Arve Kjoelen wrote: > > > >>What about sniffing inside a firewall. Is there any way yet of possibly d etecting a > sniffer? > > > > I participated in a study of this sometime back. Summary, not very likely. > <snip> > > Unless, of course, the network admin has access to all machines within the > firewall and (s)he can get the NIC to report that it is in promiscuous > mode. > And the intruder hasn't been slick enough to modify ifconfig not to report that the interface is in promiscuous mode. SteveN ...simpler living through complexity...