Quoting Sumit Dhar ([EMAIL PROTECTED]): > 1. What would be the best method to see if someone is carrying > out ARP-Spoofing? > > 2. Would it be possible to locate a machine that is flooding > the network with fake MAC replies?
arpwatch > Also, what would be the other methods that a person *MIGHT* be used to > sniff in a switched environment? Exploit specific bugs in specific switches, own the swich and turn on mirroring/spanning on the link he/she is on. > though I think it is practically impossible, would it be possible to > detect a sniffer on a Shared Ethernet (where it is usually passive). Load/Response check. Determine the time in ys needed for a machine to answer queries, flood the network and compare the answer time of said machine. -- Jonas M Luster -- d-fensive networks, Inc. -- http://www.d-fensive.com