How to discover and prevent Sniffer

How to find a Sniffer in the Network
One simple answer is that you cannot find it. Because they leave no trace at all.
Because sniffer is so arrogant and quiet, it is difficult to explain how to know if there is any sniffer. It is a convincing reason to prove that your network has two sniffer types:
Packet Loss Rate of network communication is abnormally high.
Through some network software, we can see that the information package transfer is not sniffer), the command like ping will tell you the packet of a fraction. If there is a Listen in the network, the information package cannot be transmitted smoothly to the destination every time. This is because sniffer intercepts each packet)
Abnormal network bandwidth.
Some bandwidth controllers are usually carried by firewalls). You can see the current network bandwidth distribution in real time. If a machine occupies a large bandwidth for a long time, this machine may be listening. In non-high-speed channels, such as 56Kddn, if there is sniffer in the network, you should be able to detect changes in network communication speed.
Another way is to look at all the programs currently running on the computer. But this is usually not reliable, but you can control which program can run on your computer.
Run the following command in Unix: ps-aux or: ps-augx. This command lists all current processes, the users who start these processes, their CPU usage time, memory usage, and so on.
In Windows, press Ctrl + Alt + Del to check the task list. However, Sniffer with high programming skills won't appear here even if it is running.
Another method is to search for suspicious files in the system. However, intruders may use their own programs, which may cause great difficulties in discovering sniffer.
There are also many tools that can be used to see if your system will be in the miscellaneous mode. To check whether a Sniffer is running.
How to Prevent sniffer
For the powerful 'sensitiveness 'of the sniffer, we strive:
Detects and eliminates sniffer
Session Encryption
Hide the data so that the sniffer cannot discover it.
Encryption
What you are most concerned about is the transmission of sensitive data, such as user IDs or passwords. Some data is not processed and can be obtained once it is sniffer. The solution to these problems is encryption.
We will introduce the following SSH, also known as Secure Shell. SSH is a protocol that provides Secure Communication in applications. It is built on the client/server model. The port allocated by the SSH server is 22. The connection is established by using an algorithm from RSA. After authorization is complete, the next communication data is encrypted using IDEA technology. This is usually strong and suitable for non-secret and non-classic communication.
SSH was later developed into F-SSH, providing high-level, military-level encryption of the communication process. It provides the most universal encryption for TCP/IP network communication. If a site uses a F-SSH, the user name and password are not very important. Currently, no one has broken through this encryption method. Even sniffer, the collected information will no longer be valuable. Of course, the most important thing is how to use it.
Both SSH and F-SSH have commercial or free software versions.
Other methods
Another option is to use a security topology. This sounds simple, but it costs a lot.
When we were young, we may have played an intelligent game, which usually consists of a series of numbers. The goal of the game is to arrange numbers and arrange them in descending order with the least steps. When dealing with network topologies, it's just like playing this game.
Such a topology requires such a rule: a network segment must have enough reason to trust another network segment. Network segments should be designed based on the trust relationship between your data, rather than the hardware needs.
Let's start to process this network topology. Let's take a look:
First: a network segment is composed of only computers that can trust each other. Usually they are in the same room or in the same office. For example, your financial information should be fixed at a certain node, just as your financial department is arranged in a location that is not frequently changed in the office area.
Note that each machine is connected to the Hub through a hard connection. The Hub is connected to the vswitch. Because the network segment is complete, packets can only be sniffer on this network segment. The remaining CIDR blocks cannot be sniffer.
All problems are attributed to trust. To communicate with other computers, a computer must trust that computer. As a system administrator, your job is to determine a way to minimize the trust relationship between computers. In this way, a framework is established to tell you when a sniffer is put, where it is put, who put it, and so on.
If your LAN is connected to the INTERNET, it is not enough to use a firewall. Intruders can scan behind a firewall and detect running services. What you need to care about is what an intruder can get when he enters the system. You must consider how long the trust relationship is. For example, assume that your WEB server trusts A computer. So how many computers are trusted by. How many computers are trusted by these computers? In the trust relationship, any previous computer on this computer may attack your computer and succeed. Your task is to ensure that once an Sniffer occurs, it is only valid for the minimum range.
Sniffer is often used by attackers to collect useful information after they intrude into the system. Therefore, Preventing System breakthroughs is critical. The system security administrator should conduct regular security tests on the managed networks to prevent security risks. At the same time, you must control the number of users with considerable permissions. Remember that many attacks often come from inside the network.