Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Caching a sniffer
From: "morning_wood" <se_cur_ity () hotmail com>
Date: Thu, 11 Mar 2004 03:10:42 -0800

How can i know if there a sniffer running in my network?

When you wake up one day to find that you're 0wn3d :-)

Seriously, about the only way I can think of to detect a sniffer with
its transmit leads cut is with a Time Domain Reflectometer (TDR) and
look for an unexplained impedance bump.


try your detection tools on a simple sniffer at
http://exploitlabs.com/files/misc/xsniff.zip

does not use pcap or any other "cap" libs that I am aware of.

m.wood


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]