OK networking experts i will need all your ideas and i will
welcome any advise that could help me cope with the
situation.
And Here is the situation: I detected two stations which
have their lan-interfaces in promiscuous mode!!!
The first suspect answers icmp packets(echo requests) with mac addresses
beginning with 'FF...' as far as the ip is a match.
The second suspect answers all requests with whatever mac address the
packet has.
But i am not sure whether the stations are really running some sniffing-programs.
How can i be 100% sure that these stations are sniffing the network ?
because I've been told that sometimes even if the station is not running any sniffer
it could reply to a frame with false mac.
Some people told me that this could be a result from the code in the operating system, ?
the virtual mac filter or could have something to do with the vendor specific piece of hardware?
any ideas
thanks
welcome any advise that could help me cope with the
situation.
And Here is the situation: I detected two stations which
have their lan-interfaces in promiscuous mode!!!
The first suspect answers icmp packets(echo requests) with mac addresses
beginning with 'FF...' as far as the ip is a match.
The second suspect answers all requests with whatever mac address the
packet has.
But i am not sure whether the stations are really running some sniffing-programs.
How can i be 100% sure that these stations are sniffing the network ?
because I've been told that sometimes even if the station is not running any sniffer
it could reply to a frame with false mac.
Some people told me that this could be a result from the code in the operating system, ?
the virtual mac filter or could have something to do with the vendor specific piece of hardware?
any ideas
thanks
