Developing a Sniffer Detector for Windows Operating Systems

Authors

  • Mumtaz AL-Mukhtar Information Engineering Faculty, Nahrain University
  • Yasir Ahmed Abdullah Information Engineering Faculty, Nahrain University

Keywords:

Sniffers, Promiscuous Mode, Address, Resolution Protocol, Anti-Sniffers

Abstract

This paper presents the design and implementation of a sniffer detector system which can be used to detect any host running a sniffer on an Ethernet network. The proposed detection system is based on two effective detection techniques: the ARP (Address Resolution Protocol) detection technique and the Three-way

Handshaking detection technique. The first technique, the ARP detection, attempts first to send trap ARP request packets with faked hardware addresses, to a

suspicious sniffing host. Then, based on the generated responses of the suspicious sniffing host, a decision is made on whether or not the suspicious host is running a sniffer. In case of no response the second technique, the Three-way Handshaking detection, is used to detect active sniffer which did not respond to the first technique by sending trap TCP-SYN packets with faked IP address, to a suspicious sniffing host. Based on the generated responses of the suspicious host, a decision is made on whether or not it is running a sniffer. The two techniques are implemented in a system that automatically gives the system administrator a helping hand regarding the detection of sniffers on an Ethernet network. The proposed system is tested in comparison with three other available anti-sniffers (L0pht AntiSniff, PromiScan, and PromiscDetect). The results showed its enhanced performance

Downloads

Download data is not yet available.

Downloads

Published

04-03-2008

How to Cite

[1]
M. AL-Mukhtar and Y. A. Abdullah, “Developing a Sniffer Detector for Windows Operating Systems”, NJES, vol. 11, no. 1, pp. 84–90, Mar. 2008, Accessed: Nov. 25, 2024. [Online]. Available: https://nahje.com/index.php/main/article/view/499