[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Caching a sniffer

To: "Full Disclosure List" <full-disclosure@xxxxxxxxxxxxxxxx>
Subject: Re: [Full-Disclosure] Caching a sniffer
From: "morning_wood" <se_cur_ity@xxxxxxxxxxx>
Date: Thu, 11 Mar 2004 03:10:42 -0800

> > How can i know if there a sniffer running in my network?
> 
> When you wake up one day to find that you're 0wn3d :-)
> 
> Seriously, about the only way I can think of to detect a sniffer with
> its transmit leads cut is with a Time Domain Reflectometer (TDR) and
> look for an unexplained impedance bump.
> 

try your detection tools on a simple sniffer at
http://exploitlabs.com/files/misc/xsniff.zip

does not use pcap or any other "cap" libs that I am aware of.

m.wood


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] Caching a sniffer
  - From: Patricio Bruna V.
- Re: [Full-Disclosure] Caching a sniffer
  - From: Dave Horsfall

Prev by Date: Re: [Full-Disclosure] Caching a sniffer
Next by Date: RE: [Full-Disclosure] Caching a sniffer
Previous by thread: Re: [Full-Disclosure] Caching a sniffer
Next by thread: Re: [Full-Disclosure] Caching a sniffer
Index(es):
- Date
- Thread