Aside from pure defensive tactics, it is possible to be proactive and use detection techniques designed to locate any attempts to sniff and shut them down. These methods include the following:
- Look for systems running network cards in promiscuous mode. Under normal circumstances there is little reason for a network card to be in promiscuous mode, and as such all cards running in this mode should be investigated.
- Run an NIDS to detect telltale signs of sniffing and track it down.
- Tools such as HP’s Performance Insight can provide a way to view the network and identify unusual traffic.
1 Comment