On Thu, Feb 04, 2010 at 09:45:26AM +1100, Les Bell wrote:
> Vadkan Jozsef <jozsi.avadkan@xxxxxxxxx> wrote:
>
> >>
> How can I find out that someone is using it's network card in
> promiscuous mode in a subnet?
> <<
>
> http://sourceforge.net/projects/prodetect/
>
Strictly you cannot tell if a remote card is in promiscuous mode.
Some card drivers correctly switch to promiscuous mode when more than
one multicast address is being listened to and there is no external
clue that it has done so. For what it is worth the MAC of the card can
see all the bits on the wire and above the MAC are a collection
of hardware and software filters that gate the bits further
up the stack.
Switches limit the ability of a host to snoop but some
traffic is still seen on all nodes. Once a host is seen some
attacks become possible which is why the expensive switches
have a market.
--
T o m M i t c h e l l
Found me a new hat, now what?
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
