sniffdet - Remote Sniffer Detection Tool/Library

Frequently Asqued Questions - FAQ

Updated: 2002-12-11

What's a sniffer?

Tipically, any program that runs collecting data from the network over an interface is, potentially, a sniffer.

Harmless examples of it are tcpdump and other diagnostic tools being used by a network administrator and not so harmless examples can be widely found in the Internet.

A sniffer is usually a passive interactor, which means it tries to inject packets in the network as less as possible. This characteristic makes it difficult to find it and it's the great reason we have so few tools to perform this task although the great demand for them.

What's sniffdet?

Sniffdet is an OpenSource implementation of a set of tests for remote sniffers detection in TCP/IP network environments. The project itself is composed of flexible and easy to use library and an application to run the tests.

How can I help?

You can join the sniffdet mailing list by sending an empty message to with subscribe as the subject.

Or if you prefer, you can join using the mailman interface from

Basically, any help is welcome. But there are some subjects where it's more than welcome :)

  • Port to more plataforms
  • New tests for detections
  • Graphical application to run the tests (sniffdet GUI)

You can also browse and report BUGS using the interface from sourceforge here.

Can I detect sniffers in switched networks?

Yes and no. There are some techniques to detect sniffers in switched networks. But they're not effective as the ones for shared networks. We have plans to implement every possible test (even if it's not very effective) in libsniffdet in the near future.

Can I detect sniffers in wireless networks?

Not yet. We have plans to study and implement every possible test but we had no hardware or oportunity to study it until now. Any help in this area (wireless networks) is very appreciated.

Can I use sniffdet to test hosts not in my local network?

Not yet. There are some kinds of "tests" that try to detect sniffers in not connected networks (as in switched networks). We are studiyng this area and have plans to develop and implement this kind of tests too.