Bram Shirani wrote: > You can force (as far as I know, I've tested quite a few cards) any card into prom. mode, you just need the correct tools. Under linux or OpenBSD, Sniffit or tcpdump will do this for you. > > If a card will not "enter prom. mode" it's nothing to worry about, you don't _HAVE_ to be in that mode to sniff traffic, it's more just a line that lets you know it's now sniffing and logging all traffic passing through. > > For example, in unix, you can force a card into prom. mode using ifconfig (i forget the flag). This, however means nothing if you don't have a method of capturing and logging the data. All it does is open the card to see everything, but you won't actually see anything unless you are configured to do so. > > By that same token, when you load sniffit while tail -f'ing your syslog, you won't see a line which says "eth0 enterming promiscuos mode." However, when you load tcpdump, you will. > > Another example, in Windows. If you load etherpeek or ethereal, you will sniff all traffic on your network unless it's switched and specificly setup to not allow traffic sniffing. There's no "promiscuous mode" to be entered as far as an actual setting on your card, it's just sniffing, and the program handles the hardware interaction part of it. > > Bottom line, any card can sniff, if you've got the right tools. Don't get hung up on the output letting you know that the card is. i agree with you here, but i believe that it was mentioned a short while ago here that said something about someone having sniff-software for windows that only worked with cisco cards, because it was shipped with a modified version of that driver that allowed promisc. mode.. please correct me if i'm wrong here -t.
This archive was generated by hypermail 2b30 : Wed May 02 2001 - 09:28:46 PDT