Date: Fri, 19 Jan 96 9:45:41 MET From: marino.ladavac@aut.alcatel.at To: davem+@andrew.cmu.edu (David J Meltzer) Cc: questions@freebsd.org Subject: Re: ethernet packet sniffer. Message-ID: <9601190845.AA03214@atuhc16.atusks01.aut.alcatel.at> In-Reply-To: <skzh2J200YUx4rfdQY@andrew.cmu.edu>; from "David J Meltzer" at Jan 18, 96 5:58 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> Excerpts from internet.computing.freebsd-questions: 18-Jan-96 Re: > ethernet packet sniffer. by marino.ladavac@aut.alcat > > > Mike, I'm not saying it would be practical, but if her networking > > > department happens to have a Time Domain Reflectometer, which is common > > > communications equipment for high speed cables (many cable companies have > > > one) then every tap can be detected. A TDR would spot everything, even > > > unused BNC taps. > > > > So would a Frequency Domain Reflectometer. > > > Is this for a connection made/not made, or can it actually determine if > a ethernet card on the network is being run in promiscuous mode or not, which > I think was the original question (and if so, could someone explain how)? Oh, no, there were a couple of posts in the meantime. All any kind of reflectometer could detect is whether an "unofficial" tap has been attached to the cable (we're talking about coax here; twisted pair has no such problems.) Nothing that I know of cannot detect whether someone has taken over a machine and changed its card to promiscuous mode, if the perp had good enough software. But then, a physically taken machine is much easier to visually inspect than some secret tap in a cabling duct. /Alby > /-------------\ > |David Meltzer| > |davem@cmu.edu| > /--------------------------\ > |School of Computer Science| > |Carnegie Mellon University| > \--------------------------/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9601190845.AA03214>