What if you tracked changes in your routers arp cache to identinfy new
devices added to your network and actively checked each one with cpm or
promisc ?
<><Randall Grimshaw, Network Programmer, Syracuse University, 315-443-5779
On Fri, 30 Jan 1998, Doug Wellington wrote:
> Previously:
> >> 'ifstatus' can be used to monitor NIC card(s) on a machine for
> >> promiscuous (sp?) mode. A quick search on the web should find the
> >> source.
> >This will tell you if the interface of a system you are on is running in
> >promiscous mode. It will NOT tell you if other machines, including ones
> >you may not be aware of, are running in promiscous mode.
>
> Yes, there is virtually NO way to determine if there is "a" machine on
> your net sniffing packets. Using ifstatus will tell you if one of "your"
> computers is being used for sniffing, but you won't be able to tell
> if someone has plugged in their own computer to sniff. This is a nice
> argument for putting in switched ethernet. A switch will greatly reduce
> the amount of information that can be sniffed. (Of course, if YOU are
> the one that wants to sniff, it will limit the information that you'll
> get as well...)
>
> -Doug
>
> Doug Wellington
> ddw @
nsma .
arizona .
edu
> Network and System Administrator
> ARL, Division of Neural Systems, Memory and Aging
> The University of Arizona, Tucson, AZ
> (520) 626-6023
> (520) 291-0481 pager
> (520) 626-2618 fax
>
> I DON'T buy anything from spammers, and I KEEP TRACK OF WHO SPAMS ME.
>
> I put up with ads on the TV because they pay for programming. When
> spammers pay for the Internet, then I'll start putting up with spam.
>
Follow-Ups:
|
|
