Penetration Testing mailing list archives

Re: Promiscuous Mode

From: Robin Sheat <robin () kallisti net nz>
Date: Sat, 22 Mar 2008 17:04:57 +1300

On Thursday 20 March 2008 14:27:38 Morgan Reed wrote:

It won't make any difference on a switched network as you won't see
packets not destined for your MAC address anyway (Unless they're
broadcast packets)

...or you arp-flood the appropriate switch.

I have a related question: if your network card is in promisc mode and 
assuming you can see the packets at all (because you're on a hub or 
something), and someone sends a packet with a MAC address that isn't yours, 
but that is addressed to your IP, what is the typical response of the network 
stack? Ignore it because the MAC is wrong, or accept it because the IP 
address is correct? Does this behaviour vary based on configuration or OS?

PS: Hi Morgan, fancy seeing you here :)

-- 
Robin <robin () kallisti net nz> JabberID: <eythian () jabber kallisti net nz>

Hostes alienigeni me abduxerunt. Qui annus est?

PGP Key 0xA99CEB6D = 5957 6D23 8B16 EFAB FEF8  7175 14D3 6485 A99C EB6D

Attachment: signature.asc
Description: This is a digitally signed message part.

Current thread:

Promiscuous Mode Simon Templar (Mar 19)
- Re: Promiscuous Mode don bailey (Mar 20)
- Re: Promiscuous Mode Amar Kulo (Mar 20)
- Re: Promiscuous Mode Morgan Reed (Mar 20)
  - Re: Promiscuous Mode Robin Sheat (Mar 23)
    - Re: Promiscuous Mode Muhammad Farooq-i-Azam (Mar 25)
    - Re: Promiscuous Mode Robin Sheat (Mar 25)
    - Re: Promiscuous Mode Muhammad Farooq-i-Azam (Mar 25)
- RE : Promiscuous Mode benoni.martin (Mar 20)
- Re: Promiscuous Mode Brett Cunningham (Mar 20)
  - RE: Promiscuous Mode Richard C Lewis (Mar 20)
- Re: Promiscuous Mode Muhammad Farooq-i-Azam (Mar 20)
- Re: Promiscuous Mode Ronald van der Westen (Mar 20)
- <Possible follow-ups>
- Re: Promiscuous Mode bariswinston (Mar 20)