An Intelligent Approach of Sniffer Detection

ARP cache poisoning and putting host Network Interface Card (NIC) in promiscuous mode are ways of sniffer attacks. ARP cache poisoning attack is effective in an environment which is not broadcast in nature (like switch LAN environment) and other attack is effective in an environment which is broadcast in nature (like hub, bus, access point LAN environments). Sniffing is malicious activity performed by network user and because of this network security is at risk so detection of sniffer is essential task to maintain network security. Sniffer detection techniques can be divided into two main categories. First category's techniques are used to detect a sniffer host that runs it's NIC into promiscuous mode and second category's techniques are used to detect a sniffer host that uses ARP cache poisoning for sniffing. The network configuration is hidden form users. Network users do not have any information about nature of network. Therefore, users of network may invoke such sniffer detection technique that is not effective in that environment. This may result in sharing of his private and confidential information with malicious users. In this paper, we designed an intelligent invocation module that checks the nature of environment automatically and invokes appropriate, sniffer detection technique for that environment. With the help of this invocation module it is possible to detect passive as well as active sniffer hosts in both environments