I M using LAN to connect to internet, it s shared connection, i used to manage my website through ftp as an usual task, here I think it s a risky task to do this for unecrypted connection, i wondrd if there is any tools that can detect sniffer running in my network to keep my task secure...

thanks in advance.

To detect a sniffing device that only collects data and does not respond to any of the information, requires physically checking all your ethernet connections by walking around and checking the ethernet connections individually.

It is also impossible to remotely check by sending a packet or ping if a machine is sniffing.

A sniffer running on a machine puts the interface into promiscuous mode, which accepts all the packets. On some Unix boxes, it is possible to detect a promiscuous interface. It is possible to run a sniffer in non-promiscuous mode, but it will only capture sessions from the machine it is running on. It is also possible for the intruder to do similiar capture of sessions by trojaning many programs such as sh, telnet, rlogin, in.telnetd, and so on to
write a log file of what the user did. They can easily watch the tty and kmem devices as well. These attacks will only compromise sessions coming from that one machine, while promiscuous sniffing compromises all sessions on the ethernet.

For SunOs, NetBSD, and other possible BSD derived Unix systems, there is a command

"ifconfig -a"

that will tell you information about all the interfaces and if they are in promiscuous mode. DEC OSF/1 and IRIX and possible other OSes require the device to be specified. One way to find out what interface is on the system, you can execute:

# netstat -r
Routing tables



Internet:
Destination Gateway Flags Refs Use Interface
default iss.net UG 1 24949 le0
localhost localhost UH 2 83 lo0


Then you can test for each interface by doing the following command:

#ifconfig le0
le0: flags=8863<UP,BROADCAST,NOTRAILERS,RUNNING,PROMISC,MULTICAST>
inet 127.0.0.1 netmask 0xffffff00 broadcast 255.0.0.1

Intruders often replace commands such as ifconfig to avoid detection. Make sure you verify its checksum.

There is a program called cpm available on ftp://ftp.cert.org/pub/tools/ that only works on Sunos and is suppose to check the interface for promiscuous flag.

Ultrix can possibly detect someone running a sniffer by using the commands
pfstat and pfconfig.

pfconfig allows you to set who can run a sniffer
pfstat shows you if the interface is in promiscuous mode.

These commands only work if sniffing is enabled by linking it into the kernel. by default, the sniffer is not linked into the kernel. Most other Unix systems, such as Irix, Solaris, SCO, etc, do not have any flags indication whether they are in promiscuous mode or not, therefore an intruder could be sniffing your whole network and there is no way to detect it.

Often a sniffer log becomes so large that the file space is all used up. On a high volume network, a sniffer will create a large load on the machine. These sometimes trigger enough alarms that the administrator will discover a sniffer. I highly suggest using lsof (LiSt Open Files) available from coast.cs.purdue.edu:/pub/Purdue/lsof for finding log files and finding programs that are accessing the packet device such as /dev/nit on SunOs.
source:stason.com

hmmm so quick, thanks for reply.
but M using windows xp, any tools that work on windows version to detact promiscuous mode??

u can use Promqry to check promiscuous mode for the network interfaces. download the below attachment.

thanks4 yor time man, really gud tool