On Tue, Dec 10, 2002 at 05:31:32PM -0500, Kevin Coyner wrote: > > On Tue, Dec 10, 2002 at 01:47:41PM -0500, sean finney wrote...... > > > heya, > > > > iirc promiscuous mode means to listen to all traffic on the network > > as opposed to only traffic addressed to the mac address of your ethernet > > card. this is real useful for passively sniffing packets on your > > network when you don't want to / can't run it on one of the machines > > in question. > > One question that I've been meaning to ask and this seems to be close to > being on-topic: If you're running a sniffer in promiscuous mode on a > network that is linked together via a switch (as opposed to a hub), will > you still be able to passively capture all packets from all boxes on the > net?
No > Or is that one of the purposes of the switch - to ensure privacy? I think it is merely a useful side effect. The main purpose of a switch is to keep traffic for other machines off your wire so you can use your wire fully for your own traffic. > Is there any way around this? Yes. I believe ettercap (a sniffer) can spoof arp packets to trick other machines to send everything to the capturing machine. This machine then forwards the packets. Of course, this is not really passive anymore. Also, I wouldn't be surprised if some (expensive) switches offer some kind of promiscuous configuration. Frank > > Kevin > > -- > Kevin Coyner > mailto: [EMAIL PROTECTED] > GnuPG key: 1024D/8CE11941 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
