On Thu, 19 Sep 2002, Michael O'Donnell wrote: > The article mentioned below indicates (to me, anyway) that > it might be harder than you think to detect all sniffers: > > http://www.linuxjournal.com/article.php?sid=6222
Hmmm. Valid point. I know a fair bit about low-level ethernet stuff, so: wouldn't it be possible to set up a MAC:IP table of some sort? I would think that this is impossible, except that switches are capable of doing MAC address determination _somehow_, but I don't know what mechanism is used. Is it simply an ARP request ("who has 1.2.3.4"), which would fail, or is it something else? I imagine something else, as ARP seems tied to IP, and switches are protocol agnostic, unless I'm very mistaken. If you _were_ able to make a MAC-to-IP table, then anyone who wasn't assigned an IP would come under suspicion. Of course, if you were on a switched network, most of this is moot anyway, since you can be in promiscuous mode all day, and you'll only see broadcasts and your own traffic. $.02, -Ken _______________________________________________ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss