel. I hope your newtork has enough resources for that. You can keep yourself protected through all this suspicious activity.

[Mei-Xiu]

Sniffer can only be detected by monitoring. There is no tool which is designed to give you a popup or alarm when someone is sniffing your information. There is a tool that I had used long before. It is called as EtherDetect Packet Sniffer. This is advance tool made for admins and security professional who looks for a better option to detect such thing. The tool is capable of capturing packets and TCP connections. It keeps a track of your network activity and provide you ample of information on the target computer. You can use the software to capture real time activity.

It works on number of network protocol and easy to use also. You have to learn about the software first before using it. It is not complicated to configure it, but somehow you have to check the logs. It will be a complicated tool for a beginner. There are tons of sniffing software available on net. I am sure some of the person in your office is using it and trying to capture data packet. Try to keep a close watch on other computer or on one who looks like using Backtrack Linux type operating system.

[Galbraith]

You can find that with one tool. But I am not sure about Linux PC. Install Pearl Echo on your network server. This is a employee monitoring software. When you install this it will generate a report of all newtork activities which consist of everything. So if you find a suspicious tool launched by anyone you can simply catch that guy.

[pOLiSH]

I found some solution on web. But before that you have to understand how sniffer works. In a lan a sniffer is the only machine which accept data from everyone even when it is not shared. To detect that find the ip address of suspicious computer. Ping it. If it gives response then there is a sniffer installed. This method is not quiet reliable, but it is the easiest way to detect a sniffer on your system. Second you have to locate some tools that can monitor ARP cache. That is a complicated thing. It is not easy to configure or find a tool which is quiet effective. Many linux system comes with tcpdump. This is the default network sniffer installed inside open source operating system.

A user can activate the same and start capturing your network data. Also ensure that there is no keylogger installed in your system. As you said you lost your password. A keylogger is a software that tracks each keystroke of your computer and generate a simple text file. It works silently in the background and can remain undetected by antivirus. You use software like Hijackthis to generate a log report of number of application running in your system.

[Kaufman]

The best way to avoid sniffing issue is using a encryption on network. Ask your adming to encrypt the network with some powerful encryption policy. This is make the sniffer useless and it will not work.

[Banadinovich]

There is only one tool that found which is a Anti Sniffer. It is called as Kitty-Litter The Anti-Sniffer 2.0. It is a light tool whose download size is just 1.1 MB. It is only available for Windows. The tool is quiet handy app. Install this in your system and your information will be blocked. No sniffer can simply scan or monitor your network to capture data packet.

It is considered as one of the most effective tool I found. It is free to use. You can keep the setup in your pen drive and use it where ever you want. I cannot find any other tool which can be a powerful anti sniffer. Somehow it is not easy to block sniffing completely. There are number of others means that can be used by people.

[jimmyhelu]

How to find out that a NIC is in promiscuous mode on a LAN? ... NMAP : There is an NSE script for nmap called sniffer-detect.

[JAMES_911]

How to find out that a NIC is in promiscuous mode on a LAN? ... NMAP : There is an NSE script for nmap called sniffer-detect.

There are also other things like NAST which detects other PC's in promiscuous mode by doing the ARP test. Also there is this PTOOL that does ARP and ICMP test and finally for windows systems, you can use Cain & Abel that can perform a promiscuous scan using many types of ARP tests. Hope that helps you out.