Sniffer detectors for Linux?

Derek D. Martin ddm+gnhlug at pizzashack.org
Thu Sep 19 15:18:35 EDT 2002


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

At some point hitherto, Ken Ambrose hath spake thusly:
> On Thu, 19 Sep 2002, Michael O'Donnell wrote:
> 
> > The article mentioned below indicates (to me, anyway) that
> > it might be harder than you think to detect all sniffers:
> >
> >    http://www.linuxjournal.com/article.php?sid=6222
> 
> Hmmm.  Valid point.  I know a fair bit about low-level ethernet stuff,
> so: wouldn't it be possible to set up a MAC:IP table of some sort?  

To what end?  Suppose the sniffer doesn't configure an IP address?

> Of course, if you were on a switched network, most of this is moot anyway,
> since you can be in promiscuous mode all day, and you'll only see
> broadcasts and your own traffic.

...unless you spoof, say, your gateway router.  Or some other
networking device.  It's a common misconception that switched networks
can't be sniffed.

  http://monkey.org/~dugsong/dsniff/

Have fun!

- -- 
Derek Martin               ddm at pizzashack.org    
- ---------------------------------------------
I prefer mail encrypted with PGP/GPG!
GnuPG Key ID: 0x81CFE75D
Retrieve my public key at http://pgp.mit.edu
Learn more about it at http://www.gnupg.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE9iiMKdjdlQoHP510RAg8fAJ4gZd6v8pYUPO/gIG4z6Erl5rZkVACeM9PL
77E73q/iPTRoS+EkaCkF5Gw=
=v9VN
-----END PGP SIGNATURE-----



More information about the gnhlug-discuss mailing list