Re: Promiscuous mode for ethernet device
On Tue, Dec 10, 2002 at 05:31:32PM -0500, Kevin Coyner wrote:
> On Tue, Dec 10, 2002 at 01:47:41PM -0500, sean finney wrote......
> > heya,
> > iirc promiscuous mode means to listen to all traffic on the network
> > as opposed to only traffic addressed to the mac address of your ethernet
> > card. this is real useful for passively sniffing packets on your
> > network when you don't want to / can't run it on one of the machines
> > in question.
> One question that I've been meaning to ask and this seems to be close to
> being on-topic: If you're running a sniffer in promiscuous mode on a
> network that is linked together via a switch (as opposed to a hub), will
> you still be able to passively capture all packets from all boxes on the
> Or is that one of the purposes of the switch - to ensure privacy?
I think it is merely a useful side effect. The main purpose of a switch
is to keep traffic for other machines off your wire so you can use your
wire fully for your own traffic.
> Is there any way around this?
Yes. I believe ettercap (a sniffer) can spoof arp packets to trick other
machines to send everything to the capturing machine. This machine then
forwards the packets. Of course, this is not really passive anymore.
Also, I wouldn't be surprised if some (expensive) switches offer some
kind of promiscuous configuration.
> Kevin Coyner
> mailto: firstname.lastname@example.org
> GnuPG key: 1024D/8CE11941