RE: Promiscuous Mode

From: Richard C Lewis (chad@mr-lew.com)
Date: Thu Mar 20 2008 - 20:36:29 EST

• Next message: Rodrigo Montoro (Sp0oKeR): "Re: Session Hijacking over HTTP"
• Previous message: Leonardo Cavallari Militelli: "Pentesting using Vista?"
• In reply to: Brett Cunningham: "Re: Promiscuous Mode"
• Next in thread: Muhammad Farooq-i-Azam: "Re: Promiscuous Mode"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Promiscuous mode doesn't stop an interface from SENDING packets. You can
easily put an interface into promiscuous mode and capture all traffic that
is transmitted on the wire and still send your own packets at the same time.
Promiscuous mode has to do with processing the packets you RECEIVE off the
wire.

Refer back to Don Bailey's response, he outlined promiscuous mode really
well.

Putting an interface into promiscuous mode WITHOUT assigning an IP address
(or enabling DHCP) would give you the condition you described.

-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com] On
Behalf Of Brett Cunningham
Sent: Thursday, March 20, 2008 1:55 PM
To: Simon Templar
Cc: pen-test@securityfocus.com
Subject: Re: Promiscuous Mode

Simon,

    Setting an interface into promiscuous mode means it will not send
packets out that interface and there will be no IP address assigned to
it. It will, however, still listen on that interface. This is a
typical requirement of deploying an IDS.

On 3/19/08, Simon Templar <73696d6f6e74656d706c617200@googlemail.com> wrote:
> Hello everybody,
>
> I have a question concerning "Promiscuous Mode", I know what it is,
> but I would like to know exactly what is happening behind the scenes
> when I change my NIC to this mode
>
> For example: what is the technicality in writing the command:
> ifconfig eth0 promisc?
>
> Your help is so much appreciated.
> Best regards.
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Need to secure your web apps NOW?
> Cenzic finds more, "real" vulnerabilities fast.
> Click to try it, buy it or download a solution FREE today!
>
> http://www.cenzic.com/downloads
> ------------------------------------------------------------------------
>
>

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

• Next message: Rodrigo Montoro (Sp0oKeR): "Re: Session Hijacking over HTTP"
• Previous message: Leonardo Cavallari Militelli: "Pentesting using Vista?"
• In reply to: Brett Cunningham: "Re: Promiscuous Mode"
• Next in thread: Muhammad Farooq-i-Azam: "Re: Promiscuous Mode"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:28 EDT