RE: A Solution for sniffing

["Chris Berry" <compjma () hotmail com>]

> From: <David () cawdgw net>
> For a network card to "Sniff" it must be in promiscuous mode, reading
> all packets coming in and not dumping those not addressed to it.
> Google the web for tools that can find network interface cards in
> promiscuous mode. I can think of only two legit reasons to be in that
> mode: some firewall/IDS's need
> that mode to pull in all packets, and someone sniffing the network with
> permission. Therefore, after you look and find a netcard in promiscuous
> mode, you can check the system files for WHY it is in that mode.
>
> As far as hardware sniffers, Someone else will have to say it with
> authority. I think the technique that finds software driven promiscuous
> netcards works on hardware sniffers, but I may be wrong.

Ok, I'm a bit confused.  As I understand ethernet, all the signals go out on 
the wire as changing voltage levels, every card listens to the signals and 
internally decides whether or not to drop the frames based on whether or not 
they are destined for its MAC address.  With a passive listening setup like 
this, how could you possibly detect a promiscuous interface?

Chris Berry
compjma () hotmail com
Systems Administrator
JM Associates

"Live dangerously, overclock your servers."

_________________________________________________________________
Add photos to your messages with MSN 8. Get 2 months FREE*. 
http://join.msn.com/?page=features/featuredemail