You are right that these passwords are cleartext by default (not always with HTTP, but also hashed passwords should be protected).
What can you do on the IPS:
To sniff traffic the attacker has to insert itself as a man-in-the-middle. There are many possible ways to do that, but most of them are not possible to defeat with standard signatures.
The better way:
Implement a baseline switch-security. That are right port-settings (access, port-security) for user-ports, DHCP-snooping, ARP-inspection and eventually Source-Guard. If you want to go even further you can think about implementing DOT1X, but that's much harder and most likely more expensive to implement then the things above.
With these security-measures in place you can protect your users against other users trying to become man-in-the-middle. But still a network-admin could sniff directly on the switches. For that you should move from cleartext-protocols like HTTP and FTP to encrypted versions HTTPS, SFTP and so on.
It's not the sniffing itself that can be detected. But with signatures you can match on the activities of the atacker to make himself man-in-the-middle. For example the arp-traffic used in ARP-spoofing or DHCP-replies coming from addresses that are not the DHCP-server. But for that to work you need to have sensor-interfaces in all user-segments what is ... well ... impossible?
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...