RE: Network Card Promiscuous Mode

From: Nate McConnell (nate_at_mcconnellsonline.com)
Date: 05/08/04

  • Next message: Endre Szekely-Bencedi: "Computer Associates eTrust"
    To: "'Chris Halverson'" <chris.halverson@encana.com>, <security-basics@securityfocus.com>
    Date: Sat, 8 May 2004 10:31:37 -0600
    
    

    Yes there is a good way to do this. First use Ethereal to sniff the traffic.
    Second to make windows run the card in promiscuous mode use winpcap. You can
    get that from http://winpcap.polito.it/. If it is switched traffic you need
    to perform arp spoofing to both machines or however many machines there are
    so that all the traffic is coming to the machine so it can be sniffed. To do
    that use Cain. You can get it from here http://www.oxid.it/cain.html. Then
    set the laptop as the network gateway and it will grab all outbound traffic.

    Nate McConnell

    -----Original Message-----
    From: Chris Halverson [mailto:chris.halverson@encana.com]
    Sent: Friday, May 07, 2004 1:19 PM
    To: security-basics@securityfocus.com
    Subject: Network Card Promiscuous Mode

    I have a technician in Barbados that is trying to troubleshoot some network
    tunnel problems and I wanted him to sniff the wire for what type of traffic
    is coming over the link. He is using a laptop with Win XP and I wanted to
    know how to switch the network card into promiscuous mode to accept all the
    traffic comming over the link. Is there a way to do this with a native
    windows interface or does it have to be done with third party tools? Can
    you use the NETSH utility or again is it somewhere else?

    ---------------------------------------------------------------------------
    Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
    any course! All of our class sizes are guaranteed to be 10 students or less
    to facilitate one-on-one interaction with one of our expert instructors.
    Attend a course taught by an expert instructor with years of in-the-field
    pen testing experience in our state of the art hacking lab. Master the
    skills
    of an Ethical Hacker to better assess the security of your organization.
    Visit us at:
    http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    ----------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
    any course! All of our class sizes are guaranteed to be 10 students or less
    to facilitate one-on-one interaction with one of our expert instructors.
    Attend a course taught by an expert instructor with years of in-the-field
    pen testing experience in our state of the art hacking lab. Master the skills
    of an Ethical Hacker to better assess the security of your organization.
    Visit us at:
    http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    ----------------------------------------------------------------------------


  • Next message: Endre Szekely-Bencedi: "Computer Associates eTrust"

    Relevant Pages

    • Re[2]: Detection tool?
      ... BM> you can look for cards in promiscuous mode (tools as NFR NIDS, ... CPU-intensive task (aka brute-forcing a hash) or is mis-configured. ... to facilitate one-on-one interaction with one of our expert instructors. ... Attend a course taught by an expert instructor with years of in-the-field ...
      (Security-Basics)
    • Re: Caching a sniffer
      ... >you can disable all it's port to allow promiscuous mode ... >across the network. ... All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. ... Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. ...
      (Security-Basics)
    • RE: Caching a sniffer
      ... >in switches to detect a NIC/Adapter in promiscuous mode and disable the ... hardware filtering at the data link layer, so that your host actually gets ... All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. ... Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. ...
      (Security-Basics)
    • Re: Promiscuous Mode
      ... promiscuous mode is a configuration of a network card ... Each packet includes the hardware address. ... a network card receives a packet, it checks if the address is its own. ...
      (Pen-Test)
    • Re: Is promiscuous mode bad?
      ... Promiscuous mode means the network card sends all traffic received to the ... packet sniffers to sniff network traffic without needing root privs on ...
      (freebsd-questions)