Re: Promiscuous Mode

From: Robin Sheat <robin@xxxxxxxxxxxxxxx>
Date: Mon, 24 Mar 2008 19:43:58 +1300

On Tue, 25 Mar 2008, Muhammad Farooq-i-Azam wrote:

In short, if the NIC is not in promiscuous mode, it will discard a
packet with an IP matching its own if the destination MAC in the packet
is not its own.

You've answered the inverse of my question :) to clarify my rather bulky
paragraph in the previous mail,
if:
* the NIC is in promiscuous mode, and
* you receive a packet /p/, and
* the MAC address in /p/ is _not_ yours, and
* the IP address in /p/ _is_ yours,
what do network stacks (not NICs) typically do? Do they respond to the packet
in any way, or do they understand that because the MAC is different it should
be ignored? I expect that is what they should do, but I'm curious if it is
actually the case.

--
Robin <robin@xxxxxxxxxxxxxxx> JabberID: <eythian@xxxxxxxxxxxxxxxxxxxxxx>

Hostes alienigeni me abduxerunt. Qui annus est?

PGP Key 0xA99CEB6D = 5957 6D23 8B16 EFAB FEF8 7175 14D3 6485 A99C EB6D

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

Follow-Ups:
- Re: Promiscuous Mode
  - From: Muhammad Farooq-i-Azam

References:
- Re: Promiscuous Mode
  - From: Robin Sheat
- Re: Promiscuous Mode
  - From: Muhammad Farooq-i-Azam

Prev by Date: Re: Promiscuous Mode
Next by Date: Wireless keyboard security?
Previous by thread: Re: Promiscuous Mode
Next by thread: Re: Promiscuous Mode
Index(es):
- Date
- Thread

Relevant Pages

Re: bandwidth and multiple NICs
... ng_fec looks at the destination mac addresses to work out which NIC ... for that decision -- but that means the packet has to be an IP packet. ... useful to you it would have to hash on TCP port numbers instead. ... of consecutive TCP connections and not enough parallel ones. ...
(comp.unix.bsd.freebsd.misc)
Re: [Full-disclosure] Promiscious Device Detection
... Technically, promiscuous mode only affects packet reception, so it is ... the packets that would have been filtered normally from the kernel, ... correct destination IP address for that host, ... filtered by the MAC (e.g. with a different destination MAC address). ...
(Full-Disclosure)
RE: Question on SOCK_RAW, implement a bpf->other host tee
... > another layer-2 adjacent host. ... it appears the packet does ... but the destination MAC is ... I can capture it on the correct output interface ...
(freebsd-net)
Re: [Full-disclosure] Promiscious Device Detection
... network device is in promiscious mode or not. ... Technically, promiscuous mode only affects packet reception, so it is pretty difficult to detect; however most packet sniffers will not hide the packets that would have been filtered normally from the kernel, so the kernel should react to e.g. a ping or SYN packet that has the correct destination IP address for that host, but would normally be filtered by the MAC (e.g. with a different destination MAC address). ...
(Full-Disclosure)
Re: one way or two way
... A packet generated on the local host was rejected because its source IP ... address is assigned to one network adapter and its destination IP address ... If a machine has two nics in two different subnets and a packet is destined ... a packet destined for a subnet that is not a subnet ...
(microsoft.public.isa)