Re: How can i find out if someone sniffs my IP-Packets

From: Barry Margolin (barmar_at_alum.mit.edu)
Date: 01/30/04 

Date: Thu, 29 Jan 2004 23:20:54 GMT

In article <401991A2.B5A7C35@yahoo.com>,
 Ewald Peters <ewald_peters@yahoo.com> wrote:

> *** post for FREE via your newsreader at post.newsfeed.com ***
>
> Raff schrieb:
> >
> > "Ewald Peters" <ewald_peters@yahoo.com> wrote in message
> > news:40171EB6.7C4AEA66@yahoo.com...
> > > Is it somehow possible to scan around in the LAN or
> > > probably outside in the internet and find out,
> > > if someone reads my IP-Packets other then the
> > > IP-address that i sent them to, or the routers, that
> > > should forward the packets?
> >
> > In LAN you can only find a network interface that is in a promiscious mode,
> > which is often used to sniff. If your question cencerns your ISP it's rather
> > impossible.
>
> Do you mean that an interface in promiscious mode can be found in the
> LAN
> from an other computer? If yes, how?
> Or do you just mean that every computer has to be checked manually?

There are some tools that purport to be able to find promiscuous-mode
machines on the local LAN, typically depending on unusual side effects.
I remember discussions about it in this group 4-5 years ago, so maybe
you can find them in Google.

For instance, they might send a packet whose destination IP is the local
broadcast address, but whose destination MAC address is not the Ethernet
broadcast address. If a machine responds to this, it must be in
promiscuous mode. 

-- 
Barry Margolin, barmar@alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***

Relevant Pages