RE: Caching a sniffer [Resending]

["Motiwala, Yusuf" <motiwala () ti com>]

This is very much OS dependent solution. If you rely on some response
technique, one can just disable transmission at sniffing end and you will
never come to know about sniffer existence. It is very easy to do. This
topic was discussed before also without any concrete solution.

Yusuf

> -----Original Message-----
> From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-
> admin () lists netsys com] On Behalf Of Ian Latter
> Sent: Thursday, March 11, 2004 10:57 AM
> To: Gary E. Miller
> Cc: Full Disclosure
> Subject: Re: [Full-disclosure] Caching a sniffer
>
>
>
> While there's no way to be sure-sure ... you can get into your
> local LAN segment and send ICMP(/whatever) requests to the
> correct L3 address with the wrong L2 address and see if you
> get a response; this will show you if hosts/devices are listening
> promiscuously (which makes for a good starting point).

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html