On 26 May 99, at 14:00, Carric Dooley wrote:
> Typically when you get neped, it's neped.c (i.o.w, you get the source
> code). I don't see any reason why it couldn't be ported to NT.
>From http://www.securiteam.com/tools/Neped_-
_Detect_sniffers_on_your_local_network.html:
> Neped a tool written by the Apostols group (http://www.apostols.org/)
> detects network cards on the network who are in promiscuous mode (a
> network card must be in promiscuous mode to listen for network traffic
> directed at other hosts on the network). It does this by exploiting a flaw
> in the ARP protocol as implemented on Linux machines. While Neped cannot
> guarantee to discover the sniffer (a sniffer can made undetectable if its
> runned on a non-Linux machine, being runned on a patched kernel (of Linux)
> that does not have this flaw or a Linux machine that has the ARP feature
> disabled), it is useful addition to any security toolbox.
Although you may be able to compile the code to run on NT (most sniffer
ports to NT seem to require a packet driver to be installed, and don't use
the default NDIS driver, so such a port may not run without additional
support code...), it appears that the mechanism used will only find
sniffers running under Linux. Sniffers on an NT network may be more
likely to be running under NT.
David G
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
