Nmap Announce mailing list archives
Re: Promiscuous mode detection
From: Bennett Todd <bet () newritz mordor net>
Date: Thu, 4 Mar 1999 21:37:58 +0000
The code posted reports whether the machine is it run on has its interface in promisc mode; so does "ifconfig -a|grep PROMISC". If you want to check other systems, well, the short answer is, you can't, in general. This gets discussed a lot:-). Some versions OSes can be detected if they are put in promisc mode; a typical style hack is to send a ping to the IP broadcast address with a specific destination MAC address not found on your net, and listen for answers. I don't know how to gen up such a packet. It might suffice to stuff an arp entry into the arp cache for the IP broadcast address, I dunno if that would work. May work better if you use the "other" bcast addr; e.g. the Linux system I'm looking at now is using the .255 bcast addr, so it might work better to try setting the arp entry for the .0 addr to some known-absent MAC addr, then try sending a ping at the .0 addr. Anybody answers, their interfaces are in promisc, but some OSes might not answer even if their IF is promisc. -Bennett
Current thread:
- Promiscuous mode detection Bruce Dennison (Mar 04)
- Re: Promiscuous mode detection Jeremy Johnson (Mar 04)
- Re: Promiscuous mode detection Andrew Brown (Mar 04)
- Re: Promiscuous mode detection Bennett Todd (Mar 04)
- Re: Promiscuous mode detection Adam Shostack (Mar 04)
- Re: Promiscuous mode detection Dug Song (Mar 04)
- Re: Promiscuous mode detection rich (Mar 04)
- Re: Promiscuous mode detection Eric Estabrooks (Mar 04)
- Re: Promiscuous mode detection Adam Shostack (Mar 04)
- Re: Promiscuous mode detection Jordan Ritter (Mar 04)
- Re: Promiscuous mode detection Joel Eriksson (Mar 04)
- Re: Promiscuous mode detection Jeremy Johnson (Mar 04)
- Re: Promiscuous mode detection Arley Carter (Mar 04)
- Re: Promiscuous mode detection Joel Eriksson (Mar 04)
- <Possible follow-ups>
- Re: Promiscuous mode detection Jon Marler (Mar 04)
- Re: Promiscuous mode detection Bruce Dennison (Mar 04)