Detection of sniffers in an ethernet network

Zouheir Trabelsi, Hamza Rahmani

Research output: Chapter in Book/Report/Conference proceedingChapter

5 Citations (Scopus)

Abstract

On a local network, security is always taken into consideration. When plain text data is being sent onto the network, it can be easily stolen by any network user. Stealing data from the network is called sniffing. By sniffing the network, a user can gain access into confidential documents and cause intrusion into anyone's privacy. Many Ofreely distributed software on the Internet provides this functionality. Despite the easiness of sniffing, sniffers are usually difficult to detect, since they do not interfere with the network traffic at all. System administrators are facing difficulties to detect and deal with this type of attack. Several antisniffers programs can be used to detect sniffers. However, sniffers are becoming very advanced so that current antisniffers are unable to detect them. This paper explains a new technique used by SupCom AntiSniffer, a tool that can effectively scan sniffers on an Ethernet network. The proposed technique uses three phases to detect the sniffing hosts in an Ethernet network. In the first phase, the ARP caches of the sniffing hosts are corrupted. In the second phase, TCP SYN request connections packets are sent to each host in the network using fake IP and MAC source addresses. Finally, by analyzing the responses of the hosts, all hosts running sniffers are detected. Four anti-sniffers, PMD [18], PromiScan [17], LOpht AntiSniff [19] and SupCom anti-sniffer, are tested and the evaluation results show that SupCom AntiSniffer succeeded to detect more sniffing hosts than the other antisniffers.

Original languageEnglish
Title of host publicationLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
EditorsKan Zhang, Yuliang Zheng
PublisherSpringer Verlag
Pages170-182
Number of pages13
ISBN (Print)3540232087, 9783540232087
DOIs
Publication statusPublished - 2004
Externally publishedYes

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume3225
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)

Fingerprint

Dive into the research topics of 'Detection of sniffers in an ethernet network'. Together they form a unique fingerprint.

Cite this