![[LWN Logo]](/images/lwn.banner.gif)
Date: Thu, 6 Apr 2000 14:58:34 -0700
From: Marshall <bind@CTS.COM>
Subject: The Sentinel Project
To: BUGTRAQ@SECURITYFOCUS.COM
Hello,
Sentinel, a new utility for use of remote promiscuous detection, has
been released. The Sentinel project is designed to be a portable
accurate implementation of all publicly known remote promiscuous
detection
techniques. Sentinel currently supports 3 methods of detection: DNS
tests, ARP tests, and ICMP Etherping tests. ICMP Ping latency tests are
still under development.
Sentinel was was developed under OpenBSD 2.6 and the majority of
testing targeted a Linux 2.2.14 machine in promiscuous mode. During the
development of Sentinel, I discovered that etherping testing which was
known only to work against older linux kernels still does work in the
2.2.x kernels.
Differences between Antisniff & Sentinel in the same environment:
* DNS Testing: Sentinel was successful in detecting the machine
running a sniffer, Antisniff was not.
* Etherping Testing: Sentinel was successful in detecting the 2.2.14
machine in promiscuous mode and by
default, Antisniff was not.
* Antisniff supports ping latency tests, which Sentinel currently does
not. Although, Antisniff's ping
latency test was unable to detect a machine in promiscuous mode.
Sentinel Homepage: http://www.packetfactory.net/Projects/sentinel
-bind