Question

What mechanisms are there to detect: (a) Network sniffing (b) Wiretapping ?

What mechanisms are there to detect:

(a) Network sniffing

(b) Wiretapping ?

Engineering   Computer-Science   
0 0
Add a commentTranscribed image text
Next >

Homework Answers

Answer #1

# Sniffing Detection :

Sniffer are  usually passive in nature , it basically collects data. Thus it becomes extremely difficult to detect sniffers. a sniffer does generate some small amount of traffic( When it is installed on a computer  ).

@ Ping Method: is used to send a ping request with the IP address of the machine(s) which are under suspection but not its MAC address.In an Ideal case nobody should see this packet . if the suspect(s) machine is running a sniffer it will definitely going to respond, because it does not care rejecting packets with a different Destination MAC address.

@ ARP Method: A machine caches ARP(s). So we need to send a non-broadcast ARP. A machine will cache your ARP address. Now we send a broadcast ping packet with our IP, but a different MAC address. a machine that has correct MAC address from our sniffed (ARP frame) will only be able to respond to our broadcast ping request and no one else.

@ Latency Method: In this method   huge amount of data is sent on the network and the suspect machine is pinged before and during the data flooding. If the machine is in ("promiscuous mode"), it will parse the data, " increasing the load on it".

@  ARP Watch: If there is duplication for a machine. It could trigger alarm(s) and lead to detection of sniffer(s). On network implementon of  DHCP, this could trigger many other false alarms. A basic change that can be made is the increase the DHCP lease time.

@ Using IDS: The Open Source IDS Snort for instance has an arp-spoof preprocessor that allows it to record packets on the network with spoofed ARP addresses. It compares the IP/MAC pairing it is given in the "snort.conf" file, against the pairing in the packet,which is flowing across the network. Whenever mismatch encountered , it generates an alert.

# Wiretap Detection :

@ An audio analysis can be done , testing wires for any indication of room audio.

@ Electrical and electronic properties must be monitored very carefully , voltage, capacitance, and other characteristics.

@ TDR and FDR equipment can be used - Time Domain and Frequency Domain Reflectometry which will display graphic analysis of wires under test to discover any wiretaps.

@ RF tracing tools can also be used that inject a radio signal onto the wires so they can then be traced .

@ Ethernet testing for pair analysis and proper network(s) configuration.

0 0
Know the answer?
Your Answer:

Post as a guest

Your Name:

What's your source?

Earn Coins

Coins can be redeemed for fabulous gifts.

Log In

Sign Up

Not the answer you're looking for?
Ask your own homework help question
Similar Questions
The government is considering the construction of a network of sensors designed to detect the presence...
The government is considering the construction of a network of sensors designed to detect the presence of aliens (a public good). Sigourney has demand for the public good given by Q=30-3P. Arnold has demand for the public good given by Q=36-6P. Suppose further that the marginal cost of installing the sensors is constant at $10 and the maximum number of sensors is 30.                a) Find the equation for the social marginal benefit curve (collective demand curve), assuming Sigourney and...
Please give the two mechanisms for detecting a packet loss; which one is considered to be...
Please give the two mechanisms for detecting a packet loss; which one is considered to be caused by more serious network congestion, and why? Computer network. Transmission Control Protocol Congestion Control
What is the purpose of DNA electrophoresis? A) detect differences in DNA samples B) create a...
What is the purpose of DNA electrophoresis? A) detect differences in DNA samples B) create a buffer with various DNA samples C) analyze the electrical charge of different DNA samples D) produce DNA fragments of different sizes
A three-port network has the scattering matrix shown below. (a) Is this network lossless? (b) What...
A three-port network has the scattering matrix shown below. (a) Is this network lossless? (b) What is the return loss at port 1 when all other ports are matched? (c) What is the scattering matrix between ports 1 and 3, when port 2 is matched? (d) What is the reflection coefficient seen at port 3 if an open circuit is placed at port 1 and port 2 is matched? (e) What is the reflection coefficient seen at port 2 if...
What are the mechanisms to create cell memory?
What are the mechanisms to create cell memory?
java.UDP network topology am example of an implement of a program that read an ICT script...
java.UDP network topology am example of an implement of a program that read an ICT script with each node identify its neighbors in the network and the routing protocol should be able to find the other nodes in the network and the next hop to these nodes. The routing protocol should also detect topology changes and react to them by determining new shortest-path routes. the program should also deal with topology changes such node failure or link failure
When a network host determine that a packet is intended for a remote network, what does...
When a network host determine that a packet is intended for a remote network, what does it do with the packets ?
What is the crashing techniques used for? a. Activity sequencing b. Cost reduction c. Network diagramming...
What is the crashing techniques used for? a. Activity sequencing b. Cost reduction c. Network diagramming d. Duration compression
If you have a class B IPv4 network and want to divide it into subnets, each...
If you have a class B IPv4 network and want to divide it into subnets, each with 126 hosts, which subnet mask should you use? How many networks will be available? What are the four addresses (broadcast and network number) for the network starting at 131.204.18?
What can increase of sample size lead to? A. The ability to detect an effect if...
What can increase of sample size lead to? A. The ability to detect an effect if it exists has increased B. Power has increased AND the ability to detect an effect if it exists has increased C. Effect size has increased D. All of these options E. Power has increased
ADVERTISEMENT
Need Online Homework Help?

Get Answers For Free
Most questions answered within 1 hours.

Ask a Question
ADVERTISEMENT