[Snort-users] detecting a sniff application
secsnort at ...5528...
Wed Jul 10 07:16:01 EDT 2002
One way you might be able to do it is to watch DNS traffic. The assumption is that the snuffer has dns name resolution switched on. You look at the counts for all machines and the one with most dns traffic other than a dns server is probably sniffing. This would mean that you have a sensor between the sniffer and the dns server.
----- Original Message -----
From: Wissam Halawani
To: snort-users at lists.sourceforge.net
Sent: Tuesday, July 09, 2002 3:47 PM
Subject: [Snort-users] detecting a sniff application
is Snort capable of detecting a sniff application on a network, or an Internet segment.
Is it capable of detecting whether someone is intruding or sniffing a DSL line for an internet user?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users