Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: A Solution for sniffing

From: Jason Kohles <jkohles () redhat com>
Date: 19 Dec 2002 15:09:31 -0500
On Wed, 2002-12-18 at 18:36, David () cawdgw net wrote:

For a network card to "Sniff" it must be in promiscuous mode, reading all
packets coming in and not dumping those not addressed to it. Google the web
for tools that can find network interface cards in promiscuous mode. I can
think of only two legit reasons to be in that mode: some firewall/IDS's need
that mode to pull in all packets, and someone sniffing the network with
permission. Therefore, after you look and find a netcard in promiscuous
mode, you can check the system files for WHY it is in that mode.


The problem here is that tools that claim to detect cards in promiscuous
mode have a fairly low success rate, just because they don't find any
doesn't mean there aren't some out there.

-- 
Jason Kohles                                 jkohles () redhat com
Senior Engineer                 Red Hat Professional Consulting
Previous By Date Next
Previous By Thread Next

Current thread: