Intrusion Detection Systems mailing list archives
Re: detecting a sniffer remotely
From: tschroed () acm org (Trevor Schroeder)
Date: Thu, 14 Oct 1999 09:07:52 -0500 (CDT)
On Thu, 14 Oct 1999, laurent van-cauwelaert wrote:
What was the OS on the machine running the sniffer?
NetBSD/pmax 1.4.1 on a DECstation 5000/25. Haven't tried it with a faster box (which will have less pronounced variance when the net is flooded)
Does the sniffer resolv the address? (Because if it does it's really easy to detect)
Not by default (tcpdump -w foo.cap). .......................................................................... : "I knew it was going to cost me my head and also my swivel chair, but : : I thought: What the hell--better men than I have risked their heads : : and their swivel chairs for truth and justice." -- James P. Cannon : :........... http://www.zweknu.org/ for PGP key and more ................:
Current thread:
- Re: detecting a sniffer remotely seregon (Oct 01)
- <Possible follow-ups>
- RE: detecting a sniffer remotely Hunt, Charles (Oct 14)
- Re: RE: detecting a sniffer remotely Trevor Schroeder (Oct 14)
- Re: detecting a sniffer remotely laurent van-cauwelaert (Oct 14)
- Re: detecting a sniffer remotely Trevor Schroeder (Oct 14)
- Re: RE: detecting a sniffer remotely CyberPsychotic (Oct 15)
- Re: RE: detecting a sniffer remotely Trevor Schroeder (Oct 15)
- Re: RE: detecting a sniffer remotely Trevor Schroeder (Oct 16)
- Re: RE: detecting a sniffer remotely Trevor Schroeder (Oct 14)
- Re: RE: detecting a sniffer remotely laurent van-cauwelaert (Oct 16)