Results 1 to 4 of 4

Thread: promiscous

  1. #1

    promiscous

    Hi,
    First of all i'm very sorry to putting clustter of questions here.

    1) how to find the NIC in promiscous mode? (ifconfig really doesn't show the promiscous)

    2)How to change the NIC promiscous mode to non promiscous mode?(ifconfig eth0 -promisc : doesn't do anything I donno why?)

    3)How to detect the sniffing? (changing the mac address and ping it to the correct ip doesn't work really)

    4) any good antisniff program?(http://packetstorm.linuxsecurity.com...tisniff/as-101 -trailversion doesn't work.)

    Any solution to find sniffing program ?

    -- lok.

  2. #2
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323
    Actually the new version Ettercap has some nice detection features in it for promiscuous detection.

    ifconfig eth0 -promisc : doesn't do anything I donno why?
    Hrmm.. works for me. Are you doing this as the root user? Which distro is it (perhaps there is a bug in their version)? Do you have libpcap installed? Typing ifconfig should identify if it's promiscuous or not.

    promiscuous
    eth0 Link encap:Ethernet HWaddr 00:D0:59:GG:GG:GG
    inet addr:192.168.0.5 Bcast:192.168.0.255 Mask:255.255.255.0
    UP BROADCAST NOTRAILERS RUNNING PROMISC MULTICAST MTU:1500 Metric:1
    RX packets:37721 errors:0 dropped:0 overruns:0 frame:0
    TX packets:43512 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:14575098 (13.8 Mb) TX bytes:7317397 (6.9 Mb)
    Interrupt:10 Base address:0x4000
    non-promiscuous
    eth0 Link encap:Ethernet HWaddr 00:D0:59:GG:GG:GG
    inet addr:192.168.0.5 Bcast:192.168.0.255 Mask:255.255.255.0
    UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:37731 errors:0 dropped:0 overruns:0 frame:0
    TX packets:43524 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:14575926 (13.9 Mb) TX bytes:7318255 (6.9 Mb)
    Interrupt:10 Base address:0x4000
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  3. #3
    hi,
    Thanks for reply. ifconfig is not at all detecting promiscous mode? which linux kernal u r using?
    Is there any other way to detect the promiscous mode.?


    regards, lok.

  4. #4
    Hi,
    Finally i got the reason .If your kernal is ipv6 enabled ifconfig wont show promiscous mode.

    kstat will give you the detail....

    -lok

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •