[66604] in North American Network Operators' Group
Re: sniffer/promisc detector
daemon@ATHENA.MIT.EDU (Damian Gerow)
Fri Jan 16 18:52:45 2004
Date: Fri, 16 Jan 2004 18:52:07 -0500
From: Damian Gerow <damian@sentex.net>
To: nanog@merit.edu
Mail-Followup-To: nanog@merit.edu
In-Reply-To: <20040116173345.W98865@kod.inch.com>
Errors-To: owner-nanog-outgoing@merit.edu
Thus spake Gerald (gcoon@inch.com) [16/01/04 18:32]:
> Subject says it all. Someone asked the other day here for sniffers. Any
> progress or suggestions for programs that detect cards in promisc mode or
> sniffing traffic?
There's an art to detecting promiscuous devices.[1] A good starting point
is Google, and the phrase 'promiscuous detect'. IIRC, L0pht once produced
something that claimed to detect all promiscuous devices on a network, I
never got it to work properly.
- Damian
[1] general consensus is that most well-written OSes are near impossible to
detect, some older ones have various methods of detection, usually involving
either broadcast traffic or timing.