... to interrupt the TP link beat and have the hub or switch turn this port off since it's "not in use". :)
No, in modern times you need all the wires but have to keep the software from answering / producing traffic. And receiving all the data and processing it will make the machine react in some some different way compared to how it does "without reading all the net". So you can recognize workstations with sniffers running. Although dedicated hardware with no other job could be undiscovered long enough ...
antisniff (the only reasonably succesful sniffer detector I know of) can easily be fooled. The only sure way to detect sniffers is: a) physically inspect cabling to make sure there isn't some rogue laptop b) make sure all the systems attached to the network are secure some other things to consider: switches will help a lot, although a savvy attacker can potentially flood the switch to make it "leak" or break into it a reprogram it. IPSec is an increasingly realistic solution, client software abounds and is cheap, and there are network cards with crypto accelerators that don't cost much ($100 US), alas as far as I know Linux doesn't support any of them.
virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76 Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittig@gmx.net -- If you don't understand or are scared by any of the above ask your parents or an adult to help you.
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com