While there's no way to be sure-sure ... you can get into your local LAN segment and send ICMP(/whatever) requests to the correct L3 address with the wrong L2 address and see if you get a response; this will show you if hosts/devices are listening promiscuously (which makes for a good starting point).
----- Original Message ----- >From: "Gary E. Miller" <[EMAIL PROTECTED]> >To: "Patricio Bruna V." <[EMAIL PROTECTED]> >Subject: Re: [Full-Disclosure] Caching a sniffer >Date: Wed, 10 Mar 2004 18:51:07 -0800 > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Yo Patricio! > > On Wed, 10 Mar 2004, Patricio Bruna V. wrote: > > > How can i know if there a sniffer running in my network? > > If the hacker has had physical access to your network, even for just a > few minutes, then there are many ways he can install a sniffer you can > never find short of tearing everything apart. > > If you care about your data, you better encrypt end to end. > > RGDS > GARY > - --------------------------------------------------------------------------- > Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701 > [EMAIL PROTECTED] Tel:+1(541)382-8588 Fax: +1(541)382-8676 > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.3 (GNU/Linux) > > iD8DBQFAT9Qe8KZibdeR3qURAhDPAKCuNz7q8joqyij/T1AHy0DHBF00HgCfTl0i > W5eaIQIRi3Zx+B87I3nZKZ0= > =p/BH > -----END PGP SIGNATURE----- > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > -- Ian Latter Internet and Networking Security Officer Macquarie University _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
