Honeypots mailing list archives

Re: [inbox] undetectable NIC in promiscuous mode

From: "Ian Baker" <ibaker () codecutters org>
Date: Sun, 7 Mar 2004 23:22:47 -0000

Roger,
    I presume that there's some kind of "obvious" reason why you can't just
plug-in a no-name, el cheapo, hub?

That's basically the setup here:
http://www.codecutters.org/gallery/photo.html?image=Lab%2C%20circa%202003.jpg
although it's a branded hub (that was quite expensive at the time!) that
became surplus when I went to a switched network.

(Please note that, in the photograph, there're only the Cable Modem and
Router cables attached; the Ethereal box was acting as a load box for some
performance testing work I was doing..)

Been working perfectly for the last few years..

Regards,

Ian

----- Original Message ----- 
From: "Roger A. Grimes" <roger () banneretcs com>
Cc: <honeypots () securityfocus com>
Sent: Saturday, March 06, 2004 1:09 AM
Subject: RE: [inbox] undetectable NIC in promiscuous mode


4.  Buy a Ethernet tap...works like charm.

5.  Buy an intelligent switch and do port mirroring (aka port trunking,
port spanning, MIB management, remote management console, etc.).

Current thread:

RE: [inbox] undetectable NIC in promiscuous mode Weaver, Woody (Mar 05)
- RE: [inbox] undetectable NIC in promiscuous mode Curt Purdy (Mar 05)
- Re: [inbox] undetectable NIC in promiscuous mode Valdis . Kletnieks (Mar 08)
- <Possible follow-ups>
- RE: [inbox] undetectable NIC in promiscuous mode Bement, Daniel (Mar 05)
  - RE: [inbox] undetectable NIC in promiscuous mode Chris Brenton (Mar 07)
- RE: [inbox] undetectable NIC in promiscuous mode Roger A. Grimes (Mar 07)
  - Re: [inbox] undetectable NIC in promiscuous mode Ian Baker (Mar 07)
- RE: [inbox] undetectable NIC in promiscuous mode Teicher, Mark (Mark) (Mar 08)