Benny Amorsen wrote:
>
> >>>>> "CB" == Chris Brenton <[EMAIL PROTECTED]> writes:
>
> CB> It is more than possible to run a sniffer on a network and have it
> CB> be 100% undetectable. You are talking about a passive device,
> CB> something that listens to all network traffic without actually
> CB> generating any traffic itself. Heck, the device does not even need
> CB> a network address or a MAC address meaning that it can be
> CB> completely invisible from OSI layers 2 and up.
>
> The classic trick is to cut the TX wire. That makes it rather hard to
> detect the sniffer.
I've heard this...and have tried it myself. I've found that if the Tx
pair is cut, most hubs/switches will not initialize the port. If the
port does not initialize, you obviously can not monitor anything. ;)
You can however fray the Tx pair so that a voltage is still passed but
inductance is high enough to chop any signal pulses. Of course you need
to be using stranded twisted pair wiring in order to get this to work.
It also takes a lot of work to make a functional cable.
Cheers,
Chris
--
**************************************
[EMAIL PROTECTED]
* Multiprotocol Network Design & Troubleshooting
http://www.amazon.com/exec/obidos/ASIN/0782120822/geekspeaknet
* Mastering Network Security
http://www.amazon.com/exec/obidos/ASIN/0782123430/geekspeaknet
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
