| View previous topic :: View next topic |
| Author |
Message |
geders
Tux's lil' helper
Joined: 19 Jun 2002
Posts: 76
Location: Purdue
|
 Posted: Fri Nov 15, 2002 2:36 pm Post subject: Is packet sniffing detectable? |
 |
|
| Hello all. I am wanting to use something like "ethereal" packet capture program to monitor any connections to and from my machine, but I was wondering if this is detectable? Basically, my machine is hooked up at a university laboratory basically 24 hours a day, and I am concerned about security, but I don't want to piss the sysadmins off down here...we've got probably 60-80 SGI machines down here, and I don't want to raise any eyebrows...I'm assuming packet sniffing is purely passive, but want to make sure... |
|
| Back to top |
|
 |
Ethernal
Tux's lil' helper
Joined: 06 Nov 2002
Posts: 106
Location: Stockholm, Sweden
|
| Posted: Fri Nov 15, 2002 2:48 pm Post subject: |
|
|
no, ethereal only logs traffic that passes through your box. so, no worries there. good luck! (sysadmins are always touchy about there networks) 
_________________
Hmm.. Of course, these are MY opinions - likely to be just as flawed as anyone else's. Um, really, I guess you should assume everyone's speaking out of some external influence. Believe in whatever makes sense to you. |
|
| Back to top |
|
|
RagManX
Apprentice
Joined: 13 Jul 2002
Posts: 220
Location: Tennessee
|
| Posted: Fri Nov 15, 2002 2:49 pm Post subject: |
|
|
There are actually ways to detect sniffing, but they are very unreliable and give many false positives and false negatives. If you sniff in non-promiscuous mode (only sniff traffic destined to and originating from your machine) then it is pretty much impossible for that to be detected.
Having said that, there are better ways to watch your machine than ethereal. If you haven't ever spent time studying ethereal captures, you might be in for a bit of a surprise once the traffic starts rolling in. I would recommend installing something like snort instead (ebuild is available) and letting it watch for you.
RagManX
_________________
http://www.gamingideas.com/ - an open discussion site for game improvement and new game ideas |
|
| Back to top |
|
|
geders
Tux's lil' helper
Joined: 19 Jun 2002
Posts: 76
Location: Purdue
|
| Posted: Fri Nov 15, 2002 3:45 pm Post subject: |
|
|
Promiscuous mode is enabled by default...is that detectable?
I am wanting to get snort up and running, but it is a bit more involved...just need to find the time... |
|
| Back to top |
|
|
klieber
Bodhisattva
Joined: 17 Apr 2002
Posts: 3657
Location: San Francisco, CA
|
| Posted: Fri Nov 15, 2002 4:50 pm Post subject: |
|
|
Yes, sniffing is detectable, but extremely difficult. Here's one method describing how to do it. Search google for others.
I wouldn't worry too much about being detected.
--kurt
_________________
The problem with political jokes is that they get elected |
|
| Back to top |
|
|
pjp
Administrator
Joined: 16 Apr 2002
Posts: 20501
|
| Posted: Fri Nov 15, 2002 5:04 pm Post subject: |
|
|
You could always inform the Admins that your are sniffing your machine for security. If they are reasonable people, then they might not mind, and knowing about it before they find it would be helpful.
_________________
Quis separabit? Quo animo? |
|
| Back to top |
|
|
|
Networking & Security
