In message <199602261352.HAA09836@shiva.ee.siue.edu>, Arve Kjoelen writes: > > >>What about sniffing inside a firewall. Is there any way yet of possibly >*detecting a > sniffer? > > > > I participated in a study of this sometime back. Summary, not very likely. > <snip> > > Unless, of course, the network admin has access to all machines within the > firewall and (s)he can get the NIC to report that it is in promiscuous > mode. > > -Arve. > > akjoele@ee.siue.edu This may have been suggested before, but what about tricking the machine into answering a packet it would receive only if in promiscuous mode ? For instance, send it a packet with its own IP address as destination, but with the wrong MAC address ? AFAIR, most implementations don't bother to check for inconsistencies. Am I missing something ? Michel Lavondes (lavondes@tidtest.total.fr) #include <disclaimer.h> ** CDA warning : don't read this if you're under 18 ** Don't whistle while you piss Hagbard Celine