RE: Caching a sniffer

[Fernando Gont <fernando () gont com ar>]

At 10:20 23/03/2004 -0800, Shawn Jackson wrote:

> To my knowledge, though not very extensive, I know of no command/system
> in switches to detect a NIC/Adapter in promiscuous mode and disable the
> port.

That would not be possible. Promiscuous-mode is about not performing 
hardware filtering at the data link layer, so that your host actually gets 
all the frames sent on that segment of the network.

So, other than runnning something like ifconfig on the host that is in 
promiscuos mode, or running an heuristic check remotely, you cannot detect 
a host is in promiscuous mode.


--
Fernando Gont
e-mail: fernando () gont com ar || fgont () acm org



---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------