Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Is packet sniffing detectable?
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
geders
Tux's lil' helper
Tux's lil' helper


Joined: 19 Jun 2002
Posts: 76
Location: Purdue

PostPosted: Fri Nov 15, 2002 2:36 pm    Post subject: Is packet sniffing detectable? Reply with quote

Hello all. I am wanting to use something like "ethereal" packet capture program to monitor any connections to and from my machine, but I was wondering if this is detectable? Basically, my machine is hooked up at a university laboratory basically 24 hours a day, and I am concerned about security, but I don't want to piss the sysadmins off down here...we've got probably 60-80 SGI machines down here, and I don't want to raise any eyebrows...I'm assuming packet sniffing is purely passive, but want to make sure...
Back to top
View user's profile Send private message
Ethernal
Tux's lil' helper
Tux's lil' helper


Joined: 06 Nov 2002
Posts: 106
Location: Stockholm, Sweden

PostPosted: Fri Nov 15, 2002 2:48 pm    Post subject: Reply with quote

no, ethereal only logs traffic that passes through your box. so, no worries there. good luck! (sysadmins are always touchy about there networks) :roll:
_________________
Hmm.. Of course, these are MY opinions - likely to be just as flawed as anyone else's. Um, really, I guess you should assume everyone's speaking out of some external influence. Believe in whatever makes sense to you.
Back to top
View user's profile Send private message
RagManX
Apprentice
Apprentice


Joined: 13 Jul 2002
Posts: 220
Location: Tennessee

PostPosted: Fri Nov 15, 2002 2:49 pm    Post subject: Reply with quote

There are actually ways to detect sniffing, but they are very unreliable and give many false positives and false negatives. If you sniff in non-promiscuous mode (only sniff traffic destined to and originating from your machine) then it is pretty much impossible for that to be detected.

Having said that, there are better ways to watch your machine than ethereal. If you haven't ever spent time studying ethereal captures, you might be in for a bit of a surprise once the traffic starts rolling in. I would recommend installing something like snort instead (ebuild is available) and letting it watch for you.

RagManX
_________________
http://www.gamingideas.com/ - an open discussion site for game improvement and new game ideas
Back to top
View user's profile Send private message
geders
Tux's lil' helper
Tux's lil' helper


Joined: 19 Jun 2002
Posts: 76
Location: Purdue

PostPosted: Fri Nov 15, 2002 3:45 pm    Post subject: Reply with quote

Promiscuous mode is enabled by default...is that detectable?

I am wanting to get snort up and running, but it is a bit more involved...just need to find the time...
Back to top
View user's profile Send private message
klieber
Bodhisattva
Bodhisattva


Joined: 17 Apr 2002
Posts: 3657
Location: San Francisco, CA

PostPosted: Fri Nov 15, 2002 4:50 pm    Post subject: Reply with quote

Yes, sniffing is detectable, but extremely difficult. Here's one method describing how to do it. Search google for others.

I wouldn't worry too much about being detected.

--kurt
_________________
The problem with political jokes is that they get elected
Back to top
View user's profile Send private message
pjp
Administrator
Administrator


Joined: 16 Apr 2002
Posts: 20506

PostPosted: Fri Nov 15, 2002 5:04 pm    Post subject: Reply with quote

You could always inform the Admins that your are sniffing your machine for security. If they are reasonable people, then they might not mind, and knowing about it before they find it would be helpful.
_________________
Quis separabit? Quo animo?
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum