Nmap Announce mailing list archives
Re: Promiscuous mode detection
From: Joel Eriksson <na98jen () student hig se>
Date: Thu, 4 Mar 1999 23:33:19 +0100 (MET)
On Thu, 4 Mar 1999, Bennett Todd wrote:
The code posted reports whether the machine is it run on has its interface in promisc mode; so does "ifconfig -a|grep PROMISC".
It should be noted that ifconfig is often patched by hackers, ioctl() could of course also be patched, by a kernel-module for example, but it is not as common. It is only for local interfaces of course. Neped, that I wrote about in my previous posting may be used to detect Linux-boxes with network interfaces in promiscuous mode, using ARP. But there are of course no universal way of detecting sniffers on the network.
-Bennett
/ Joel Eriksson
Current thread:
- Promiscuous mode detection Bruce Dennison (Mar 04)
- Re: Promiscuous mode detection Jeremy Johnson (Mar 04)
- Re: Promiscuous mode detection Andrew Brown (Mar 04)
- Re: Promiscuous mode detection Bennett Todd (Mar 04)
- Re: Promiscuous mode detection Adam Shostack (Mar 04)
- Re: Promiscuous mode detection Dug Song (Mar 04)
- Re: Promiscuous mode detection rich (Mar 04)
- Re: Promiscuous mode detection Eric Estabrooks (Mar 04)
- Re: Promiscuous mode detection Adam Shostack (Mar 04)
- Re: Promiscuous mode detection Jordan Ritter (Mar 04)
- Re: Promiscuous mode detection Joel Eriksson (Mar 04)
- Re: Promiscuous mode detection Jeremy Johnson (Mar 04)
- Re: Promiscuous mode detection Arley Carter (Mar 04)
- Re: Promiscuous mode detection Joel Eriksson (Mar 04)
- <Possible follow-ups>
- Re: Promiscuous mode detection Jon Marler (Mar 04)
- Re: Promiscuous mode detection Bruce Dennison (Mar 04)
- RE: Promiscuous mode detection Hickey, Matthew (Mar 05)