If you’re a network manager, chance are you’ve possessed a laptop with a packet sniffer or protocol analyzer on it. Just plug that bad boy into the corporate network and you can look at all the traffic that’s going across the wire.
I’m sure you’ve worn a white hat while using such a tool, but has the thought crossed your mind at some point that one of your admins could go rogue with such a tool and cause some real trouble for you?
I recently talked to Steve Shalita, vice president of marketing for NetScout, about this worry. Back in the fall of 2007, NetScout bought Network General, the maker of one of the original packet sniffers, named (what else) Sniffer.
Shalita said NetScout is releasing a new version of Sniffer called Sniffer Global which introduces a server-based authentication point for all Sniffer desktop installations. Through this central server, network managers can set policies for usage of Sniffer technology.
“You can limit how far they can go into the packet,” Shalita told me. “And you have the ability to, by user and with very granular detail, report on what that user has done out there on the network. The server is doing policy control and authorization of what they can do and reporting back to you.”
Sniffer Global isn’t a cure-all for potentially rogue packet sniffers on the network. It isn’t backwards compatible with older versions of Sniffer. So you’d have to update all the desktops that have Sniffer on them. That means you’d have to find the ones you don’t know about, too. And of course, Sniffer Global’s server won’t identify packet sniffers made by other vendors, either. Instead, Sniffer Global’s value is in establishing centralized control over sanctioned Sniffer PCs across the network.