Full Disclosure mailing list archives
Re: Promiscious Device Detection
From: Simon Richter <Simon.Richter () hogyros de>
Date: Thu, 09 Mar 2006 13:15:22 +0100
Hi, Q Beukes wrote:
I am looking for linux utility that checks if a specified machine's network device is in promiscious mode or not.
Technically, promiscuous mode only affects packet reception, so it is pretty difficult to detect; however most packet sniffers will not hide the packets that would have been filtered normally from the kernel, so the kernel should react to e.g. a ping or SYN packet that has the correct destination IP address for that host, but would normally be filtered by the MAC (e.g. with a different destination MAC address).
I don't have a readymade utility for that (I'd code it if need arises, but the days of Cheapernet are gone), but you can test from the shell by creating a static ARP entry using the arp(8) tool and then pinging the IP.
Simon _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Promiscious Device Detection Q Beukes (Mar 09)
- Re: Promiscious Device Detection Simon Richter (Mar 09)
- Re: Promiscious Device Detection Q Beukes (Mar 09)
- Re: Promiscious Device Detection Frank Thyes (Mar 09)
- Re: Promiscious Device Detection Michael Holstein (Mar 09)
- Re: Promiscious Device Detection Andrew Farmer (Mar 09)
- Re: Promiscious Device Detection Michael Holstein (Mar 10)
- Re: Promiscious Device Detection Simon Richter (Mar 09)