Full Disclosure mailing list archives
RE: Caching a sniffer [Resending]
From: "Motiwala, Yusuf" <motiwala () ti com>
Date: Thu, 11 Mar 2004 20:23:38 +0530
This is very much OS dependent solution. If you rely on some response technique, one can just disable transmission at sniffing end and you will never come to know about sniffer existence. It is very easy to do. This topic was discussed before also without any concrete solution. Yusuf
-----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure- admin () lists netsys com] On Behalf Of Ian Latter Sent: Thursday, March 11, 2004 10:57 AM To: Gary E. Miller Cc: Full Disclosure Subject: Re: [Full-disclosure] Caching a sniffer While there's no way to be sure-sure ... you can get into your local LAN segment and send ICMP(/whatever) requests to the correct L3 address with the wrong L2 address and see if you get a response; this will show you if hosts/devices are listening promiscuously (which makes for a good starting point).
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: Caching a sniffer [Resending] Motiwala, Yusuf (Mar 11)