Nmap Development mailing list archives
Promiscuous mode scan
From: "Hans Nilsson" <hasse_gg () ftml net>
Date: Fri, 13 Oct 2006 13:58:01 -1100
Hello! I've recently read the paper "Detection of Promiscuous Nodes Using ARP Packets" [1] that lists various ways you can detect network cards that are set on promiscuous mode on your local network using custom built ARP-packets, thereby finding computers that run sniffer software like Wireshark. I was just thinking that it would be nice to have such a scanner in Nmap, as far as I know the only program that incorporates the techniques mentioned in the paper is "Cain and Abel" [2] and that's for Windows only. A cool thing about this is that as an added benefit different operating systems respond differently to these special ARP-packets so it could potentially be used for OS detection too. There's also talk about a "DNS test", "ICMP etherping test" and perhaps even more ways but I haven't delved further into that. [1] http://www.securityfriday.com/promiscuous_detection_01.pdf [2] http://www.oxid.it/ca_um/topics/promiscuous-mode_scanner.htm -- Hans Nilsson hasse_gg () ftml net -- http://www.fastmail.fm - Send your email first class _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Promiscuous mode scan Hans Nilsson (Oct 13)
- Re: Promiscuous mode scan Hans Nilsson (Oct 16)