Sceptre, this thread is >3 years old...
It was funny, I read what I wrote, and was confused: "I didn't post to this thread... oh, 2002..."
Sceptre, this thread is >3 years old...
It was funny, I read what I wrote, and was confused: "I didn't post to this thread... oh, 2002..."
HA, lol...
I used to be a member on here back then and when I found the article on askApache and did a google about it, this thread popped up.. so I thought, I definately need to rejoin.
You know snort still uses this exact method to capture packets.. its still a very effective method for sniffing.
The title of this thread dates it. The focus on packet sniffing and such has long since passed, being replaced with nice things like regulatory compliance and botnets.
Slarty's responses are all accurate though.
I can confirm this in case no one else did.Quote:
AFAIK, promiscuous mode checkers only work with machines whose IP addresses are known, or which can be reached by broadcast. A stealthed machine has NO IP address and does not respond to ANY packet.
Also, switches aren't going to cache MAC addresses from a stealth unit simply because it won't be aware of an IP and or ARP response/request from said device.
Old skool stuff is fun to read from time to time.
:)
thats really cool, and convenient. thats what im working on in my server at school, an IDS box with snort on it. My CS prof. has no idea whats going on with his network and he asked me if i could do any sniffing for him, rather than just sniff whenever im in there i decided to set up a snort box for him on FC5. I have two interfaces running, one to log and one to be an interface to monitor. ill definitely have to consider taking off the ip of the monitoring NIC and stealthing it. cool article and thread :)