Full Disclosure mailing list archives
RE: Caching a sniffer
From: "Motiwala, Yusuf" <motiwala () ti com>
Date: Thu, 11 Mar 2004 16:49:50 +0530
This is very much OS dependent solution. One can just disable transmission at sniffing end (say by modifying driver) and you will never come to know about sniffer existence. I think this topic was discussed before also without any concrete solution. Yusuf
-----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure- admin () lists netsys com] On Behalf Of Ian Latter Sent: Thursday, March 11, 2004 10:57 AM To: Gary E. Miller Cc: Full Disclosure Subject: Re: [Full-disclosure] Caching a sniffer While there's no way to be sure-sure ... you can get into your local LAN segment and send ICMP(/whatever) requests to the correct L3 address with the wrong L2 address and see if you get a response; this will show you if hosts/devices are listening promiscuously (which makes for a good starting point). ----- Original Message -----From: "Gary E. Miller" <gem () rellim com> To: "Patricio Bruna V." <pbruna () masev cl> Subject: Re: [Full-disclosure] Caching a sniffer Date: Wed, 10 Mar 2004 18:51:07 -0800 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Yo Patricio! On Wed, 10 Mar 2004, Patricio Bruna V. wrote:How can i know if there a sniffer running in my network?If the hacker has had physical access to your network, even for just a few minutes, then there are many ways he can install a sniffer you can never find short of tearing everything apart. If you care about your data, you better encrypt end to end. RGDS GARY - ---------------------------------------------------------------------------Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701 gem () rellim com Tel:+1(541)382-8588 Fax: +1(541)382-8676 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFAT9Qe8KZibdeR3qURAhDPAKCuNz7q8joqyij/T1AHy0DHBF00HgCfTl0i W5eaIQIRi3Zx+B87I3nZKZ0= =p/BH -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html-- Ian Latter Internet and Networking Security Officer Macquarie University _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Caching a sniffer, (continued)
- Re: Caching a sniffer Simon Richter (Mar 12)
- RE: Caching a sniffer Justin Baldini (Mar 12)
- Re: Caching a sniffer Bob Radvanovsky (Mar 11)
- Re: Caching a sniffer Ian Latter (Mar 10)
- Re: Caching a sniffer Cael Abal (Mar 10)
- RE: Caching a sniffer David Vincent (Mar 10)
- Re: Caching a sniffer Lan Guy (Mar 11)
- Re: Caching a sniffer Ian Latter (Mar 10)
- RE: Caching a sniffer Motiwala, Yusuf (Mar 11)
- RE: Caching a sniffer Dave Horsfall (Mar 11)
- RE: Caching a sniffer Motiwala, Yusuf (Mar 11)
- Re: Caching a sniffer eflorio (Mar 11)
- RE: Caching a sniffer RMcElroy (Mar 11)