Detecting WireShark and other sniffers in your wireless network?

342605 pts.
Tags:
Mobile Computing in 2010
Sniffer software
Sniffers
Wireshark
What's the best way to root out a promiscious sniffer like WireShark? Are there any specific packet types that it spits out I can search for? I'd love suggestions for specific anti-sniffing tools to help better lock down our network. Thanks

Answer Wiki

Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Discuss This Question: 3  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Kevin Beaver
    It's not easy but it's not impossible. I talk about this issue in this sample chapter of my book Hacking For Dummies.
    16,610 pointsBadges:
    report
  • ITKE
    [...] Detecting WireShark and other sniffers in your wireless network?, which was asked via e-mail and answered by [...]
    0 pointsBadges:
    report
  • Bitraptor
    It is not an easy task indeed. But i would definetly start out with Trafscrambler – Anti-sniffer/IDS Tool. I have made a presentation to large audience in a hacker event here in Brazil and proved to be one effective tool, not the definitive tool tough. Check some of its features: Features ◦Injection of packets with bogus data and with randomly selected bad TCP cksum or bad TCP sequences ◦Userland binary(tsctrl) for controlling trafscrambler NKE ◦SYN decoy – sends out number of SYN pkts before the original SYN pkt ◦TCP reset attack – sends out RST/FIN pkt with bad sequence ◦Pre-connection SYN – sends out SYN with wrong TCP-checksum ◦Post-connection SYN – sends out fake SYN after connection establishment ◦Zero Window – send out pkt with “0” window set download link http://en.roolz.org/files/soft/trafscrambler-0.2.tgz
    105 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following