16 Jan
2004
16 Jan
'04
9:29 p.m.
On Fri, 2004-01-16 at 18:00, Gerald wrote:
I should probably mention that I've already started looking at antisniff. I was hoping to find something that was currently maintained and still free while I investigate antisniff's capabilities.
Antisniff is still the best software based tool for the job. It has far more extensive testing that anything else I've looked at. Of course the one blind spot with antisniff is that it can only detect sniffers that have an IP address assigned to them. To detect these you have to look at your switch statistics. Dead giveaway is a host receiving traffic, but never transmitting. There is a false positive for this condition however which is a hub plugged in the switch with no hosts attached. HTH, C