Hello All,
I was wondering the other day as to how one could go about detecting a
sniffer on the network. If it is a Shared Ethernet, I wouldn't even
try... but on a Switched Ethernet, I feel there still is a chance.
Specifically,
1. What would be the best method to see if someone is carrying
out ARP-Spoofing?
2. Would it be possible to locate a machine that is flooding
the network with fake MAC replies?
Also, what would be the other methods that a person *MIGHT* be used to
sniff in a switched environment?
Most of the anti-sniffing tools (from L0pht etc.) are not very
reliable.. any other tools that you people are aware of? And lastly,
though I think it is practically impossible, would it be possible to
detect a sniffer on a Shared Ethernet (where it is usually passive).
Also let me clarify, each user on this network controls his machine
completely as the root user, no user has access to every machine..
Regards
Dhar
