> >Of course you can detect a sniffer, but are you willing to pay the cost > >of doing so? > > You can't "detect a sniffer" from looking at the net; the only way you can > try is to identify specific software indications of one being run on your > machine. If it's run on a different machine, on one you can't check (perhaps > on a palmtop someone has plugged into the net), then you can't detect it at > all. Even if it's being run on your server, you can detect it if the author > of the sniffer didn't know about, and defeat, the particular detection > mechanism you use. During my work in 'secure' installations, we used fiber media to prevent the 'sniffing' of packets using inductive pickup. This kind of 'sniffer' can't be detected easily - 'cept by seeing it (antennas and wires running next to your cable, where they don't belong, is a give-away) We also used OTDRs to look for splices in the fiber. \mgo