RE: Network Card Promiscuous Mode

[James.Fields () bcbsfl com]

Wow...I am having trouble believing what I am seeing here - advising
someone to do arp spoofing?  

Chris - unless you or the other guy owns the target network or has
ultimate authority to make such decisions, do NOT advise your
counterpart to run arp spoofing as a method of defeating switch
behavior.  Depending upon the tool, the competence of the person using
it, and the network in question, you can do serious (temporary) harm to
network traffic running such tools.

Do yourself a favor and look at the other options first:
1) If the guy on the other end is actually a network technician, he
should be able to configure his switch to "span" or "Mirror" the traffic
from other switch ports to the one where he's plugged in.
2) If he's not "the" technician who can do this he should ask for that
assistance from the network administrators who do have the authority and
capability to do so.
3) Arp spoofing should only be used if there is no other responsible
party, no way to perform spanning or mirroring with the switch in
question, and no production traffic can be affected.

-----Original Message-----
From: Nate McConnell [mailto:nate () mcconnellsonline com] 
Sent: Saturday, May 08, 2004 12:32 PM
To: 'Chris Halverson'; security-basics () securityfocus com
Subject: RE: Network Card Promiscuous Mode

Yes there is a good way to do this. First use Ethereal to sniff the
traffic.
Second to make windows run the card in promiscuous mode use winpcap. You
can
get that from http://winpcap.polito.it/. If it is switched traffic you
need
to perform arp spoofing to both machines or however many machines there
are
so that all the traffic is coming to the machine so it can be sniffed.
To do
that use Cain. You can get it from here http://www.oxid.it/cain.html.
Then
set the laptop as the network gateway and it will grab all outbound
traffic.



Nate McConnell

-----Original Message-----
From: Chris Halverson [mailto:chris.halverson () encana com] 
Sent: Friday, May 07, 2004 1:19 PM
To: security-basics () securityfocus com
Subject: Network Card Promiscuous Mode



I have a technician in Barbados that is trying to troubleshoot some
network
tunnel problems and I wanted him to sniff the wire for what type of
traffic
is coming over the link.  He is using a laptop with Win XP and I wanted
to
know how to switch the network card into promiscuous mode to accept all
the
traffic comming over the link.  Is there a way to do this with a native
windows interface or does it have to be done with third party tools?
Can
you use the NETSH utility or again is it somewhere else?

------------------------------------------------------------------------
---
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545
off 
any course! All of our class sizes are guaranteed to be 10 students or
less 
to facilitate one-on-one interaction with one of our expert instructors.

Attend a course taught by an expert instructor with years of
in-the-field 
pen testing experience in our state of the art hacking lab. Master the
skills 
of an Ethical Hacker to better assess the security of your organization.

Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------
----




------------------------------------------------------------------------
---
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545
off 
any course! All of our class sizes are guaranteed to be 10 students or
less 
to facilitate one-on-one interaction with one of our expert instructors.

Attend a course taught by an expert instructor with years of
in-the-field 
pen testing experience in our state of the art hacking lab. Master the
skills 
of an Ethical Hacker to better assess the security of your organization.

Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------
----





Blue Cross Blue Shield of Florida, Inc., and its subsidiary and affiliate companies are not responsible for errors or 
omissions in this e-mail message. Any personal comments made in this e-mail do not reflect the views of Blue Cross Blue 
Shield of Florida, Inc.  The information contained in this document may be confidential and intended solely for the use 
of the individual or entity to whom it is addressed.  This document may contain material that is privileged or 
protected from disclosure under applicable law.  If you are not the intended recipient or the individual responsible 
for delivering to the intended recipient, please (1) be advised that any use, dissemination, forwarding, or copying of 
this document IS STRICTLY PROHIBITED; and (2) notify sender immediately by telephone and destroy the document. THANK 
YOU.



---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------