On Fri, 2004-06-11 at 15:56, Bruno Wolff III wrote: > On Thu, Jun 10, 2004 at 11:37:17 -0400, > "Scot L. Harris" <webid@xxxxxxxxxx> wrote: > > On Thu, 2004-06-10 at 04:37, Chadley Wilson wrote: > > > Hello friends, > > > > > > My network with approx 300 users is routed to the internet through a > > > proxy and firewall, we have a DNS server and PDC Server. > > > It is a winXplease network. > > > > > > With a linux PC connected - > > > What tools would you suggest I could use for the following: > > > > > > 1) Track an internal PC running a sniffer of some sort, obtain its ip > > > and mac address, then stop it sniffing and maybe kick it off the > > > network. > > > > > > > The bad news is this would be very difficult to detect. The good news > > is if you are using switches sniffing on your network becomes almost > > impossible. In a switched network you would need access to the switch > > Traffic on switches can be sniffed using a couple of varients of arp > spoofing. However if something is monitoring the traffic, this should > be detectable. Try http://www.snort.org/docs/tap/ for a truly passive sniffer on a switch. -- jludwig <wralphie@xxxxxxxxxxx>
