Honeypots mailing list archives
RE: [inbox] undetectable NIC in promiscuous mode
From: Chris Brenton <cbrenton () chrisbrenton org>
Date: Fri, 05 Mar 2004 15:48:58 -0500
On Fri, 2004-03-05 at 12:29, Curt Purdy wrote:
Yes, there are protocols that do not depend on ip such as arp, dhcp, and others.
Humm, I've never seen this myself. Please describe a situation I can try and duplicate were an interface that does not have IP bound to it would start transmitting ARP or DHCP packets.
A sure way to avoid detection is to snip your TX lines 1&2.
This _does not_ work. I have tried this with both switches and hubs from 3COM, Cisco, D-Link & Netgear. Cutting the TX lines means you can not initial the port to establish link. No link means you will not see traffic. HTH, C
Current thread:
- undetectable NIC in promiscuous mode Jose_Maria_Gonzalez (Mar 05)
- Re: undetectable NIC in promiscuous mode Chris Brenton (Mar 05)
- RE: undetectable NIC in promiscuous mode Román Ramírez (Mar 05)
- RE: [inbox] undetectable NIC in promiscuous mode Curt Purdy (Mar 05)
- Re: [inbox] undetectable NIC in promiscuous mode Work (Mar 05)
- RE: [inbox] undetectable NIC in promiscuous mode Chris Brenton (Mar 05)
- Re: [inbox] undetectable NIC in promiscuous mode Secdigital (Mar 07)
- RE: undetectable NIC in promiscuous mode Simon Thornton (Mar 11)
- <Possible follow-ups>
- RE: undetectable NIC in promiscuous mode Jose_Maria_Gonzalez (Mar 05)
- Re: undetectable NIC in promiscuous mode Work (Mar 07)
- RE: undetectable NIC in promiscuous mode Walter, Mario {VIE-~Kaiseraugst} (Mar 08)
- Re: undetectable NIC in promiscuous mode Chris Brenton (Mar 05)