On Thu, Jun 10, 2004 at 10:37:20 +0200, Chadley Wilson <chadley@xxxxxxxxxxxx> wrote: > > 1) Track an internal PC running a sniffer of some sort, obtain its ip > and mac address, then stop it sniffing and maybe kick it off the > network. There are some tricks you can do to try to catch NICs running in promiscuous mode. If normally people aren't doing things where they would be used that way, then it may make sense to look for that. This would also only apply in a hub environment. In a switched environment you can't do entirely passive sniffing effectively. You first need to compromise the switch or convice hosts that they should route their traffic through the sniffing host.
