Re: VMware Player and promiscuous mode?

[Todd Haverkos <infosec () haverkos com>]

Timothy Ouellette <touellette83 () gmail com> writes:
> I am running into problems getting my Ethernet adapter in backtrack to
> run in promiscuous mode.
>
> Currently running Ubuntu 12.04 LTS as the host OS with VM Player 4.02
> installed. I setup Backtrack 5R2 as a Virtual Machine in player and
> all is working great, however i cannot figure out how to get the
> Ethernet adapter in promiscuous mode.

Hi Timothy, 

I'm not sure if what you're attempting is possible (and I'd argue
that's a feature as, when using virtual machines defensively, or for
malware analysis, I surely wouldn't want a compromised guest OS having
access to host machine network traffic).   On the other hand, I'm not
sure what that noPromisc setting really intends to do. 

When I want to see things at the host OS level, I'd probably take a
native tcpdump on the host Ubuntu server and then pull that file into
analysis in wireshark in the virtual machine. Another alternative is
to run Wireshark directly under the Ubuntu host OS (sudo apt-get
install wireshark). 

You probably already know, but whenever wireshark is mentioned, I feel
compelled to stress the importance of keeping Wireshark up to date to
minimize the chance of getting owned while analyzing possibly
malicious network traffic.

Best Regards, 
--
Todd Haverkos, LPT MsCompE
http://haverkos.com/
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com