On Thu, 2002-02-28 at 12:39, Tony Fondo wrote:
lsof is great also.
except (usually) if someone's running a sniffer they've compromised the
box already. in which case they've probably already trojaned all the
binaries that could be used to identify their sniffer (including
netstat, lsof, ps,
lsof is great also.
-Original Message-
From: Erik Tayler [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, February 27, 2002 2:30 PM
To: frederic de-villamic; [EMAIL PROTECTED]
Subject: Re: How to search for sniffers on my RedHat Machine?
Or check your syslog messages for devices
netstat -an
--
Registered User #207769
-BEGIN GEEK CODE BLOCK-
Version: 3.12
GCS/IT/CM d- s+:- a-- C++ ULC++$ P+ L++ E--- W++ N+ o-- K- w++@ O- M- V PS !PE Y+(--)
PGP++ t--- 5-- X+ R- tv- b++ DI D+ G e h! r+
y+
--END GEEK CODE BLOCK--
The Geek Code is Copyright(C) 1993, 1994,
Or check your syslog messages for devices leaving and entering promicuous
mode. I'm not for if all distributions of Linux log such data to syslog, I'd
imagine they do. I run SuSE Linux 7.2, and it does.
[EMAIL PROTECTED]
On Tuesday 26 February 2002 11:54 am, frederic de-villamic wrote:
On