Full Disclosure mailing list archives
Re: Caching a sniffer
From: "morning_wood" <se_cur_ity () hotmail com>
Date: Thu, 11 Mar 2004 03:10:42 -0800
How can i know if there a sniffer running in my network?When you wake up one day to find that you're 0wn3d :-) Seriously, about the only way I can think of to detect a sniffer with its transmit leads cut is with a Time Domain Reflectometer (TDR) and look for an unexplained impedance bump.
try your detection tools on a simple sniffer at http://exploitlabs.com/files/misc/xsniff.zip does not use pcap or any other "cap" libs that I am aware of. m.wood _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Caching a sniffer Patricio Bruna V. (Mar 10)
- Re: Caching a sniffer Gary E. Miller (Mar 10)
- Re: Caching a sniffer Dave Horsfall (Mar 10)
- Re: Caching a sniffer morning_wood (Mar 11)
- Re: Caching a sniffer Tim (Mar 10)
- Re: Caching a sniffer Chris Adams (Mar 10)
- Re: Caching a sniffer Eric LeBlanc (Mar 11)
- Re: Caching a sniffer Simon Richter (Mar 11)
- Re: Caching a sniffer Kenton Smith (Mar 11)
- RE: Caching a sniffer Mike Fratto (Mar 11)
- RE: Caching a sniffer Kenton Smith (Mar 11)
- RE: Caching a sniffer David Bartholomew (Mar 11)
- Re: Caching a sniffer Simon Richter (Mar 12)
- RE: Caching a sniffer Justin Baldini (Mar 12)
- RE: Caching a sniffer Mike Fratto (Mar 11)