On Saturday 17 January 2004 11:18 am, Scott McGrath wrote:
It is also possible to sniff a network using only the RX pair so most of the tools to detect cards in P mode will fail. The new Cisco 6548's have TDR functionality so you could detect unauthorized connections by their physical characteristics.
But there are also tools like ettercap which exploit weaknesses within switched networks. See http://ettercap.sourceforge.net/ for more details (and gain some add'l grey hairs in the process).
The question here is what are you trying to defend against?.
Maybe this is just a stupid comment, but if the original poster is that concerned with their LAN being sniffed, then maybe they should consider using IPSec on their LAN. -- Donovan Hill Electronics Engineering Technologist, CCNA www.lazyeyez.net, www.gwsn.com