Re: Caching a sniffer

[eflorio () edmaster it]

Try this.....

http://www.securityfriday.com/ToolDownload/PromiScan/promiscan_doc.html

It tries to detect promisc. mode interface on your LAN
using special ARP packets.

Anyway you must detect if attacker is using :
- promiscuous mode simple packet sniffer
- arp poisoning \"man-in-the-middle\" sniffing (look at ettercap....)

EF

> ----- Original Message ----- 
> From: \"David Vincent\" <david.vincent () mightyoaks com>
> To: <full-disclosure () lists netsys com>
> Sent: Thursday, March 11, 2004 6:51 AM
> Subject: RE: [Full-disclosure] Caching a sniffer

> How can i know if there a sniffer running in my network?


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html