Hi,
I am trying to write a sniffer detection tool. I am using ethreals'
tethereal as my sniffer.
my idea is : to send ping packet to the host running sniffer and i
should get 2 replies to ICMP echo request(one because of sniffer and
one because of kernel). but when i tested my
detection program, i am getting only one ICMP reply, i think it is
coming from the kernel.
so doesn't tethereal, send an acknowledgement for ICMP echo request?
is there any way to set options for tethereal to enable replying to
ICMP? or is there any other sniffer which i can use the above
technique..?
I tried another thing :
i created a ethernet packet with wrong ethernet address and correct ip
address. the tethereal, even though it was not having the ethernet
address, still sniffed it and showed the contents of the echo-request.
but i was thinking if u read an IP packet, an ICMP reply will be sent
due to the protocol stack..may be i am wrong..is there any way to let
tethereal send replies to ICMP-echo request..
this is part of my course project..and nothing to do against
tethereal. i am near the deadline so any help is appreciated.
