Re: [Full-disclosure] Promiscious Device Detection
- From: Q Beukes <full-disclosure@xxxxxxxxxxx>
- Date: Thu, 09 Mar 2006 15:10:44 +0200
i know how it would be done.
just thought if i could find the code/tool it could save me alot of time.
Simon Richter wrote:
Hi,
Q Beukes wrote:
I am looking for linux utility that checks if a specified machine's
network device is in promiscious mode or not.
Technically, promiscuous mode only affects packet reception, so it is
pretty difficult to detect; however most packet sniffers will not hide
the packets that would have been filtered normally from the kernel, so
the kernel should react to e.g. a ping or SYN packet that has the
correct destination IP address for that host, but would normally be
filtered by the MAC (e.g. with a different destination MAC address).
I don't have a readymade utility for that (I'd code it if need arises,
but the days of Cheapernet are gone), but you can test from the shell
by creating a static ARP entry using the arp(8) tool and then pinging
the IP.
Simon
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- References:
- [Full-disclosure] Promiscious Device Detection
- From: Q Beukes
- Re: [Full-disclosure] Promiscious Device Detection
- From: Simon Richter
- [Full-disclosure] Promiscious Device Detection
- Prev by Date: Re: [Full-disclosure] Promiscious Device Detection
- Next by Date: [Full-disclosure] Re: %5BFull-disclosure%5D%2018%20ways%20to%20escalate%20privileges%20in%20Zone%20Labs%0A%09ZoneAlarm%20Security%20Suite%20build%206.1.744.000&In-Reply-To=
- Previous by thread: Re: [Full-disclosure] Promiscious Device Detection
- Next by thread: Re: [Full-disclosure] Promiscious Device Detection
- Index(es):
Relevant Pages
|
|
