This is very much OS dependent solution. One can just disable transmission at sniffing end (say by modifying driver) and you will never come to know about sniffer existence. I think this topic was discussed before also without any concrete solution.
Yusuf > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:full-disclosure- > [EMAIL PROTECTED] On Behalf Of Ian Latter > Sent: Thursday, March 11, 2004 10:57 AM > To: Gary E. Miller > Cc: Full Disclosure > Subject: Re: [Full-Disclosure] Caching a sniffer > > > > While there's no way to be sure-sure ... you can get into your > local LAN segment and send ICMP(/whatever) requests to the > correct L3 address with the wrong L2 address and see if you > get a response; this will show you if hosts/devices are listening > promiscuously (which makes for a good starting point). > > > > > ----- Original Message ----- > >From: "Gary E. Miller" <[EMAIL PROTECTED]> > >To: "Patricio Bruna V." <[EMAIL PROTECTED]> > >Subject: Re: [Full-Disclosure] Caching a sniffer > >Date: Wed, 10 Mar 2004 18:51:07 -0800 > > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > Yo Patricio! > > > > On Wed, 10 Mar 2004, Patricio Bruna V. wrote: > > > > > How can i know if there a sniffer running in my network? > > > > If the hacker has had physical access to your network, even for just a > > few minutes, then there are many ways he can install a sniffer you can > > never find short of tearing everything apart. > > > > If you care about your data, you better encrypt end to end. > > > > RGDS > > GARY > > - ---------------------------------------------------------------------- > ----- > > Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701 > > [EMAIL PROTECTED] Tel:+1(541)382-8588 Fax: +1(541)382-8676 > > > > -----BEGIN PGP SIGNATURE----- > > Version: GnuPG v1.2.3 (GNU/Linux) > > > > iD8DBQFAT9Qe8KZibdeR3qURAhDPAKCuNz7q8joqyij/T1AHy0DHBF00HgCfTl0i > > W5eaIQIRi3Zx+B87I3nZKZ0= > > =p/BH > > -----END PGP SIGNATURE----- > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.netsys.com/full-disclosure-charter.html > > > > -- > Ian Latter > Internet and Networking Security Officer > Macquarie University > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
