I would like to know if it's possible to monitor if any users are using a network sniffer like Wireshark in my corporate network?.
Asked
Active
Viewed 816 times
0
-
1This is answered there: http://security.stackexchange.com/questions/25011/how-can-i-detect-if-someone-is-sniffing-network-packets-on-the-lan – thanasisk Sep 08 '14 at 08:35
-
There are a number of IDS (Intrusion Detection System) products that will do this for you. – Katherine Villyard Sep 08 '14 at 16:59
1 Answers
3
IIRC Wireshark is copying data received by the network interface and working on them. I don't think it's possible to detect usage of Wireshark or other tools like tcpdump on network layer. On OS layer you might can check wether a device is entering promiscuous mode which indicates something is listening at the device.
frlan
- 573
- 1
- 8
- 27