Anyone knows how to stop sniffer?

Discussion in 'Networks' started by mintone, Jul 3, 2008.

  1. mintone

    mintone New Member

    6
    0
    11
    Hi guys,

    At my home there is a small network and we use Linksys router to get Internet service.
    One of my frineds use Cain and Abel sniffer and monitors network.
    He even knows what site I am browsing. :oops:This keeps me annoying. I want my own privacy.
    I don't want to use proxy as I am at home, not at workplace.
    Much appreciate your help!
     
    Certifications: Nothing
    WIP: MCSE
  2. onoski

    onoski Terabyte Poster

    3,120
    51
    154
    Download ZoneAlarm or Syngate free software firewall and problem solved. When the firewall software is up and running it would prompt you that someone or a program is trying to access your computer.

    Finally, the software would give you the option to accept or refuse the connection. Best wishes and lets know how you get on:)
     
    Certifications: MCSE: 2003, MCSA: 2003 Messaging, MCP, HNC BIT, ITIL Fdn V3, SDI Fdn, VCP 4 & VCP 5
    WIP: MCTS:70-236, PowerShell
  3. nugget
    Honorary Member

    nugget Junior toady

    7,796
    71
    224
    Having a firewall will not prevent his friend from sniffing the network traffic.

    I don't think there's any way around it except to have a discussion with your friend.
     
    Certifications: A+ | Network+ | Security+ | MCP (270,271,272,290,620) | MCDST | MCTS:Vista
    WIP: MCSA, 70-622,680,685
  4. mintone

    mintone New Member

    6
    0
    11
    Thank you for your advice.
    It's correct, Nugget. I googled about sniffing for many hours, still can't find a way to stop that.
    As far as I know, Sniffers don't request any info from my PC. They just interrupt my requested info
    to the router and copy it. They are passive. So firewalls are no use at all.
    If there is no solution, I tell him personally to stop what the hell he is doing.:twisted:

    If you suspect your are beging sniffed, just ping to your gate way. You'll see network time out
    temporarily for many times.
     
    Certifications: Nothing
    WIP: MCSE
  5. Fergal1982

    Fergal1982 Petabyte Poster

    4,196
    172
    211
    thats not exactly a reliable method of identifying that your network is being sniffed. If you work on that basis, you should really start breaking out the tin-foil hats!

    Are you using wireless or wired? You could always place a switch between the router, and your internal network, and have everyone physically plug into the switch. As I understand it, the switch will send packets only to the location required. The sniffers work by reading the packets that arrive at the machine they are running on (which the machine usually ignores), so a switch that only routes the traffic to the relevant channel will prevent this.
     
    Certifications: ITIL Foundation; MCTS: Visual Studio Team Foundation Server 2010, Administration
    WIP: None at present
  6. UKDarkstar
    Honorary Member

    UKDarkstar Terabyte Poster

    3,477
    121
    184
    Download Cain and Abel and sniff him back !

    See how he likes it ! :biggrin
     
    Certifications: BA (Hons), MBCS, CITP, MInstLM, ITIL v3 Fdn, PTLLS, CELTA
    WIP: CMALT (about to submit), DTLLS (on hold until 2012)
  7. Alex Wright

    Alex Wright Megabyte Poster

    501
    9
    57
    Agreed. A switch only broadcasts traffic that concerns a person's own machine.
     
    Certifications: 70-680 Configuring Windows 7
    WIP: 70-642
  8. Modey

    Modey Terabyte Poster

    2,397
    99
    154
    I don't think using a switch is going to help really. A decent network monitoring tool combined with a NIC that supports promiscuous mode should be able to see everything on a particular subnet (and I'm assuming there is only one in this case).

    As already stated, asking your friend to stop is the easiest way around this. The other way I would use would be to setup some type of VPN connection between your PC and the router itself. That may or may not be possible depending on the features of the router.
     
    Certifications: A+, N+, MCP, MCDST, MCSA 2K3, MCTS, MOS, MTA, MCT, MCITP:EDST7, MCSA W7, Citrix CCA, ITIL Foundation
    WIP: Nada
  9. Tinus1959

    Tinus1959 Gigabyte Poster

    1,539
    42
    106
    The only way I can think of is using a vlan to shield your connection from the rest of the network and that involves a switch.
     
    Certifications: See my signature
    WIP: MCSD, MCAD, CCNA, CCNP
  10. nugget
    Honorary Member

    nugget Junior toady

    7,796
    71
    224
    Another (not so nice) thing to try would be to run and ethernet flooding tool (or a ddos tool) and just leave it running the whole day(s). His logs will be so full and he'll spend so much time analysing so much data that he will either miss finding your traffic or shut down his sniffer program.:twisted:

    However, I don't really recommend this except for an absolute last resort.
     
    Certifications: A+ | Network+ | Security+ | MCP (270,271,272,290,620) | MCDST | MCTS:Vista
    WIP: MCSA, 70-622,680,685
  11. BosonMichael
    Honorary Member Highly Decorated Member Award 500 Likes Award

    BosonMichael Yottabyte Poster

    19,183
    500
    414
    Encrypted tunnel between you and the gateway? :p Sure, that's extreme... but... :twisted:
     
    Certifications: CISSP, MCSE+I, MCSE: Security, MCSE: Messaging, MCDST, MCDBA, MCTS, OCP, CCNP, CCDP, CCNA Security, CCNA Voice, CNE, SCSA, Security+, Linux+, Server+, Network+, A+
    WIP: Just about everything!
  12. Finkenstein

    Finkenstein Kilobyte Poster

    378
    3
    59
    May I suggest starting a fight club with that friend? :twisted:
     
    Certifications: MCP, Network+, CCENT, ITIL v3
    WIP: 640-822
  13. Fergal1982

    Fergal1982 Petabyte Poster

    4,196
    172
    211
    a large machete by your desk.

    if its not enough as a deterrent, use it to do some extreme hacking.... of their network cable
     
    Certifications: ITIL Foundation; MCTS: Visual Studio Team Foundation Server 2010, Administration
    WIP: None at present
  14. NightWalker

    NightWalker Gigabyte Poster

    1,172
    25
    92
    lol :p
     
    Certifications: A+, Network+, MCP, MCSA:M 2003, ITIL v3 Foundation
  15. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    To be honest, against a reasonably cautiously-executed sniff attack there is very little you can do - other than encrypt all your traffic. Even that won't really work, because if you're using the same local subnet as he/she is, then you'll have to use the DG to get out of your LAN. Tinus' solution is one possible way out, but implementing VLANs might be a bit tricky for you to do - especially since most cheap switches are unmanaged and won't have that functionality.

    A swift kick to the temple usually resolves 'problems' like these (script kiddies don't usually like physical violence!)

    Either that or get your own line, ISP and router (expensive, but then you control your own network)
     
    Certifications: A few
    WIP: None - f*** 'em
  16. Crito

    Crito Banned

    505
    14
    0
    You typically have to plug into a span/mirror port on a switch. But there are ways to confuse them (if you can change your MAC) and then they default back to "hub mode", repeating everything on every port.

    Anyways, if he were really clever he'd build a passive ethernet tap too, then you wouldn't be able to detect him at all. Only his own big mouth could get him into trouble. :oops:

    [​IMG]
     
    Certifications: A few
    WIP: none
  17. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    Yep - and with a decent switch you can monitor all VLANs via a judiciously configured mirror port - something not available on cat 2950s, as I found to my cost after purchasing one for that very purpose :(

    I think most switches nowadays - at least any worth their salt - have protection (or are configurable thus) that stops failopen attacks (MAC flooding) from being successful. This is usually based on either hardcoding MACs to specific ports, or using policy-based controls in the switch's O/S to administratively down a port after a set number of MACs have been learned through it.
    You mean like this? I never leave home without it :biggrin
     
    Certifications: A few
    WIP: None - f*** 'em
  18. r.h.lee

    r.h.lee Gigabyte Poster

    1,011
    52
    105
    Fergal1982,

    Then his friend would start sniffing that machete. :p
     
    Certifications: MCSE, MCP+I, MCP, CCNA, A+
    WIP: CCDA
  19. mintone

    mintone New Member

    6
    0
    11
    Woww! So much advice. To start a fight with my friend is the advice of the day:). No cost at all.
    I wonder if people can hack home network easily, using internet banking may not be reliable.
    Let say I rent a room and use i-banking at home, sombody monitor my activity get my password and username.The next step is he just need to steal second security locked device. That's all.
    Finally I realize that networking has so many things to learn.
     
    Certifications: Nothing
    WIP: MCSE
  20. Bluerinse
    Honorary Member

    Bluerinse Exabyte Poster

    8,878
    181
    256
    That is why banks and other financial organisations use HTTPS (S meaning secure) for their sites, so that all traffic between your computer and their end is 128 bit encrypted, this includes your authentication details of course.
     
    Certifications: C&G Electronics - MCSA (W2K) MCSE (W2K)

Share This Page

Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.