Honeypots: RE: [inbox] undetectable NIC in promiscuous mode

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Honeypots mailing list archives

RE: [inbox] undetectable NIC in promiscuous mode

From: Chris Brenton <cbrenton () chrisbrenton org>
Date: Fri, 05 Mar 2004 15:48:58 -0500

On Fri, 2004-03-05 at 12:29, Curt Purdy wrote:


Yes, there are protocols that do not depend on ip such as arp, dhcp, and
others.


Humm, I've never seen this myself. Please describe a situation I can try
and duplicate were an interface that does not have IP bound to it would
start transmitting ARP or DHCP packets.

A sure way to avoid
detection is to snip your TX lines 1&2.


This _does not_ work. I have tried this with both switches and hubs from
3COM, Cisco, D-Link & Netgear. Cutting the TX lines means you can not
initial the port to establish link. No link means you will not see
traffic.

HTH,
C

By Date By Thread

Current thread:

undetectable NIC in promiscuous mode Jose_Maria_Gonzalez (Mar 05)
- Re: undetectable NIC in promiscuous mode Chris Brenton (Mar 05)
  - RE: undetectable NIC in promiscuous mode Román Ramírez (Mar 05)
- RE: [inbox] undetectable NIC in promiscuous mode Curt Purdy (Mar 05)
  - Re: [inbox] undetectable NIC in promiscuous mode Work (Mar 05)
  - RE: [inbox] undetectable NIC in promiscuous mode Chris Brenton (Mar 05)
    - Re: [inbox] undetectable NIC in promiscuous mode Secdigital (Mar 07)
- RE: undetectable NIC in promiscuous mode Simon Thornton (Mar 11)
- <Possible follow-ups>
- RE: undetectable NIC in promiscuous mode Jose_Maria_Gonzalez (Mar 05)
  - Re: undetectable NIC in promiscuous mode Work (Mar 07)
- RE: undetectable NIC in promiscuous mode Walter, Mario {VIE-~Kaiseraugst} (Mar 08)