Well, i would take a long and hard look at this document : http://robertgraham.com/pubs/sniffing-faq.html.
Several methods of sniffing detecting are describet there ..... Best Regards Henrik Johansen > Hello All, > > I was wondering the other day as to how one could go about detecting a > sniffer on the network. If it is a Shared Ethernet, I wouldn't even > try... but on a Switched Ethernet, I feel there still is a chance. > > Specifically, > > 1. What would be the best method to see if someone is carrying > out ARP-Spoofing? > > 2. Would it be possible to locate a machine that is flooding > the network with fake MAC replies? > > Also, what would be the other methods that a person *MIGHT* be used to > sniff in a switched environment? > > Most of the anti-sniffing tools (from L0pht etc.) are not very > reliable.. any other tools that you people are aware of? And lastly, > though I think it is practically impossible, would it be possible to > detect a sniffer on a Shared Ethernet (where it is usually passive). > > Also let me clarify, each user on this network controls his machine > completely as the root user, no user has access to every machine.. > > Regards > Dhar