Re: [Full-Disclosure] Caching a sniffer

["Ian Latter" <Ian.Latter@xxxxxxxxx>]

While there's no way to be sure-sure ... you can get into your
local LAN segment and send ICMP(/whatever) requests to the
correct L3 address with the wrong L2 address and see if you
get a response; this will show you if hosts/devices are listening 
promiscuously (which makes for a good starting point).




----- Original Message -----
>From: "Gary E. Miller" <gem@xxxxxxxxxx>
>To: "Patricio Bruna V." <pbruna@xxxxxxxx>
>Subject:  Re: [Full-Disclosure] Caching a sniffer
>Date: Wed, 10 Mar 2004 18:51:07 -0800
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Yo Patricio!
> 
> On Wed, 10 Mar 2004, Patricio Bruna V. wrote:
> 
> > How can i know if there a sniffer running in my network?
> 
> If the hacker has had physical access to your network, even for just a
> few minutes, then there are many ways he can install a sniffer you can
> never find short of tearing everything apart.
> 
> If you care about your data, you better encrypt end to end.
> 
> RGDS
> GARY
> - ---------------------------------------------------------------------------
> Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701
>       gem@xxxxxxxxxx  Tel:+1(541)382-8588 Fax: +1(541)382-8676
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.3 (GNU/Linux)
> 
> iD8DBQFAT9Qe8KZibdeR3qURAhDPAKCuNz7q8joqyij/T1AHy0DHBF00HgCfTl0i
> W5eaIQIRi3Zx+B87I3nZKZ0=
> =p/BH
> -----END PGP SIGNATURE-----
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 

--
Ian Latter
Internet and Networking Security Officer
Macquarie University

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html