What is packet sniffing or promiscuous mode and why should I care?
If a computer on your network is packet sniffing or in promiscuous mode, it is viewing all network traffic on its local network. It can see clear-text passwords, email, and file transfers. This information in the hands of an attacker can allow him or her to penetrate deeper into your network.
Network communication can be likened to large group of people standing together in a room and talking. When people talk to each other, others nearby have the ability to listen in. When computers communicate over networks, they normally only listen to communications destined to themselves. However, they also have the ability to enter promiscous mode, which allows them to listen to communications that are destined to other computers.
When an attacker successfully compromises a computer, they install what is known as a packet sniffer, a tool that puts the computer into promiscous mode, thus allowing them to monitor and record all network communications. The private information they gather, such as account names, passwords, credit cards, and even email, is then used to compromise other computers. This is how, from one weak computer in a computer network, many computers and the information they contain can be compromised. Up until now, it has been impossible for network administrators to remotely detect if computers were listening in on all network communications.
AntiSniff stops all this, by giving network administrators and information security professionals the ability to remotely detect computers that are packet sniffing, regardless of the operating system. AntiSniff works by running a number of non-intrusive tests, in a variety of fashions, which can determine whether or not a remote computer is listening in on all network communications. Now it is impossible for an attacker who is sniffing to hide.
Current network security tools, such as network scanners, work by probing machines for software that contains bugs or software that’s misconfigured. Intrusion Detection Systems (IDS), work by finding malicious signatures in network traffic. AntiSniff, on the other hand, is the first of it’s kind, it remotely detects the passive act of eavesdropping on network communications. It will even detect packet sniffers installed by a rogue insider who may have legitimate administrative access to a machine, but still should not be monitoring all network traffic.