nanog mailing list archives
Re: sniffer/promisc detector
From: Chris Brenton <cbrenton () chrisbrenton org>
Date: Fri, 16 Jan 2004 21:29:18 -0500
On Fri, 2004-01-16 at 18:00, Gerald wrote:
I should probably mention that I've already started looking at antisniff. I was hoping to find something that was currently maintained and still free while I investigate antisniff's capabilities.
Antisniff is still the best software based tool for the job. It has far more extensive testing that anything else I've looked at. Of course the one blind spot with antisniff is that it can only detect sniffers that have an IP address assigned to them. To detect these you have to look at your switch statistics. Dead giveaway is a host receiving traffic, but never transmitting. There is a false positive for this condition however which is a hub plugged in the switch with no hosts attached. HTH, C
Current thread:
- Re: sniffer/promisc detector, (continued)
- Re: sniffer/promisc detector Scott McGrath (Jan 17)
- Re: sniffer/promisc detector Donovan Hill (Jan 17)
- Re: sniffer/promisc detector Valdis . Kletnieks (Jan 17)
- Re: sniffer/promisc detector Donovan Hill (Jan 17)
- Re: sniffer/promisc detector Deepak Jain (Jan 17)
- Re: sniffer/promisc detector E.B. Dreger (Jan 18)
- Re: sniffer/promisc detector Gerald (Jan 19)
- Re: sniffer/promisc detector Scott McGrath (Jan 19)
- Re: sniffer/promisc detector Gerald (Jan 19)
- Re: sniffer/promisc detector Chris Brenton (Jan 16)
- Re: sniffer/promisc detector Alexei Roudnev (Jan 17)
- Re: sniffer/promisc detector haesu (Jan 17)
- Re: sniffer/promisc detector Valdis . Kletnieks (Jan 17)
- Re: sniffer/promisc detector Alexei Roudnev (Jan 17)
- Re: sniffer/promisc detector Vadim Antonov (Jan 19)
- Re: sniffer/promisc detector Paul Vixie (Jan 19)
- Re: sniffer/promisc detector Alexei Roudnev (Jan 19)
- Re: sniffer/promisc detector Brett Watson (Jan 19)