Date: Tue, 04 Jan 2000 12:29:27 -0500 From: Mitch Collinsworth <mkc@Graphics.Cornell.EDU> To: Wes Peters <wes@softweyr.com> Cc: DRHAGER@de.ibm.com, Olaf Hoyer <ohoyer@fbwi.fh-wilhelmshaven.de>, freebsd-net@FreeBSD.ORG Subject: Re: sniffing networks Message-ID: <200001041729.MAA16004@benge.graphics.cornell.edu> In-Reply-To: Message from Wes Peters <wes@softweyr.com> of "Tue, 04 Jan 2000 08:26:11 MST." <38721113.FBC3B90E@softweyr.com>
next in thread | previous in thread | raw e-mail | index | archive | help
>> OK: How do you perform a search for cards in promiscuous mode? >> (Taking some expensive analyzer progs or some simple stuff under UN*X, >> Linsux or NT?) > >Why would you want to search for network interfaces in promiscuous mode? Besides being a difficult operation to perform... (what if you don't have a login on their system?) a clever sniffer can be quite transparent. A now several years old book on network security suggests building a secure network monitor by cutting the NIC's xmit lead. How are you going to search for something like this?? >Stick the users on switched ports so they can't sniff other users packets >and be done with it. According to a friend who has done some network monitoring tests this is not as perfect a solution as it sounds. He has observed packets coming out ports other than the one where the destination system is connected. Still, everyone agrees it's far better than the old dozens-of-machines-in-a-single-collision-domain method. -Mitch To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200001041729.MAA16004>