Ettercap 0.6.2, Arpwatch 2.1a4 & Snort 1.8-RELEASE all running on Linux Redhat 7.2 sounds like what you need. Got to http://packetstormsecurity.org
Let me know how it goes. Cheers Taiye. In a message dated Thu, 21 Feb 2002 21:30:35 Greenwich Mean Time, Sumit Dhar <[EMAIL PROTECTED]> writes: > > Hello All, > > I was wondering the other day as to how one could go about detecting a > sniffer on the network. If it is a Shared Ethernet, I wouldn't even > try... but on a Switched Ethernet, I feel there still is a chance. > > Specifically, > > 1. What would be the best method to see if someone is carrying > out ARP-Spoofing? > > 2. Would it be possible to locate a machine that is flooding > the network with fake MAC replies? > > Also, what would be the other methods that a person *MIGHT* be used to > sniff in a switched environment? > > Most of the anti-sniffing tools (from L0pht etc.) are not very > reliable.. any other tools that you people are aware of? And lastly, > though I think it is practically impossible, would it be possible to > detect a sniffer on a Shared Ethernet (where it is usually passive). > > Also let me clarify, each user on this network controls his machine > completely as the root user, no user has access to every machine.. > > Regards > Dhar
