Security Basics mailing list archives
RE: Network Card Promiscuous Mode
From: James.Fields () bcbsfl com
Date: Mon, 10 May 2004 14:35:05 -0400
Wow...I am having trouble believing what I am seeing here - advising someone to do arp spoofing? Chris - unless you or the other guy owns the target network or has ultimate authority to make such decisions, do NOT advise your counterpart to run arp spoofing as a method of defeating switch behavior. Depending upon the tool, the competence of the person using it, and the network in question, you can do serious (temporary) harm to network traffic running such tools. Do yourself a favor and look at the other options first: 1) If the guy on the other end is actually a network technician, he should be able to configure his switch to "span" or "Mirror" the traffic from other switch ports to the one where he's plugged in. 2) If he's not "the" technician who can do this he should ask for that assistance from the network administrators who do have the authority and capability to do so. 3) Arp spoofing should only be used if there is no other responsible party, no way to perform spanning or mirroring with the switch in question, and no production traffic can be affected. -----Original Message----- From: Nate McConnell [mailto:nate () mcconnellsonline com] Sent: Saturday, May 08, 2004 12:32 PM To: 'Chris Halverson'; security-basics () securityfocus com Subject: RE: Network Card Promiscuous Mode Yes there is a good way to do this. First use Ethereal to sniff the traffic. Second to make windows run the card in promiscuous mode use winpcap. You can get that from http://winpcap.polito.it/. If it is switched traffic you need to perform arp spoofing to both machines or however many machines there are so that all the traffic is coming to the machine so it can be sniffed. To do that use Cain. You can get it from here http://www.oxid.it/cain.html. Then set the laptop as the network gateway and it will grab all outbound traffic. Nate McConnell -----Original Message----- From: Chris Halverson [mailto:chris.halverson () encana com] Sent: Friday, May 07, 2004 1:19 PM To: security-basics () securityfocus com Subject: Network Card Promiscuous Mode I have a technician in Barbados that is trying to troubleshoot some network tunnel problems and I wanted him to sniff the wire for what type of traffic is coming over the link. He is using a laptop with Win XP and I wanted to know how to switch the network card into promiscuous mode to accept all the traffic comming over the link. Is there a way to do this with a native windows interface or does it have to be done with third party tools? Can you use the NETSH utility or again is it somewhere else? ------------------------------------------------------------------------ --- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------ ---- ------------------------------------------------------------------------ --- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------ ---- Blue Cross Blue Shield of Florida, Inc., and its subsidiary and affiliate companies are not responsible for errors or omissions in this e-mail message. Any personal comments made in this e-mail do not reflect the views of Blue Cross Blue Shield of Florida, Inc. The information contained in this document may be confidential and intended solely for the use of the individual or entity to whom it is addressed. This document may contain material that is privileged or protected from disclosure under applicable law. If you are not the intended recipient or the individual responsible for delivering to the intended recipient, please (1) be advised that any use, dissemination, forwarding, or copying of this document IS STRICTLY PROHIBITED; and (2) notify sender immediately by telephone and destroy the document. THANK YOU. --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- Network Card Promiscuous Mode Chris Halverson (May 07)
- RE: Network Card Promiscuous Mode Nate McConnell (May 10)
- Re: Network Card Promiscuous Mode Dhaval Vasa (May 10)
- <Possible follow-ups>
- RE: Network Card Promiscuous Mode David Brown (May 10)
- RE: Network Card Promiscuous Mode James . Fields (May 10)