On Jan 15, 3:11am, Chris Brenton wrote:
} Subject: Re: How can I detect if there is a sniffer running on my local so
} Benny Amorsen wrote:
} >
} > >>>>> "CB" == Chris Brenton <[EMAIL PROTECTED]> writes:
} >
} > CB> It is more than possible to run a sniffer on a network and have it
} > CB> be 100% undetectable. You are talking about a passive device,
} > CB> something that listens to all network traffic without actually
} > CB> generating any traffic itself. Heck, the device does not even need
} > CB> a network address or a MAC address meaning that it can be
} > CB> completely invisible from OSI layers 2 and up.
} >
} > The classic trick is to cut the TX wire. That makes it rather hard to
} > detect the sniffer.
}
} I've heard this...and have tried it myself. I've found that if the Tx
} pair is cut, most hubs/switches will not initialize the port. If the
} port does not initialize, you obviously can not monitor anything. ;)
This trick really only works with AUI cables.
} You can however fray the Tx pair so that a voltage is still passed but
} inductance is high enough to chop any signal pulses. Of course you need
} to be using stranded twisted pair wiring in order to get this to work.
} It also takes a lot of work to make a functional cable.
I suppose you might be able to get something like this to work with
10BASE-T, but anything newer will probably fail because you need a
fairly fancy waveform on the cable to get the hub to bring up the link.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
