From owner-freebsd-questions  Mon Apr 12  7:34:54 1999
Delivered-To: freebsd-questions@freebsd.org
Received: from beloit.edu (beloit.edu [144.89.40.1])
	by hub.freebsd.org (Postfix) with ESMTP id 3B8751552A
	for <freebsd-questions@FreeBSD.ORG>; Mon, 12 Apr 1999 07:34:51 -0700 (PDT)
	(envelope-from noodene@beloit.edu)
Received: from nooden.beloit.edu ([144.89.40.89])
	by beloit.edu (8.9.0/8.9.0) with SMTP id JAA20446
	for <freebsd-questions@FreeBSD.ORG>; Mon, 12 Apr 1999 09:28:44 -0500
Message-Id: <4.1.19990412090921.009e0420@beloit.edu>
X-Sender: noodene@beloit.edu
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1 
Date: Mon, 12 Apr 1999 09:31:58 -0600
To: freebsd-questions@FreeBSD.ORG
From: "Eric S. Nooden" <noodene@beloit.edu>
Subject: Sniffers and Sniffer detection [General UNIX question]
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Hello all!

A question or two concerning sniffers and sniffer detection.

1.  Is it possible to detect if a sniffer is being used?  I know that the
MS Network Analyzer does detect when their product is being used but I am
more concerned with the UNIX side of the house.  If not, is there any
program that could determine whether or not the promiscuous mode is being
used on any NIC...sort of like using nmap to scan for it?

2.  Is it possible to install a sniffer, in a user account (with no root
access), and sniff the network and watch for passwords?

I do realize that anything is possible, but I would appreciate a more
specific answer and possibly some ways to protect against sniffers.  One
precaution to possibly take is to place the modem lines on 10/100 switches
and also the primary systems.  I would think that protects us a little bit
considering you can't sniff outside our collision domain (unless you had an
"agent" on another hub(s) ).

Please email me direct in addition to emailing FreeBSD-questions.

Thank you in advance!

Eric S. Nooden
Technical Service Manager,  ITS
noodene@beloit.edu


=================================================================
Eric S. Nooden (CET,MSC,MCP)	       		Information Technology Services
Technical Service Manager				Beloit College, Mayer Hall #207
Voice:  608.363.2458					Office hours:  0800-1700
Fax:  608.363.2100					http://www.inwave.com/~armyeric
=================================================================
Ah, life!  Be my wild mistress!!  - Dogbert


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message