Detect Man In The Middle Attacks in Your Network

July 13, 2018 | Views: 8855

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

In this post, we are going to see a simple and easy way to detect a network sniffer, or Man In The Middle, who is intercepting our network and can sniff our password over the network. This is a basic and simple way to do a basic check for any interception inside your network. It should be noted that this is not enough to check these types of network attacks, but this can come in handy when you are dealing with some script kiddie who is just using some script and doesn’t know anything about what he is doing.


What You Need To Know 

You need to know about the basics of networking. And apart from this, I will tell you every step and will give you info about the command we are going to use.


Steps For Detecting an MITM Attack

Before checking for the network interception, I am going to capture a plaintext password to show you that we are intercepting the network, so that we can see if this method actually works or not.

1. So first, I will start intercepting my network as shown below.



2. Now, I will capture a plaintext password. This will tell us that our network is being watched.



As we can see above, we got the plaintext password of our victim. Now, suppose you are a victim and don’t know if someone is inside your network and capturing your credentials. You want to make sure your network is secure, so we will do a quick check to detect the sniffer.


Detecting the Sniffer

1. I will use a simple technique to detect the sniffer. To do this, open your terminal and type nmap -sn –script=sniffer-detect




Command We Used Above 

“sn”  This command is for “ping” scan, but it will not necessarily do a ICMP request.


“–script” This will tell nmap to run a script. In this case, it was “sniffer-detect.”


“sniffer-detect” This was the script name that we used for detecting the sniffer.


“” This is the target network which may be compromised. In this case, this may not always work, so you can also scan the whole network by adding /24 after the gateway address. For example, in this case, it would be


2. Now, nmap will do the scan and will report to you if your network is in in promiscuous mode. As we can see below, nmap has found the sniffer inside our network.



Final Words

As I said above, this is not enough to check these types of network attacks but, this can come handy when you are dealing with some script kiddie who is just using some script and doesn’t know anything about what he is doing. So in our upcoming post, I will cover some other ways to detect network sniffers.


For more information, you can follow me on Facebook.




Share with Friends
Use Cybytes and
Tip the Author!
Share with Friends
Ready to share your knowledge and expertise?
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge



Is Linux Worth Learning in 2020?
Views: 297 / December 14, 2019
How do I Get MTA Certified?
Views: 894 / December 12, 2019
How much does your PAM software really cost?
Views: 1345 / December 10, 2019
How Do I Get into Android Development?
Views: 1724 / December 8, 2019

We recommend always using caution when following any link

Are you sure you want to continue?