Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Promiscuous mode scan

From: "Hans Nilsson" <hasse_gg () ftml net>
Date: Fri, 13 Oct 2006 13:58:01 -1100
Hello! I've recently read the paper "Detection of Promiscuous Nodes
Using ARP Packets" [1] that lists various ways you can detect network
cards that are set on promiscuous mode on your local network using
custom built ARP-packets, thereby finding computers that run sniffer
software like Wireshark.

I was just thinking that it would be nice to have such a scanner in
Nmap, as far as I know the only program that incorporates the techniques
mentioned in the paper is "Cain and Abel" [2] and that's for Windows
only. A cool thing about this is that as an added benefit different
operating systems respond differently to these special ARP-packets so it
could potentially be used for OS detection too.

There's also talk about a "DNS test", "ICMP etherping test" and perhaps
even more ways but I haven't delved further into that.

[1]
http://www.securityfriday.com/promiscuous_detection_01.pdf
[2]
http://www.oxid.it/ca_um/topics/promiscuous-mode_scanner.htm
-- 
  Hans Nilsson
  hasse_gg () ftml net

-- 
http://www.fastmail.fm - Send your email first class


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: