Re: [PEN-TEST] wireless LAN traffic sniffing

From: stevephelpsat_private
Date: Wed May 02 2001 - 03:12:30 PDT

Next message: Dawes, Rogan (ZA - Johannesburg): "Re: [PEN-TEST] wireless LAN traffic sniffing"

Previous message: Marc Maiffret: "[PEN-TEST] Windows 2000 .printer remote overflow proof of concept exploit"
Next in thread: Dawes, Rogan (ZA - Johannesburg): "Re: [PEN-TEST] wireless LAN traffic sniffing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>If a card will not "enter prom. mode" it's nothing to worry about, you
>don't
>_HAVE_ to be in that mode to sniff traffic, it's more just a line that
>lets
>you know it's now sniffing and logging all traffic passing through.

This is not strictly true.  A NIC in promiscious mode will process all
ethernet packets regardless of the destination MAC address.
A NIC configured in non-promiscious mode will only process
ethernet packets whose MAC addresses are either: a) broadcast addresses
or
b) the same as the MAC address on the card.  i.e.  in non-promiscious mode,
the card will only "see" packets that are destined for itself.
In promiscious mode the card will "see" all packets on the ethernet segment.
The upshot is that in promiscious mode you can often sniff traffic between
hosts other than the one that you control.

Free, encrypted, secure Web-based email at www.hushmail.com

Next message: Dawes, Rogan (ZA - Johannesburg): "Re: [PEN-TEST] wireless LAN traffic sniffing"
Previous message: Marc Maiffret: "[PEN-TEST] Windows 2000 .printer remote overflow proof of concept exploit"
Next in thread: Dawes, Rogan (ZA - Johannesburg): "Re: [PEN-TEST] wireless LAN traffic sniffing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed May 02 2001 - 22:34:00 PDT