On Thu, 04 Feb 2010 09:06:27 +0200 Gilboa Davara <gilboad@xxxxxxxxx> wrote: > On Wed, 2010-02-03 at 23:11 +0100, Vadkan Jozsef wrote: > > How can I find out that someone is using it's network card in > > promiscuous mode in a subnet? > > > > Thank you! > > > > You can't. > ... and even if you could, someone could potentially use a passive > splitter and yank all the packets of the subnet. > > Having said all that, if your network is switched (as opposed to using > cheap FE hubs), only broadcast traffic (ARP/DHCP/etc) will be visible in > promisc mode. Which won't save you against a smart attacker unless you are keeping an eye on the traffic on the network. If I want to listed to IP traffic between A and B I can spoof ARP frames in both directions, the switch will ensure neither box sees the unicast arps being used to poison the other and I can then forward the frames with the mac headers faked. Alan -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
