Re: Caching a sniffer

["morning_wood" <se_cur_ity () hotmail com>]

> > How can i know if there a sniffer running in my network?
>
> When you wake up one day to find that you're 0wn3d :-)
>
> Seriously, about the only way I can think of to detect a sniffer with
> its transmit leads cut is with a Time Domain Reflectometer (TDR) and
> look for an unexplained impedance bump.

try your detection tools on a simple sniffer at
http://exploitlabs.com/files/misc/xsniff.zip

does not use pcap or any other "cap" libs that I am aware of.

m.wood


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html