Firewalls: Re: Network ethernet sniffer

Firewalls
(July 1996)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Network ethernet sniffer
From:	"Urban A. Haas" <uhaas @ tsg-usa . com>
Organization:	Total Solutions Group
Date:	Mon, 01 Jul 1996 12:13:34 -0500
To:	Firewall Mailing List at Great Circle <firewalls @ GreatCircle . com>
References:	<Pine . LNX . 3 . 91 . 960627093008 . 3251B-100000 @ www . cep . yale . edu> <31D8069C . 1A52 @ tsg-usa . com>
Reply-to:	uhaas @ tsg-usa . com

Ben wrote:
>
> >    is it possible to detect if a machine and then which machine might be
> > sniffing the network if the machines are about 60 - 70 on that subnet.
> > It would be good to know if it is possible and then how if someone knows.

You can usually do this on Token-ring, but not Ethernet. It just isn't designed in there.

>
> You can use programs to detect if there are any ethernet adaptors in
> promiscuous mode.
>

This also isn't a good test, but it's a start. Some *IX machines go into promiscuous mode to
automatically build arp caches, do dpli (for IPX or NetBIOS) and other things.


-- 
Urban A. Haas                        |
Total Solutions Group                |
Open Systems & Network Consultant    |
(612) 831-8320 x133                  |
Internet: uhaas @
 tsg-usa .
 com          |
mailto:uhaas @
 tsg-usa .
 com -or-        |
mailto:uhaas @
 aol .
 com                 |

Indexed By Date	Previous:	Re: NCSA Certification From: dmurphy @ cwa . com (Dan Murphy x286)
Indexed By Date	Next:	Re: NT Backoffice "Catapult" firewall certified? From: peter @ baileynm . com (Peter da Silva)
Indexed By Thread	Previous:	General Questions From: "Russell L. Jones" <rjones @ access . digex . net>
Indexed By Thread	Next:	ftp PASV risks? From: ericj @ breakers . East . Sun . COM (Eric Johnson)