An evaluation of network based sniffer detection; Sentinel

Abstract

Today, tools for sniffer detection have become a standard part of the security toolkit, used to protect computing assets from hostile attacks. The Open Source Network-based sniffer detection tool Sentinel, is commonly found in various security toolkits, and widely used by administrators. Under normal circumstances, Sentinel detects common non-standalone packet sniffers quite reliably. But, its reliability is still questionable. This due to the fact, that since the introduction of Network-based non-standalone sniffer detection, various counter methods have been suggested, to make sniffers impossible to detect. This research effort tries to evaluate the reliability of Network-based sniffer detection, regarding the various counter methods proposed. The research was conducted by standardized experiments conducted with Sentinel, and a survey examination among system administrators. The major findings of this research are that; Network-based sniffer detection, as it is generally conducted today, can not be considered very reliable. Therefore, sniffers should mainly be fought using prevention not detection.