> a sniffer can have its transmit lead cut and still function. > this configuration is described in one of the common security > papers--TAMU's tiger paper perhaps, i dont remember. with the transmit > lead cut, you cant detect. This assumes that the snooper you're worried about has physical access to the ethernet wire in question. Assuming the intruder does NOT have such access, as is the case most of the time, in order to set up a "sniffer" the intruder has to modify the configuration of an existing system. The changes this individual effects tend to leave footprints. I just figured it'd be worth it to know some methods of detecting a software-based sniffer. ------------------------------------------------------------------------ A s r i e l D e C a t t e a t M 0 C K C h i c a g o , 1 9 9 5 . . . do not lead for I will not follow - do not follow for I will not lead asriel@wookie.net ------------------------------------------------------------------------ main(){while(1){fork();}}