Testing read-only cable

[Neptune <neptune () onewest net>]

I have a Debian Linux box running the 2.6.8.1 kernel and snort 2.2.0-9.  It 
has two NIC's, eth0 for admin and eth1 for sniffing.  I have a built a 
read-only cable and wanted to test that cable versus a standard one to make 
absolutely sure that it's working.  

I've read about promiscuous interfaces being exposed by sending them ARP 
packets.  I've spent hours looking for how to do this, and just can't come up 
with it!  I've tried using 'arping', thinking that would expose something, 
but I'm not getting anywhere.  I've seen references to AntiSniff, but can't 
even find that anymore.

Is this still even a concern with modern Linux kernels?  For instance, I did 
read that the 'neped' program was only able to pick up ARP strangeness in the 
2.0-series kernels.

Thank you in advance for any information you might be able to give.


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users