Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Promiscious Device Detection

From: Simon Richter <Simon.Richter () hogyros de>
Date: Thu, 09 Mar 2006 13:15:22 +0100
Hi,

Q Beukes wrote:


I am looking for linux utility that checks if a specified machine's
network device is in promiscious mode or not.
Technically, promiscuous mode only affects packet reception, so it is pretty difficult to detect; however most packet sniffers will not hide the packets that would have been filtered normally from the kernel, so the kernel should react to e.g. a ping or SYN packet that has the correct destination IP address for that host, but would normally be filtered by the MAC (e.g. with a different destination MAC address).
I don't have a readymade utility for that (I'd code it if need arises, but the days of Cheapernet are gone), but you can test from the shell by creating a static ARP entry using the arp(8) tool and then pinging the IP. 

   Simon
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: