Security Basics mailing list archives
RE: A Solution for sniffing
From: "Chris Berry" <compjma () hotmail com>
Date: Thu, 19 Dec 2002 15:36:08 -0800
From: <David () cawdgw net> For a network card to "Sniff" it must be in promiscuous mode, reading all packets coming in and not dumping those not addressed to it. Google the web for tools that can find network interface cards in promiscuous mode. I can think of only two legit reasons to be in that mode: some firewall/IDS's need that mode to pull in all packets, and someone sniffing the network with permission. Therefore, after you look and find a netcard in promiscuous mode, you can check the system files for WHY it is in that mode. As far as hardware sniffers, Someone else will have to say it with authority. I think the technique that finds software driven promiscuous netcards works on hardware sniffers, but I may be wrong.
Ok, I'm a bit confused. As I understand ethernet, all the signals go out on the wire as changing voltage levels, every card listens to the signals and internally decides whether or not to drop the frames based on whether or not they are destined for its MAC address. With a passive listening setup like this, how could you possibly detect a promiscuous interface?
Chris Berry compjma () hotmail com Systems Administrator JM Associates "Live dangerously, overclock your servers." _________________________________________________________________Add photos to your messages with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail
Current thread:
- RE: A Solution for sniffing, (continued)
- RE: A Solution for sniffing David (Dec 19)
- RE: A Solution for sniffing Jason Kohles (Dec 20)
- RE: A Solution for sniffing David (Dec 19)
- Re: A Solution for sniffing brien mac (Dec 18)
- RE: A Solution for sniffing herakel (Dec 18)
- RE: A Solution for sniffing Bruce.Orcutt (Dec 19)
- Re: A Solution for sniffing Shanon (Dec 20)
- RE: A Solution for sniffing wbjw (Dec 19)
- RE: A Solution for sniffing Jose Avila III (Dec 20)
- RE: A Solution for sniffing Jason Kohles (Dec 20)
- RE: A Solution for sniffing Jose Avila III (Dec 20)
- RE: A Solution for sniffing Anthony, Shayla (Dec 20)
- RE: A Solution for sniffing Chris Berry (Dec 20)
- RE: A Solution for sniffing Konrad Rzeszutek (Dec 20)
- RE: A Solution for sniffing Janssen, Steph (Dec 20)
- Re: A Solution for sniffing David (Dec 23)
- RE: A Solution for sniffing Chris Berry (Dec 20)
- RE: A Solution for sniffing Hay, Brennan (Contractor) (Dec 23)
- Re: A Solution for sniffing David Verty (Dec 23)