Robert Graham's sniffer FAQ has some excellent information that I'm sure you will find useful, including some suggested tools and how they (sniffers) work. As you would be aware, there are many methods that can be used to 'stealthily sniff'.
Cheers, Brad > -----Original Message----- > From: Sumit Dhar [mailto:[EMAIL PROTECTED]] > Sent: Thursday, February 21, 2002 7:30 PM > To: [EMAIL PROTECTED] > Subject: Detecting Sniffers? > > > > Hello All, > > I was wondering the other day as to how one could go about detecting a > sniffer on the network. If it is a Shared Ethernet, I wouldn't even > try... but on a Switched Ethernet, I feel there still is a chance. > > Specifically, > > 1. What would be the best method to see if someone is carrying > out ARP-Spoofing? > > 2. Would it be possible to locate a machine that is flooding > the network with fake MAC replies? > > Also, what would be the other methods that a person *MIGHT* > be used to > sniff in a switched environment? > > Most of the anti-sniffing tools (from L0pht etc.) are not very > reliable.. any other tools that you people are aware of? And lastly, > though I think it is practically impossible, would it be possible to > detect a sniffer on a Shared Ethernet (where it is usually passive). > > Also let me clarify, each user on this network controls his machine > completely as the root user, no user has access to every machine.. > > Regards > Dhar >
