sniffer/promisc detector

• Previous message (by thread): sniffer/promisc detector
• Next message (by thread): sniffer/promisc detector
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, 17 Jan 2004, Sam Stickland wrote:

> In an all switched network, sniffing can normally only be accomplished with
> MAC address spoofing (Man In The Middle). Watching for MAC address changes
> (from every machines perspective), along with scanning for seperate machines
> with the same ARP address, and using switches that can detect when a MAC
> address moves between ports will go a long way towards detecting sniffing.

My machines all scream bloody murder when an IP address has more than one
MAC or even if the IP changes MAC addresses.

One of the suggestions mailed to me off list:
http://sniffdet.sourceforge.net/

I haven't looked in to it yet, but figured I would keep all of the
suggestions in public view.

Gerald

• Previous message (by thread): sniffer/promisc detector
• Next message (by thread): sniffer/promisc detector
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]