RE: Network Card Promiscuous Mode

[David Brown <davidbrown () coal gov uk>]

Your best bet is to have him get hold of WinPcap and install it on the
laptop.  It's pretty much a prerequisite for any packet sniffing or traffic
analysis work you may want to do without using serious commercial packages.
You can then combine this with tools such as Windump for a basic traffic
capture and filter.  From there any of the opensource traffic analysis tools
- mostly pearl scripts that do nice things to the output for you to make it
easier to read - out there are a good way to go.

Dave Brown,
Network & Security Manager,
The Coal Authority,



-----Original Message-----
From: Chris Halverson [mailto:chris.halverson () encana com]
Sent: Friday, May 07, 2004 9:19 PM
To: security-basics () securityfocus com
Subject: Network Card Promiscuous Mode




I have a technician in Barbados that is trying to troubleshoot some network
tunnel problems and I wanted him to sniff the wire for what type of traffic
is coming over the link.  He is using a laptop with Win XP and I wanted to
know how to switch the network card into promiscuous mode to accept all the
traffic comming over the link.  Is there a way to do this with a native
windows interface or does it have to be done with third party tools?  Can
you use the NETSH utility or again is it somewhere else?

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the
skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------


****************************************************************************
This communication contains information which is confidential and may also
be privileged. It is for the exclusive use of the intended recipient(s)
please note that any distribution, copying or use of this communication or
the information in it is strictly prohibited. If you have received this
communication in error please notify us by e-mail or telephone ((+44) 01623
427162) and then delete the e-mail and any copies of it. This communication
is from The Coal Authority whose principal address is at 200 Lichfield Lane,
Berry Hill, Mansfield, Notts, NG18 4RG, England.

****************************************************************************

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------