Snort mailing list archives
Testing read-only cable
From: Neptune <neptune () onewest net>
Date: Sat, 5 Mar 2005 13:14:20 -0700
I have a Debian Linux box running the 2.6.8.1 kernel and snort 2.2.0-9. It has two NIC's, eth0 for admin and eth1 for sniffing. I have a built a read-only cable and wanted to test that cable versus a standard one to make absolutely sure that it's working. I've read about promiscuous interfaces being exposed by sending them ARP packets. I've spent hours looking for how to do this, and just can't come up with it! I've tried using 'arping', thinking that would expose something, but I'm not getting anywhere. I've seen references to AntiSniff, but can't even find that anymore. Is this still even a concern with modern Linux kernels? For instance, I did read that the 'neped' program was only able to pick up ARP strangeness in the 2.0-series kernels. Thank you in advance for any information you might be able to give. ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Testing read-only cable Neptune (Mar 05)