Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

nmap-dev logo Nmap Development mailing list archives

Promiscuous mode scan
From: "Hans Nilsson" <hasse_gg () ftml net>
Date: Fri, 13 Oct 2006 13:58:01 -1100
Hello! I've recently read the paper "Detection of Promiscuous Nodes
Using ARP Packets" [1] that lists various ways you can detect network
cards that are set on promiscuous mode on your local network using
custom built ARP-packets, thereby finding computers that run sniffer
software like Wireshark.

I was just thinking that it would be nice to have such a scanner in
Nmap, as far as I know the only program that incorporates the techniques
mentioned in the paper is "Cain and Abel" [2] and that's for Windows
only. A cool thing about this is that as an added benefit different
operating systems respond differently to these special ARP-packets so it
could potentially be used for OS detection too.

There's also talk about a "DNS test", "ICMP etherping test" and perhaps
even more ways but I haven't delved further into that.

[1]
http://www.securityfriday.com/promiscuous_detection_01.pdf
[2]
http://www.oxid.it/ca_um/topics/promiscuous-mode_scanner.htm
-- 
  Hans Nilsson
  hasse_gg () ftml net

-- 
http://www.fastmail.fm - Send your email first class


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]