Nmap Announce mailing list archives
Re: Sniffer detection (remote)
From: White Cap <whitecap () dreams res cmu edu>
Date: Tue, 16 Feb 1999 13:23:54 -0500 (EST)
On Mon, 15 Feb 1999, Terje Elde wrote:
Another idea for nmap, what about building in the abilities of neped? It's a cute little tool which will remotely detect some linux box'es running some kernels if they are sniffing. Great for scanning your own network for bad guys :)
promisc mode detection uses arp or rarp, I forget. unless you're scanning your local network (and this becomes dull really fast), you won't be able to tell. maybe nmap could check to see if the hosts you're scanning are on your local net (no gateway for the route) and if so then run a neped-like procedure as well as the regular scan? whitecap
Current thread:
- Sniffer detection (remote) Terje Elde (Feb 15)
- Re: Sniffer detection (remote) White Cap (Feb 16)