An Intelligent Approach of Sniffer Detection
Abdul Nasir Khan, Kalim Qureshi, and Sumair Khan
Department of Computer Science, COMSATS Abbottabad, Pakistan
Department of Computer Science, COMSATS Abbottabad, Pakistan
Abstract: ARP cache poisoning and putting host Network Interface Card (NIC) in promiscuous mode are ways of sniffer attacks. ARP cache poisoning attack is effective in an environment which is not broadcast in nature (like switch LAN environment) and other attack is effective in an environment which is broadcast in nature (like hub, bus, access point LAN environments). Sniffing is malicious activity performed by network user and because of this network security is at risk so detection of sniffer is essential task to maintain network security. Sniffer detection techniques can be divided into two main categories. First category’s techniques are used to detect a sniffer host that runs it’s NIC into promiscuous mode and second category’s techniques are used to detect a sniffer host that uses ARP cache poisoning for sniffing. The network configuration is hidden form users. Network users do not have any information about nature of network. Therefore, users of network may invoke such sniffer detection technique that is not effective in that environment. This may result in sharing of his private and confidential information with malicious users. In this paper we designed an intelligent invocation module that checks the nature of environment automatically and invokes appropriate sniffer detection technique for that environment. With the help of this invocation module it is possible to detect passive as well as active sniffer hosts in both environments.
Keywords: Network security, sniffer, ARP cache poisoning, and IP packet routing.
Received January 7, 2009; accepted March 9, 2009