Skip to main content
SpringerLink
Log in
Book cover

International Conference on Information Security

ISC 2004: Information Security pp 170–182Cite as

Detection of Sniffers in an Ethernet Network

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 3225))

Abstract

On a local network, security is always taken into consideration. When plain text data is being sent onto the network, it can be easily stolen by any network user. Stealing data from the network is called sniffing. By sniffing the network, a user can gain access into confidential documents and cause intrusion into anyone’s privacy. Many 0freely distributed software on the Internet provides this functionality. Despite the easiness of sniffing, sniffers are usually difficult to detect, since they do not interfere with the network traffic at all. System administrators are facing difficulties to detect and deal with this type of attack. Several antisniffers programs can be used to detect sniffers. However, sniffers are becoming very advanced so that current antisniffers are unable to detect them.

This paper explains a new technique used by SupCom AntiSniffer, a tool that can effectively scan sniffers on an Ethernet network. The proposed technique uses three phases to detect the sniffing hosts in an Ethernet network. In the first phase, the ARP caches of the sniffing hosts are corrupted. In the second phase, TCP SYN request connections packets are sent to each host in the network using fake IP and MAC source addresses. Finally, by analyzing the responses of the hosts, all hosts running sniffers are detected. Four anti-sniffers, PMD [18], PromiScan [17], L0pht AntiSniff [19] and SupCom anti-sniffer, are tested and the evaluation results show that SupCom AntiSniffer succeeded to detect more sniffing hosts than the other antisniffers.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Freedman, Pisani, Purves, Adhikari: Statistics, 2nd edn. W.W. Norton & Company, Inc.,New York (1991)

    Google Scholar 

  2. Grundshober, S.: Sniffer Detector Report., Global Security Analysis Lab. Zurich Research Laboratory, IBM Research Division (June 1998)

    Google Scholar 

  3. Hornig, C.: A Standard for the Transmission of IP Datagrams over Ethernet Networks, RFC-894, Symbolics Cambridge Research Center (April 1984)

    Google Scholar 

  4. Jacobson, V., Leres, C., Mc-Canne, S.: The Tcpdump Manual Page. Lawrence Berkley Laboratory

    Google Scholar 

  5. Postel, J.: Internet Protocol. RFC-791, USC/Information Science Institute (September 1981)

    Google Scholar 

  6. Postel, J.:Transmission Control Protocol . RFC-793, USC/Information Science Institute,September (1981)

    Google Scholar 

  7. Postel, J.:Internet Control Message Protocol . RFC-792, USC/Information Science Institute (September 1981)

    Google Scholar 

  8. Stevens, R.: TCP/IP Illustrated,vol. 1 (2001)

    Google Scholar 

  9. Security Software Inc.: Antisniff, Technical Report (2000), http://www.securitysoftwaretech.com

  10. Grundschober, S.: Sniffer Detector Report., Diploma Thesis, IBM Research Division, Zurich Research Laboratory, Global Security Analysis Lab. (June 1998)

    Google Scholar 

  11. Drury, J.: Sniffers: What are they and how to protect from them. November 11 (2000), http://www.sans.org/

  12. Wu, D., Wong, F.: Remote Sniffer Detection. Computer Science Division, University of California, Berkeley. December 14 (1998)

    Google Scholar 

  13. Sanai, D.: Detection of Promiscuous Nodes Using ARP Packets, http://www.securityfriday.com/

  14. Nmap Tools, http://securityfocus.com

  15. Zouheir, T., et al.: Malicious Sniffing Systems Detection Platform. In: The IEEE/IPSJ 2004 International Symposium on Applications and the Internet (SAINT2004), Tokyo, Japan, January 26-30 (2004)

    Google Scholar 

  16. PromiScan anti-sniffer: http://www.securityfriday.com

  17. PMD (Promiscuous Mode Detector): http://webteca.port5.com

  18. L0pht AntiSniff: http://www.l0pht.com/antisniff/

Download references

Author information

Authors and Affiliations

  1. Cité Technologique des Communications, The University of Tunisia The College of Telecommunications (SupCom), Route de Raoued Km 3,5, 2083, El Ghazala, Ariana, Tunisia

    Zouheir Trabelsi & Hamza Rahmani

Authors
  1. Zouheir Trabelsi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hamza Rahmani
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Institute of psychology, Chinese Academy of Sciences, 100101, Beijing, P.R. China

    Kan Zhang

  2. Department of Software & Information Systems, The University of North Carolina at Charlotte, 9201 University City Blvd, 28223-0001, Charlotte, NC, USA

    Yuliang Zheng

Rights and permissions

Reprints and permissions

Copyright information

© 2004 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Trabelsi, Z., Rahmani, H. (2004). Detection of Sniffers in an Ethernet Network. In: Zhang, K., Zheng, Y. (eds) Information Security. ISC 2004. Lecture Notes in Computer Science, vol 3225. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30144-8_15

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-30144-8_15

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-23208-7

  • Online ISBN: 978-3-540-30144-8

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation