You don't even need a program to demonstrate this behavior: $ arp -s suspecthost 00:de:ad:c0:ff:ee $ ping suspecthost If you get a response, then it is a linux box in promiscuous mode. don't forget: $ arp -d suspecthost When you are done, clearing out the bogus MAC address. Bob Keyes, Security Consultant Cambridge, Mass.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:16:52 PDT