[Full-Disclosure] Caching a sniffer

[eflorio at edmaster.it]

Try this.....

http://www.securityfriday.com/ToolDownload/PromiScan/promiscan_doc.html

It tries to detect promisc. mode interface on your LAN
using special ARP packets.

Anyway you must detect if attacker is using :
- promiscuous mode simple packet sniffer
- arp poisoning \"man-in-the-middle\" sniffing (look at ettercap....)

EF

>----- Original Message ----- 
>From: \"David Vincent\" <david.vincent at mightyoaks.com>
>To: <full-disclosure at lists.netsys.com>
>Sent: Thursday, March 11, 2004 6:51 AM
>Subject: RE: [Full-Disclosure] Caching a sniffer

>
> How can i know if there a sniffer running in my network?