Sniffer detectors for Linux?
Derek D. Martin
ddm+gnhlug at pizzashack.org
Thu Sep 19 15:18:35 EDT 2002
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
At some point hitherto, Ken Ambrose hath spake thusly:
> On Thu, 19 Sep 2002, Michael O'Donnell wrote:
>
> > The article mentioned below indicates (to me, anyway) that
> > it might be harder than you think to detect all sniffers:
> >
> > http://www.linuxjournal.com/article.php?sid=6222
>
> Hmmm. Valid point. I know a fair bit about low-level ethernet stuff,
> so: wouldn't it be possible to set up a MAC:IP table of some sort?
To what end? Suppose the sniffer doesn't configure an IP address?
> Of course, if you were on a switched network, most of this is moot anyway,
> since you can be in promiscuous mode all day, and you'll only see
> broadcasts and your own traffic.
...unless you spoof, say, your gateway router. Or some other
networking device. It's a common misconception that switched networks
can't be sniffed.
http://monkey.org/~dugsong/dsniff/
Have fun!
- --
Derek Martin ddm at pizzashack.org
- ---------------------------------------------
I prefer mail encrypted with PGP/GPG!
GnuPG Key ID: 0x81CFE75D
Retrieve my public key at http://pgp.mit.edu
Learn more about it at http://www.gnupg.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE9iiMKdjdlQoHP510RAg8fAJ4gZd6v8pYUPO/gIG4z6Erl5rZkVACeM9PL
77E73q/iPTRoS+EkaCkF5Gw=
=v9VN
-----END PGP SIGNATURE-----
More information about the gnhlug-discuss
mailing list