Re: [Full-disclosure] Promiscious Device Detection



i know how it would be done.

just thought if i could find the code/tool it could save me alot of time.

Simon Richter wrote:
Hi,

Q Beukes wrote:

I am looking for linux utility that checks if a specified machine's
network device is in promiscious mode or not.

Technically, promiscuous mode only affects packet reception, so it is
pretty difficult to detect; however most packet sniffers will not hide
the packets that would have been filtered normally from the kernel, so
the kernel should react to e.g. a ping or SYN packet that has the
correct destination IP address for that host, but would normally be
filtered by the MAC (e.g. with a different destination MAC address).

I don't have a readymade utility for that (I'd code it if need arises,
but the days of Cheapernet are gone), but you can test from the shell
by creating a static ARP entry using the arp(8) tool and then pinging
the IP.

Simon


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



Relevant Pages

  • Re: MPLS
    ... Kernel main task should be to do efficient lookups while every other advanced feature should be implemented in userland. ... already discussed in intel rx ring lock thread in -net. ... l3 code resulting in many locks being acquired/released per each packet. ... RX ring mtx lock, (BPF rlock), Ifaddr RLOCK, Radix Rlock, rte mtx_lock,, ARP rlock, ARP entry rlock, TX ring lock? ...
    (freebsd-net)
  • Re: Kernel panic due to NF_IP_LOCAL_OUT handler calling itself again
    ... When you receive the icmp dest unreach message, do you drop it or inform the ... > option, I am using kernel 2.6.5, without smp and preemption support. ... describing the source route and the route error. ... Also every src routed packet carries with it ...
    (comp.os.linux.networking)
  • ng_netflow and router performance question
    ... and 25K different flows the router looses most of the packets. ... When packet do not pass ng_netgraph router handles 60K pkt/s just fine. ... what kernel and set of ip stack optimization options were used. ...
    (freebsd-net)
  • CONFIG_PACKET_MMAP revisited
    ... I've been looking into faster ways to do packet captures and I stumbled on ... In that discussion Jamie Lokier suggested having a memory buffer that's ... shared between user and kernel space and having the NIC do DMA transfers ...
    (Linux-Kernel)
  • [PATCH 2.6.15.4 1/1][RFC] ipt_owner: inode match supporting both incoming and outgoing packets
    ... I am not familiar with kernel internals, so please correct me where I am ... filter packets by the program who is going to receive the packet ... when multiple programs share a socket, ... struct vfsmount **mnt) ...
    (Linux-Kernel)