Re: Promiscuous Mode

On Sat, Mar 22, 2008 at 05:04:57PM +1300, Robin Sheat wrote:
# On Thursday 20 March 2008 14:27:38 Morgan Reed wrote:
# > It won't make any difference on a switched network as you won't see
# > packets not destined for your MAC address anyway (Unless they're
# > broadcast packets)
# ...or you arp-flood the appropriate switch.
#
# I have a related question: if your network card is in promisc mode and
# assuming you can see the packets at all (because you're on a hub or
# something), and someone sends a packet with a MAC address that isn't yours,
# but that is addressed to your IP, what is the typical response of the network
# stack? Ignore it because the MAC is wrong, or accept it because the IP
# address is correct? Does this behaviour vary based on configuration or OS?

IF the NIC is in promiscuous mode, it is going to capture ALL the packets
anyway regardless of their destination MAC.

However, If the NIC is *not* in promiscuous mode, it will discard
the packet if the destination MAC does not match its own. Therefore, the
packet will not get a chance to be passed to the TCP/IP stack where IP
header is processed.

In short, if the NIC is not in promiscuous mode, it will discard a
packet with an IP matching its own if the destination MAC in the packet
is not its own.




#
# PS: Hi Morgan, fancy seeing you here :)
#
# --
# Robin <robin@xxxxxxxxxxxxxxx> JabberID: <eythian@xxxxxxxxxxxxxxxxxxxxxx>
#
# Hostes alienigeni me abduxerunt. Qui annus est?
#
# PGP Key 0xA99CEB6D = 5957 6D23 8B16 EFAB FEF8 7175 14D3 6485 A99C EB6D



--
Muhammad Farooq-i-Azam

lists@xxxxxxxxxxxx
http://www.chase.org.pk/


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

Relevant Pages

  • Re: Ip forwarding
    ... Packets that are meant to be forwarded by a router must be sent to its MAC address on the link. ... The gateway column optionnally contains the address of the next hop router if the destination is not directly reachable on the network attached to the output interface. ... In both cases the packet is sent on the link to the next hop MAC address. ...
    (comp.os.linux.networking)
  • RE: Network sniffing on the wire - managed switches
    ... Switches send packets to destination ports based on the ... destination MAC address of the packet, ... MAC address is either YOUR MAC address, ... Network sniffing on the wire - managed switches ...
    (Security-Basics)
  • RE: Transfer a sending packet to upper TCP/IP protocol layer in IM
    ... In such case he has no option, other than dealing with MAC addresses, and, ... The proper way to do this is to add your IPv4 header, ... IPv4 header will be larger than the MTU. ... After prepending IPv4 header and UDP header to the original IPv6 packet, ...
    (microsoft.public.development.device.drivers)
  • Re: how to connect firewall to router
    ... >> lan side and this port is the firewall port, ... > to their intended destination based on the IP packet's network. ... > As a packet travels through various relay points, ... It becomes a map of how the destination should respond. ...
    (comp.security.firewalls)
  • Re: Whats gonna happen if two clients in the same LAN have the same MAC address?
    ... Since packet flow in the local network is done using the ... MAC addresses the switches/routers will be choosing ...
    (microsoft.public.windows.server.security)