spoofers and sniffers

[Alvin Oga]

hi ya

i was playing with sniffers .. for fun, and trying to
see if i can find which machine is sniffing

i was running tcpdump, ethereal, pfilt, etc ..

none of the sniffer detector apps was able to find those "sniffers"
	- i didn't run any windoze based antisniffer

	- most of the antisniffers are just (dumb) promiscuous mode
	detectors, which failed to find tcpdump, et.al running
	on the local (same) machine or another host on the subnet

	- to find permiscuous mode
		ifconfig -a eth0 | grep -i promisc

	- sniffdet didn't compile on several distros on my boxes

	- tested with slackware-9.1, slackware-10, redhat-9, rh-el3ws
	and sarge

-- i was able to see clear text info (emails) in human readable form
   between test-pc1 to test-pc2 from the sniffing box ( test-pc3 )
	vs the messy (not for people) hex dump of tcpdump

	- also ran the sniffers over the wireless connections too
	and no problem ... WEP is NOT even an issue as data was 
	still visible/readable

	- while ssh data was shown as jibberish as expected

-- so how does one know that there is a sniffer in your subnet
   or upstream at the isp, colo, wireless connectivity

c ya
alvin