> I think i am being sniffed by somone on my network, and i was wondering. is > there an application to check wether i am being sniffed or not, and if i
There are applications like AntiSniff that seek to find out if someone on the network is carrying out sniffing. But these cannot give you guaranteed results. I played around a little with AntiSniff but the results were not that great. >From the tone of your mail, I am assuming it is a malicious user and not an administrator with permissions who is performing this sniffing. If you are using a hub then I dont think there is too much you can do. But if you are using a switch, it is possible that the user might have to perform ARP Spoofing. Try and detect cases of ARP Spoofing on the network. You can use ARP Watch for that. If you have Snort running on the network, it too can detect such cases. Usually the sniffer will try and ARP Spoof the gateway. Hard code the MAC address of the Gateway on your machine using the /etc/ethers file. Install ARP Watch on your machine too. > was, how can i fix that ?(like PGP for mail, what about other protocols) Use encryption. HTTPS/SSL have the advantage of being very *HARD* to sniff. Also if you are using hubs, it might be a good idea to switch to switches. If you are interested, there is a brief document I had written on topic of Sniffers that might be of use to you. It is available at http://www.rootshell.be/~dhar/downloads/Sniffers.pdf Hope this helps!! With Regards, Sumit Dhar http://www.rootshell.be/~dhar
