Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Stealth Interface on Win32 Platforms

From: "Archer" <archer () ironcomet com>
Date: Tue, 4 Sep 2001 01:48:20 -0400
Can someone tell me how to do a "stealth interface" for Win32 platforms?

For example, how do you make sure the interface has no IP, do you assign it 0.0.0.0? If you set it to DHCP but don't 
allow it to get
an address, it will default to a 169.x.x.x address.

As far as the sniffer cable. I read the Snort FAQ and this was mentioned.  However, I don't quite understand it. could 
someone
perhaps clear it up a little?

LAN Sniffer
    1 -----\ /-- 1
    2 ---\ | \-- 2
    3 ---+-*------- 3
    4 - | - 4
    5 - | - 5
    6 ---*-------- 6
    7 - - 7
    8 - - 8

    Basically, 1 and 2 on the sniffer side are connected, 3 and 6
    straight through to the LAN. 1 and 2 on the LAN side connect to 3 and
    6 respectively. This fakes a link on both ends but only allows
    traffic from the LAN to the sniffer. It also causes the 'incoming'
    traffic to be sent back to the LAN, so this cable only works well on
    a hub. You can use it on a switch but you will get ...err...
    interesting results. Since the switch receives the packets back in on
    the port it sent them out, the MAC table gets confused and after a
    short while devices start to drop off the switch. Works like a charm
    on a hub though.


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: