January 9th, 2007 06:04 PM
Sceptre, this thread is >3 years old...
It was funny, I read what I wrote, and was confused: "I didn't post to this thread... oh, 2002..."
[HvC]Terr: L33T Technical Proficiency
January 9th, 2007 07:38 PM
I used to be a member on here back then and when I found the article on askApache and did a google about it, this thread popped up.. so I thought, I definately need to rejoin.
You know snort still uses this exact method to capture packets.. its still a very effective method for sniffing.
January 10th, 2007 09:40 PM
The title of this thread dates it. The focus on packet sniffing and such has long since passed, being replaced with nice things like regulatory compliance and botnets.
Slarty's responses are all accurate though.
I can confirm this in case no one else did.
AFAIK, promiscuous mode checkers only work with machines whose IP addresses are known, or which can be reached by broadcast. A stealthed machine has NO IP address and does not respond to ANY packet.
Also, switches aren't going to cache MAC addresses from a stealth unit simply because it won't be aware of an IP and or ARP response/request from said device.
Old skool stuff is fun to read from time to time.
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
January 10th, 2007 10:59 PM
thats really cool, and convenient. thats what im working on in my server at school, an IDS box with snort on it. My CS prof. has no idea whats going on with his network and he asked me if i could do any sniffing for him, rather than just sniff whenever im in there i decided to set up a snort box for him on FC5. I have two interfaces running, one to log and one to be an interface to monitor. ill definitely have to consider taking off the ip of the monitoring NIC and stealthing it. cool article and thread
if God was willing to live all out for us, why aren't we willing to live all out for Him? God bless,
my home my forum