Information Source: ANYSIDE
A sniffer is a device, software, or hardware that can obtain any information transmitted over the network. The sniffer passes through
Set the network interface (Ethernet Interface) to the hybrid mode to capture the communication on the network. Hybrid mode can be used to enable the network
A workstation monitors all communications, not just their own.
Sniffer Tool
Linsniffer (http://agape.trilidun.org/hack/network-sniffers/linsniffer.c): Yes
A simple sniffer is designed to capture user names and passwords. Use linsniffer books to steal passwords and documents
Recording normal communication works very well, but it is not suitable for more detailed analysis.
Linux_sniffer (http://www.ryanspc.com/sniffers/linux_sniffer.c): provides a more detailed
And is easy to use.
Hunt (http://www.ryanspc.com/sniffers/hunt-1.3.tgz): the output is readable, less primitive
Data. Hunt supports the following functions: (1) allow you to specify the specific connection you are interested in, instead of listening to and recording all
Information; (2) ability to detect established connections; (3) provide deception tools; (4) intercept active calls.
Sniffit (http://reptile.rug.ac.be /~ Coder/sniffit/sniffit.html)
Monitors data packets of different ports on multiple hosts. Is a very good tool.
Security risks of Sniffers
Sniffers indicates a high level of risk: they can capture passwords and private or private information;
Break the security restrictions of adjacent networks or bypass access control.
Defends against Sniffer attacks
To capture an Sniffer, you must determine that any interfaces on the network work in the hybrid mode. Available
Ifconfig and ifstatus.
Ifconfig: A Configuration tool for configuring network interface parameters. It can quickly detect network interfaces of local hosts.
Whether the job is in the hybrid mode.
Ifstatus: checks all network interfaces on the system and reports any network interfaces in debug or hybrid mode.
Ifconfig and ifstatus are good tools for detecting sniffer on the local host,
In a large network, we need a tool to detect sniffer across subnets. One is to use
NEPED (http://metalab.unc.edu/pub/Linux/distributions/trinux/src/neped.c). NEPED
A Sniffer activity can be detected on a word network, but NETPED is limited by one: it only works in 2.0.36 and
Previous kernel.
Security methods to prevent Sniffer
Select the "good" (difficult to crack and guess) password, and modify it frequently; encrypted transmission is always used.
Conclusion: Sniffer brings considerable security risks mainly because it is difficult to detect. Defense Against Siffer
The best method is to only use a secure network topology and use high-strength encrypted transmission.