Bruno Wolff III
bruno at wolff.to
Fri Jun 11 20:01:53 UTC 2004
On Thu, Jun 10, 2004 at 10:37:20 +0200,
Chadley Wilson <chadley at pinteq.co.za> wrote:
> 1) Track an internal PC running a sniffer of some sort, obtain its ip
> and mac address, then stop it sniffing and maybe kick it off the
There are some tricks you can do to try to catch NICs running in
promiscuous mode. If normally people aren't doing things where they
would be used that way, then it may make sense to look for that.
This would also only apply in a hub environment. In a switched environment
you can't do entirely passive sniffing effectively. You first need to
compromise the switch or convice hosts that they should route their
traffic through the sniffing host.
More information about the fedora-list