Antisniff is a module of ipLegion allowing to identify systems that have sniffing activity inside the monitored network.
This kind of activity is usually of illegitimate nature and it comes from worm virus or ill-intentioned users activity.


ipLegion Antisniff allows to view the activity results through a web interface and it can be configured for alert emails to be sent to the network administrator whenever a sniffing system has been found out.

ipLegion Antisniff è is easy to use, it analyzes every single device in real time, it allows to create logical groups of systems and it keeps a history report for every group or system, pointing out the starting and ending of every sniffing activity.


The module works at a low layer (layer 2 ISO/OSI) on the network to identify the working systems and afterwards to assess if one of them is working in a promiscuous way. It is able to work on the whole network segment where the ipLegion Scout is placed.


The network administrator can configure the sending frequence of the packages in order to control the activity impact of the module on the monitored network.

ipLegion Antisniff: features

• it identifies the hosts of a promiscuous way in a network.
• it manages black list and white list to configure the hosts for which promiscuous way is allowed.
• it filters the physical addresses not to be tested.
• configuration of alert emails.
• reports of details about each monitored network and history informations about each host.

ipLegion Antisniff: report

This module provides with a report about the state of the monitored network hosts:

• Ip address of the host.
• physical address (MAC address)and pertinent name of network adapter producer.
• presence of a host in the black or in the white list.
• state of the host with the pertinent historical details.
• date and time of the last identification.