Penetration Testing mailing list archives
Re: Promiscuous Mode
From: don bailey <don.bailey () gmail com>
Date: Wed, 19 Mar 2008 14:59:55 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Simon Templar wrote:
Hello everybody, I have a question concerning "Promiscuous Mode", I know what it is, but I would like to know exactly what is happening behind the scenes when I change my NIC to this mode For example: what is the technicality in writing the command: ifconfig eth0 promisc?
A flag is basically passed through the network stack (IFF_PROMISC) down into the trenches of your device driver. Your device driver will decide if it can really handle this flag. If it can, the driver will notify the chipset of your particular device that promiscuous mode is requested. Essentially, this bypasses the normal filtering mechanism used by the chipset. On initialization, your ethernet card's chipset must be programmed to use a specific MAC (or MACs if your chipset requires you to program for {broad,multi}cast addresses). This address becomes a filter for processing messages. When a signal comes in off a hot wire, the chipset translates the electrical signal into a digital signal (packet). It then checks the first six bytes of this packet against the filter. If it matches, we have a packet destined for "this" host. Promiscuous mode tells the chipset to temporarily "ignore" the filter and pass up any data it receives off the hot wire. Whether you see messages not destined for you is dependent on the network architecture. When you unset promiscuous mode the chip resumes filtering like normal but without having to reinitialize the filter(s). A simple ethernet driver to read is probably the ThunderLAN driver for Linux. If you're using *BSD, I suggest reading the Happy Meal driver (probably if_hme.c but it's been a while). Good luck, D -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFH4X7FyWX0NBMJYAcRAkReAKDA5YykGARLeRiRly7H/b0WaXH9vQCgrGUh r0axwwANBZfVZJjNJoBgxzw= =M5Ex -----END PGP SIGNATURE----- ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- Promiscuous Mode Simon Templar (Mar 19)
- Re: Promiscuous Mode don bailey (Mar 20)
- Re: Promiscuous Mode Amar Kulo (Mar 20)
- Re: Promiscuous Mode Morgan Reed (Mar 20)
- Re: Promiscuous Mode Robin Sheat (Mar 23)
- Re: Promiscuous Mode Muhammad Farooq-i-Azam (Mar 25)
- Re: Promiscuous Mode Robin Sheat (Mar 25)
- Re: Promiscuous Mode Muhammad Farooq-i-Azam (Mar 25)
- Re: Promiscuous Mode Robin Sheat (Mar 23)
- RE: Promiscuous Mode Richard C Lewis (Mar 20)