Network Packet Sniffer 1

[dennisbbb]

We have found out an IT staff is installing packet sniffer without any consultation with the supervisor. When confronted, he said he was just "testing". So far, nothing has been done, since "testing" of new software is encouraged in our environment, because after all, that's how we learn new things.

The general question here is: What is the consequence when an IT staff or a user is caught "snooping" around the network traffic, for whatever excuses he/she may have? Is this considered a "criminalistic" activity, worthy of immediate termination?

Your input is appreciated.

 

[lgarner]

Depends on policy, I suppose. But if it's a network engineer, there are enough reasons to use one of the most basic network troubleshooting and monitoring tools around that it's likely to be with his responsibilities.

 

[gurner]

2nd that, quite often a sniffer is invaluable, especially to a network engineer. it would be akin to an electritian using a voltage meter or a doctor and his stethoscope.

so giving them the benefit of doubt, rather than rushing to terminate their employment would be best?

besides, unless they've also got a variety of de-cryption/password cracking tools as well, a lot of the data (if not most of it) would be indecipherable.

nearly all sniffers are best for packet type, destination, source, e.t.c.

Data is included, but it will ressemble some thing like this, which is part of a basic TCP ACK

0000 00 11 11 2d 62 d9 00 50 8b c7 ed 7f 08 00 45 00 ...-b..P......E.
0010 00 6e 00 00 40 00 76 06 7e be c0 a8 02 05 c0 a8 .n..@.v.~.......




Gurner