This game is made with the Create With Code tutorials Unit 4! View all by dwu3 dwu3; Follow dwu3 Follow Following dwu3 Following; Add To Collection Collection; Create With Code Unit 4 David Wu. A downloadable game for Windows and macOS. More information. Status: Released: Platforms: Windows, macOS: Author: dwu3: Download. David Wu, DW Design 5349 Thayer Avenue, Alexandria, VA 22304 telephone +1 703-370-5229 email david.dwdesign@verizon.net Distribute literature about your company to all attendees of the awards dinner Reservation Deadline:Friday, November 2 Materials Deadline:Wednesday, November 7 This opportunity is limited to the first four (4) organizations.
Ethics
Ethics Case Studies
The SPJ Code of Ethics is voluntarily embraced by thousands of journalists, regardless of place or platform, and is widely used in newsrooms and classrooms as a guide for ethical behavior. The code is intended not as a set of 'rules' but as a resource for ethical decision-making. It is not — nor can it be under the First Amendment — legally enforceable.
For an expanded explanation, please follow this link.
Now available: Media Ethics: 5th Edition
Closely organized around SPJ's Code of Ethics, this updated edition uses real-life case studies to demonstrate how students and professionals in journalism and other communication disciplines identify and reason through ethical dilemmas.
Order now:
– Bookshop.org
– Amazon/Kindle
– IndieBound
– More
For journalism instructors and others interested in presenting ethical dilemmas for debate and discussion, SPJ has a useful resource. We've been collecting a number of case studies for use in workshops. The Ethics AdviceLine operated by the Chicago Headline Club and Loyola University also has provided a number of examples. There seems to be no shortage of ethical issues in journalism these days. Please feel free to use these examples in your classes, speeches, columns, workshops or other modes of communication.
Kobe Bryant's Past: A Tweet Too Soon?
On January 26, 2020, Kobe Bryant died at the age of 41 in a helicopter crash in the Los Angeles area. While the majority of social media praised Bryant after his death, within a few hours after the story broke, Felicia Sonmez, a reporter for The Washington Post, tweeted a link to an article from 2003 about the allegations of sexual assault against Bryant. The question: Is there a limit to truth-telling? How long (if at all) should a journalist wait after a person's death before resurfacing sensitive information about their past?
A controversial apology
After photographs of a speech and protests at Northwestern University appeared on the university's newspaper's website, some of the participants contacted the newspaper to complain. It became a 'firestorm,' — first from students who felt victimized, and then, after the newspaper apologized, from journalists and others who accused the newspaper of apologizing for simply doing its job. The question: Is an apology the appropriate response? Is there something else the student journalists should have done?
Using the ‘Holocaust' Metaphor
People for the Ethical Treatment of Animals, or PETA, is a nonprofit animal rights organization known for its controversial approach to communications and public relations. In 2003, PETA launched a new campaign, named 'Holocaust on Your Plate,' that compares the slaughter of animals for human use to the murder of 6 million Jews in WWII. The question: Is 'Holocaust on Your Plate' ethically wrong or a truthful comparison?
Aaargh! Pirates! (and the Press)
As collections of songs, studio recordings from an upcoming album or merely unreleased demos, are leaked online, these outlets cover the leak with a breaking story or a blog post. But they don't stop there. Rolling Stone and Billboard often also will include a link within the story to listen to the songs that were leaked. The question: If Billboard and Rolling Stone are essentially pointing readers in the right direction, to the leaked music, are they not aiding in helping the Internet community find the material and consume it?
Reigning on the Parade
Frank Whelan, a features writer who also wrote a history column for the Allentown, Pennsylvania, Morning Call, took part in a gay rights parade in June 2006 and stirred up a classic ethical dilemma. The situation raises any number of questions about what is and isn't a conflict of interest. The question: What should the 'consequences' be for Frank Whelan? Gachaness mac os.
Controversy over a Concert
Three former members of the Eagles rock band came to Denver during the 2004 election campaign to raise money for a U.S. Senate candidate, Democrat Ken Salazar. John Temple, editor and publisher of the Rocky Mountain News, advised his reporters not to go to the fundraising concerts. The question: Is it fair to ask newspaper staffers — or employees at other news media, for that matter — not to attend events that may have a political purpose? Are the rules different for different jobs at the news outlet?
Deep Throat, and His Motive
The Watergate story is considered perhaps American journalism's defining accomplishment. Two intrepid young reporters for The Washington Post, carefully verifying and expanding upon information given to them by sources they went to great lengths to protect, revealed brutally damaging information about one of the most powerful figures on Earth, the American president. The question: Is protecting a source more important than revealing all the relevant information about a news story?
When Sources Won't Talk
The SPJ Code of Ethics offers guidance on at least three aspects of this dilemma. 'Test the accuracy of information from all sources and exercise care to avoid inadvertent error.' One source was not sufficient in revealing this information. The question: How could the editors maintain credibility and remain fair to both sides yet find solid sources for a news tip with inflammatory allegations?
A Suspect 'Confession'
John Mark Karr, 41, was arrested in mid-August in Bangkok, Thailand, at the request of Colorado and U.S. officials. During questioning, he confessed to the murder of JonBenet Ramsey. Karr was arrested after Michael Tracey, a journalism professor at the University of Colorado, alerted authorities to information he had drawn from e-mails Karr had sent him over the past four years. The question: Do you break a confidence with your source if you think it can solve a murder — or protect children half a world away?
Who's the 'Predator'?
'To Catch a Predator,' the ratings-grabbing series on NBC's Dateline, appeared to catch on with the public. But it also raised serious ethical questions for journalists. The question: If your newspaper or television station were approached by Perverted Justice to participate in a 'sting' designed to identify real and potential perverts, should you go along, or say, 'No thanks'? Was NBC reporting the news or creating it?
The Media's Foul Ball
The Chicago Cubs in 2003 were five outs from advancing to the World Series for the first time since 1945 when a 26-year-old fan tried to grab a foul ball, preventing outfielder Moises Alou from catching it. The hapless fan's identity was unknown. But he became recognizable through televised replays as the young baby-faced man in glasses, a Cubs baseball cap and earphones who bobbled the ball and was blamed for costing the Cubs a trip to the World Series. The question: Given the potential danger to the man, should he be identified by the media?
Publishing Drunk Drivers' Photos
When readers of The Anderson News picked up the Dec. 31, 1997, issue of the newspaper, stripped across the top of the front page was a New Year's greeting and a warning. 'HAVE A HAPPY NEW YEAR,' the banner read. 'But please don't drink and drive and risk having your picture published.' Readers were referred to the editorial page where White explained that starting in January 1998 the newspaper would publish photographs of all persons convicted of drunken driving in Anderson County. The question: Is this an appropriate policy for a newspaper?
Naming Victims of Sex Crimes
On January 8, 2007, 13-year-old Ben Ownby disappeared while walking home from school in Beaufort, Missouri. A tip from a school friend led police on a frantic four-day search that ended unusually happily: the police discovered not only Ben, but another boy as well—15-year-old Shawn Hornbeck, who, four years earlier, had disappeared while riding his bike at the age of 11. Media scrutiny on Shawn's years of captivity became intense. The question: Question: Should children who are thought to be the victims of sexual abuse ever be named in the media? What should be done about the continued use of names of kidnap victims who are later found to be sexual assault victims? Should use of their names be discontinued at that point?
A Self-Serving Leak
San Francisco Chronicle reporters Mark Fainaru-Wada and Lance Williams were widely praised for their stories about sports figures involved with steroids. They turned their investigation into a very successful book, Game of Shadows. And they won the admiration of fellow journalists because they were willing to go to prison to protect the source who had leaked testimony to them from the grand jury investigating the BALCO sports-and-steroids. Their source, however, was not quite so noble. The question: Should the two reporters have continued to protect this key source even after he admitted to lying? Should they have promised confidentiality in the first place?
The Times and Jayson Blair
Jayson Blair advanced quickly during his tenure at The New York Times, where he was hired as a full-time staff writer after his internship there and others at The Boston Globe and The Washington Post. Even accusations of inaccuracy and a series of corrections to his reports on Washington, D.C.-area sniper attacks did not stop Blair from moving on to national coverage of the war in Iraq. But when suspicions arose over his reports on military families, an internal review found that he was fabricating material and communicating with editors from his Brooklyn apartment — or within the Times Trackless (itch) mac os. building — rather than from outside New York. The question: How does the Times investigate problems and correct policies that allowed the Blair scandal to happen?
Cooperating with the Government
It began on Jan. 18, 2005, and ended two weeks later after the longest prison standoff in recent U.S. history. The question: Should your media outlet go along with the state's request not to release the information?
Offensive Images
Caricatures of the Prophet Muhammad didn't cause much of a stir when they were first published in September 2005. But when they were republished in early 2006, after Muslim leaders called attention to the 12 images, it set off rioting throughout the Islamic world. Embassies were burned; people were killed. After the rioting and killing started, it was difficult to ignore the cartoons. Question: Do we publish the cartoons or not?
The Sting
Perverted-Justice.com is a Web site that can be very convenient for a reporter looking for a good story. But the tactic raises some ethical questions. The Web site scans Internet chat rooms looking for men who can be lured into sexually explicit conversations with invented underage correspondents. Perverted-Justice posts the men's pictures on its Web site. Is it ethically defensible to employ such a sting tactic? Should you buy into the agenda of an advocacy group — even if it's an agenda as worthy as this one?
A Media-Savvy Killer
Since his first murder in 1974, the 'BTK' killer — his own acronym, for 'bind, torture, kill' — has sent the Wichita Eagle four letters and one poem. How should a newspaper, or other media outlet, handle communications from someone who says he's guilty of multiple sensational crimes? And how much should it cooperate with law enforcement authorities?
A Congressman's Past
The (Portland) Oregonian learned that a Democratic member of the U.S. Congress, up for re-election to his fourth term, had been accused by an ex-girlfriend of a sexual assault some 28 years previously. But criminal charges never were filed, and neither the congressman, David Wu, nor his accuser wanted to discuss the case now, only weeks before the 2004 election. Question: Should The Oregonian publish this story?
Using this Process to Craft a Policy
It used to be that a reporter would absolutely NEVER let a source check out a story before it appeared. But there has been growing acceptance of the idea that it's more important to be accurate than to be independent. Do we let sources see what we're planning to write? And if we do, when?
CERTIFICATE
This is to certify that, Mr. KUNAL GOPAL THAKUR , Mr. VISHAL SHIRGUPPI ,Mr. JUSTIN FRANCIS and Ms. SHAZIA ALI have completed their project on PACKET SNIFFER satisfactorily in partial fulfillment under the department of Computer Engineering during academic year 2009-2010.
____________________________ Teacher In-Charge
ACKNOWLEDGEMENT
We would like to express our sincere thanks and gratitude to our guide Mr. Sunil Surve for his valuable guidance and suggestions. We are highly indebted to him for providing us an excellent opportunity to learn and present our studies in the form of this seminar report.
We take this opportunity to thank the members of the teaching and non-teaching staff of Fr.CRCE for the timely help extended by them.
Lastly thanking our parents, for their morale support and encouragement.
Kunal Gopal Thakur
Vishal Shirguppi
Justin Francis
Shazia Ali
ABSTRACT:
Packet sniffing is a technique of monitoring every packet that crosses the network. A packet sniffer is a piece of software or hardware that monitors all network traffic. The security threat presented by sniffers is their ability to capture all incoming and outgoing traffic, including clear-text passwords and usernames or other sensitive material. While packet sniffers can be fully passive, some aren't, therefore they can be detected. This paper discusses the different methods that Anti-Sniff uses to detect these sniffing programs.[------PACKET SNIFFER DETECTION WITH ANTI SNIFF]
Table of Contents 1.0 Introduction............................................................................1
2.0 What is a packet sniffer? .................................................................2
3.0 Uses of a packet sniffer..................................................................3
4.0Sniffing tool……………………………………………………………………………………..4
5.0 Sniffing methods .......................................................................5
5.1.1 IP-based sniffing ......................................................................5
5.1.2 MAC-based sniffing ...................................................................5
5.1.3 ARP-based sniffing....................................................................5
6.0 Anti sniff assumption....................................................................7
7.0 Anti-Sniff detection methods…………………………………………………………………….7
7.1 Mac Detection………………………………………………………………………………….7
7.1.1 Ethernet Network Interface Cards…………………………………………………………….8
7.1.2 TCP/IP on Ethernet ………………………………………………………………………….8
7.1.3 Implementation ……………………………….………………………………………………8
7.1.4 Results ……………………………………………………………………………………….9
7.2 DNS Detection………………………………………………………………………………….10
7.2.1 Exploit Sniffer Behavior………………………………………………………………………11
7.2.2 Implementation……………………………………………………………………………….12
7.2.3 Results ……………………………………………………………………………………….13
8.0 Conclusion……………………………………………………………………………………..14
9.0 References……………………………………………………………………………………..15
1.0 Introduction
Packet sniffing is a technique of monitoring every packet that crosses the network. A packet sniffer is a piece of software or hardware that monitors all network traffic. This is unlike standard network hosts that only receive traffic sent specifically to them. The security threat presented by sniffers is their ability to capture all incoming and outgoing traffic, including clear-text passwords and user names or other sensitive material. In theory, it's impossible to detect these sniffing tools because they are passive in nature, meaning that they only collect data. While they can be fully passive, some aren't therefore they can be detected. This paper discusses the different packet sniffing methods and explains how Anti-Sniff tries to detect these sniffing programs.
2. Working of packet sniffer:
A packet sniffer works by looking at every packet sent in the network, including packets not intended for itself. This is accomplished in a variety of ways. These sniffing methods will be described below. Sniffers also work differently depending on the type of network they are in
Shared Ethernet:
In a shared Ethernet environment, all hosts are connected to the same bus and compete with one another for bandwidth. In such an environment packets meant for one machine are received by all the other machines. Thus, any machine in such an environment placed in promiscuous mode will be able to capture packets meant for other machines and can therefore listen to all the traffic on the network.
Switched Ethernet:
An Ethernet environment in which the hosts are connected to a switch instead of a hub is called a Switched Ethernet. The switch maintains a table keeping track of each computer's MAC address and delivers packets destined for a particular machine to the port on which that machine is connected. The switch is an intelligent device that sends packets to the destined computer only and does not broadcast to all the machines on the network, as in the previous case. This switched Ethernet environment was intended for better network performance, but as an added benefit, a machine in promiscuous mode will not work here. As a result of this, most network administrators assume that sniffers don't work in a Switched Environment. [2]
3. Uses of Packet Sniffers
Sniffing programs are found in two forms. 1) Commercial packet sniffers are used to help maintain networks. 2) Underground packet sniffers are used by attackers to gain unauthorized access to remote hosts. Listed below are some common uses of sniffing programs:
Create With Code Unit 4 David Wu Mac Os X
• Searching for clear-text usernames and passwords from the network.• Conversion of network traffic into human readable form.
• Network analysis to find bottlenecks.
• Network intrusion detection to monitor for attackers.
Using a sniffer in an illegitimate way is considered a passive attack. It does not directly interface or connect to any other systems on the network. However, the computer that the sniffer is installed on could have been compromised using an active attack. The passive nature of sniffers is what makes detecting them so difficult. The following list describes a few reasons why intruders are using sniffers on the network: * Capturing clear-text usernames and passwords * Compromising proprietary information * Capturing and replaying Voice over IP telephone conversations * Mapping a network * Passive OS fingerprinting
Obviously, these are illegal uses of a sniffer, unless you are a penetration tester whose job it is to find these types of weaknesses and report them to an organization. For sniffing to occur, an intruder must first gain access to the communication cable of the systems that are of interest. This means being on the same shared network segment, or tapping into the cable somewhere between the paths of communications. If the intruder is not physically present at the target system or communications access point, there are still ways to sniff network traffic. These include: * Breaking into a target computer and installing remotely controlled sniffing software. * Breaking into a communications access point, such as an Internet Service Provider (ISP) and installing sniffing software. * Locating/finding a system at the ISP that already has sniffing software installed. * Using social engineering to gain physical access at an ISP to install a packet sniffer. * Having an insider accomplice at the target computer organization or the ISP install the sniffer. * Redirecting communications to take a path that includes the intruder's computer.
4. Sniffing Tools * tcpdump: Tcpdump is a powerful tool that allows us to sniff network packets and make some statistical analysis out of those dumps. One major drawback to tcpdump is the size of the flat file containing the text output. But tcpdump allows us to precisely see all the traffic and enables us to create statistical monitoring scripts.[3] * sniffit: Robust packet sniffer with good filtering. [3] * Ethereal: A free network protocol analyzer for UNIX and Windows. It allows you to examine data from a live network or from a capture file on disk.[3] * Hunt: The main goal of the HUNT project is to develop tools for exploiting well-known weaknesses in the TCP/IP protocol suite. [3] * Dsniff: Dsniff is a collection of tools for network auditing and penetration testing. dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively monitor a network for interesting data (passwords, e-mail, files, etc.). arpspoof, dnsspoof, and macof facilitate the interception of network traffic normally unavailable to an attacker (e.g, due to layer-2 switching). sshmitm and webmitm implement active monkey-in-the-middle attacks against redirected SSH and HTTPS sessions by exploiting weak bindings in ad-hoc PKI. * IP spoofing : When the sniffing program is on a segment between two communicating end points, the intruder can impersonate one end in order to hijack the connection. This is often combined with a denial of service (DoS) attack against the forged address so they don't interfere anymore. [1]
5.1 Sniffing methods [4]
There are three types of sniffing methods. Some methods work in non-switched networks while others work in switched networks. The sniffing methods are: IP-based sniffing, MAC-based sniffing, and ARP-based sniffing.
5.1.1 IP-based sniffing
This is the original way of packet sniffing. It works by putting the network card into promiscuous mode and sniffing all packets matching the IP address filter. Normally, the IP address filter isn't set so it can capture all the packets. This method only works in non-switched networks.
5.1.2 MAC-based sniffing
This method works by putting the network card into promiscuous mode and sniffing all packets matching the MAC address filter.
5.1.3 ARP-based sniffing
This method works a little different. It doesn't put the network card into promiscuous mode. This isn't necessary because ARP packets will be sent to us. This happens because the ARP protocol is stateless. Because of this, sniffing can be done on a switched network. To perform this kind of sniffing, you first have to poison the ARP cache1 of the two hosts that you want to sniff, identifying yourself as the other host in the connection. Once the ARP caches are poisoned, the two hosts start their connection, but instead of sending the traffic directly to the other host it gets sent to us. We then log the traffic and forward it to the real intended host on the other side of the connection. This is called a man-in-the-middle attack. See Diagram 1 for a general idea of the way it works.
Diagram 1: ARP sniffing method
Create With Code Unit 4 David Wu Mac Os X
6 ANTI-SNIFF ASSUMPTIONSWe have made various assumptions when we developed our remote sniffer detector. These assumptions limit the types of sniffers that we can detect. However, we feel that our assumptions are valid and reasonable .One assumption we have made is that the sniffer is an actual sniffer program running on a host .That is, we disallow the possibility that the sniffer is a dedicated device that a hacker physically attaches to the network. This is a rather reasonable assumption since a lot of break-ins are done remotely by hackers with no physical access to the network whatsoever. Usually, a UNIX machine is broken in to , and the hacker logs on to the compromised machine and installs a sniffer with root access. Another assumption we have made is that the network segment that we are interested in, the network segment which we wish to detect whether a sniffer is running or not, is an Ethernet segment. Again, this is a reasonable assumption since a large percentage of the network segments on the Internet are Ethernet .This leads us to mention that we also assume that TCP/IP is the protocol that the network is using. Although some of our techniques can be modified to support other networking protocols, the implementation is based on TCP/IP since it is, by far, the most popular network protocol today.
7.0 Anti-Sniff detection methods :
7.1 MAC DETECTION
The MAC detection technique for detecting sniffers running on a Ethernet segment requires that the machine running the detector be on the same Ethernet segment as the host that is suspected of running a sniffer. Thus, this technique allows remote detection of sniffers on the same Ethernet segment, but not the remote detection of sniffers across different networks .The basic idea behind the MAC detection technique is simple and has been discussed in the past [6].
7.1.1 Ethernet Network Interface Cards:
A basic Ethernet network interface card has a unique medium access control (MAC) address assigned to it by its manufacturer. Thus, all network interface cards (NIC) can be uniquely identified by its MAC address. Since Ethernet is a shared medium network, all data packets are essentially broadcasted. Since passing all packets broadcasted on the network to the operating system is inefficient , Ethernet controller chips typically implement a filter which filters out any packet that does not contain a target MAC address for the NIC .Since sniffers are interested in all traffic on the Ethernet segment, NICs provide a promiscuous mode. In promiscuous mode, all Ethernet data packets, regardless of the target MAC address, are passed to the operating system. Thus, when a sniffer is running on a machine, the machine's NIC is set to promiscuous mode to capture all of the Ethernet traffic . Figure2 shows the flow diagram of the Ethernet data packet path to the operating system .
7.1.2 TCP/IP on Ethernet:
The Ethernet protocol standard, IEEE 802.3, specifies the Ethernet packet structure. Figure2 shows a IP packet encapsulated in a Ethernet packet. For TCP/IP, a normal IP packet destined to a particular Ethernet host has the destination host's MAC address filled in the Ethernet header and the IP address of the destination filled in the IP header. Thus, IP packets transported by Ethernet have two addresses, both of which normally correspond to a machine's MAC address and IP address [6].
7.1.3 Implementation :
The implementation of the MAC detection technique is quite simple. The detection tool implements a ICMP Echo Request packet generator .The tool generates the full ICMP packet as well as the outer Ethernet packet that encapsulates the ICMP packet. The Ethernet packet is generate such that the target MAC address is different from the actual MAC address of the target machine. So, for any suspected host on the Ethernet segment, the tool can generate the ICMP Echo Request with incorrect MAC address and check if a ICMP Echo Reply is returned. If so, the suspected host is in promiscuous mode. Thus, a sniffer could likely be running on that host. Figure 3 shows how the MAC detection technique works as implemented.
7.1.4 Results :
The MAC detection technique works only against operating systems with a TCP/IP protocol stack that does not have the check against correct MAC addresses. We were able to confirm that Linux 2.0.35 was vulnerable to this kind of sniffer detection. We were able to detect when a Linux machine went in to promiscuous mode with 100% accuracy. However, FreeBSD 2.2.7 was not vulnerable to this kind of sniffer detection. The networking code in FreeBSD 2.2.7 correctly implements the necessary check so that incorrectly addressed Ethernet packets never reach the ICMP processing code.
Flow of Ethernet data packet with OS
8.0 DNS DETECTION:
The DNS detection technique exploits a behavior common in all password sniffers to date. This technique requires that the system administrator controls the Domain Name Server (DNS) [6]
8.1 Exploit Sniffer Behavior:
The DNS detection technique works by exploiting a behavior common to all password sniffers we have seen. The key observation is that all current password sniffers are not truly passive. In fact, password sniffers do generate network traffic, although it is usually hard to distinguish whether the generated network traffic was from the sniffer or not. It turns out that all password sniffers we have come across do a reverse DNS lookup on the traffic that it sniffed. Since this traffic is generated by the sniffer program, the trick is to detect this DNS lookup some how from normal DNS lookup requests. It is not hard to come up with the following idea. We can generate fake traffic to the Ethernet segment with a source address of some unused IP address that we provide the DNS service for. Then, since the traffic we generate should normally be ignored by the hosts on the segment, if a DNS lookup request is generated, we know that there is a sniffer on the Ethernet segment.
8.2 Implementation:
The implementation of the DNS detection technique is quite straight forward. The tool that implement this technique runs on the machine that is registered to provide the reverse DNS lookup for the trigger IP address, the invalid IP address that is used as the source address in the fake traffic. The tool generates a fake FTP [PR85] connection with the source IP address set to the trigger IP address. Then, the tool waits for a period of user definable time on the DNS service port. Within this period of time, the tool counts the number of DNS requests for the trigger IP address. When the time expires, the tool reports the number of DNS request counted. Note that the tool never returns a DNS reply. This is to avoid having the DNS entry being cached in some intermediate DNS server. The reason why DNS request needs to be counted is that the fake FTP traffic may actually be destined for a real machine on the network that provides FTP service. If so, that machine may trigger a DNS lookup. Thus, there are two cases we need to consider. If the fake FTP traffic ends up being destined to a real machine on the network, then if we count two or more DNS lookups, a sniffer is probably running on the network. Otherwise, if only one DNS lookup occurs, it is probably a legitimate lookup being performed by the host. The other case is that the fake traffic ends up being destined to no particular machine on the network. Then, if one or more DNS lookup occurs, there is most likely a sniffer on the network.
8.3 Results :
The DNS detection technique was able to detect sniffers running on a Ethernet segment with 100% accuracy regardless of operating system type. The default behavior of esniff, linsniff, sniffit and even tcpdump is to perform the reverse DNS lookup. Furthermore, it is possible to assign a trigger IP address to each network segment to perform the DNS detection technique .This is useful because even if the password sniffer does not perform a reverse DNS lookup, that is, the tool does not detect a sniffer in the required timeout period, the hacker may sometime in the future perform a reverse DNS lookup on the logged password entry. If so, then this technique can be extended to keep track of which IP address is assigned to what network and report a DNS lookup whenever it sees it in the future. request. Thus, the router will never generate the traffic on the network. However, this is possible to do if the machine running the tool is on the same network, therefore it can generate the fake traffic with invalid MAC addresses.
Diagram of DNS detection.
9.0 Conclusion :
When computers communicate over networks, they normally just listen to the traffic specifically for them. However, network cards have the ability to enter promiscuous mode, which allows them to listen to all network traffic regardless of if it's directed to them. Packet sniffers can capture things like clear-text passwords and usernames or other sensitive material. Because of this packet sniffers are a serious matter for network security. Fortunately, not all sniffers are fully passive. Since they aren't tools like Anti-Sniff can detect them. Since sniffing is possible on non-switched and switched networks, it's a good practice to encrypt your data communications.
References-
1 ) Website (http://www.iss.net/security_center/advice/Underground/Hacking/Methods/Technical/Packet_sniffing/default.htm)
2) Ryan Spangler 'Packet Sniffing on Layer 2 Switched Local Area Networks' University of Wisconsin – Whitewater Department of Computer and Network Administration
Packetwatch Research URL : http://www.packetwatch.net (December 2003)
3) Suhas A Desai ' Packet Sniffing: Sniffing Tools Detection Prevention Methods' University of California Department of Network Administration.(April 2004)
4) Ryan Spangler University of Wisconsin –'Packet Sniffer Detection with Anti Sniff ' Research URL http://www.packetwatch.net (May 2003) 5) A. Ornaghi, M. Valleri, 'Man in the middle attacks Demos' Blackhat [Online Document], 2003,
Available HTTP: http://www.blackhat.com/presentations/bh-usa-03/bh-usa-03-ornaghi-valleri.pdf
6) Remote Sniffer Detection- David Wu and Frederick Wong fdavidwu , fredwongg@cs.berkeley.edu Computer Science Division University of California, Berkeley, CA 94720 (December 14, 1998)
