Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

RE: Caching a sniffer [Resending]
From: "Motiwala, Yusuf" <motiwala () ti com>
Date: Thu, 11 Mar 2004 20:23:38 +0530

This is very much OS dependent solution. If you rely on some response
technique, one can just disable transmission at sniffing end and you will
never come to know about sniffer existence. It is very easy to do. This
topic was discussed before also without any concrete solution.

Yusuf

-----Original Message-----
From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-
admin () lists netsys com] On Behalf Of Ian Latter
Sent: Thursday, March 11, 2004 10:57 AM
To: Gary E. Miller
Cc: Full Disclosure
Subject: Re: [Full-disclosure] Caching a sniffer



While there's no way to be sure-sure ... you can get into your
local LAN segment and send ICMP(/whatever) requests to the
correct L3 address with the wrong L2 address and see if you
get a response; this will show you if hosts/devices are listening
promiscuously (which makes for a good starting point).



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
  • RE: Caching a sniffer [Resending] Motiwala, Yusuf (Mar 11)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]