Re: [Full-disclosure] Promiscious Device Detection
- From: Simon Richter <Simon.Richter@xxxxxxxxxx>
- Date: Thu, 09 Mar 2006 13:15:22 +0100
Hi,
Q Beukes wrote:
I am looking for linux utility that checks if a specified machine's
network device is in promiscious mode or not.
Technically, promiscuous mode only affects packet reception, so it is pretty difficult to detect; however most packet sniffers will not hide the packets that would have been filtered normally from the kernel, so the kernel should react to e.g. a ping or SYN packet that has the correct destination IP address for that host, but would normally be filtered by the MAC (e.g. with a different destination MAC address).
I don't have a readymade utility for that (I'd code it if need arises, but the days of Cheapernet are gone), but you can test from the shell by creating a static ARP entry using the arp(8) tool and then pinging the IP.
Simon
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Follow-Ups:
- Re: [Full-disclosure] Promiscious Device Detection
- From: Q Beukes
- Re: [Full-disclosure] Promiscious Device Detection
- References:
- [Full-disclosure] Promiscious Device Detection
- From: Q Beukes
- [Full-disclosure] Promiscious Device Detection
- Prev by Date: [Full-disclosure] Promiscious Device Detection
- Next by Date: Re: [Full-disclosure] Promiscious Device Detection
- Previous by thread: [Full-disclosure] Promiscious Device Detection
- Next by thread: Re: [Full-disclosure] Promiscious Device Detection
- Index(es):
Relevant Pages
|
|
