On Thu, 2010-02-04 at 11:17 +0000, Alan Cox wrote: > On Thu, 04 Feb 2010 09:06:27 +0200 > Gilboa Davara <gilboad@xxxxxxxxx> wrote: > > > On Wed, 2010-02-03 at 23:11 +0100, Vadkan Jozsef wrote: > > > How can I find out that someone is using it's network card in > > > promiscuous mode in a subnet? > > > > > > Thank you! > > > > > > > You can't. > > ... and even if you could, someone could potentially use a passive > > splitter and yank all the packets of the subnet. > > > > Having said all that, if your network is switched (as opposed to using > > cheap FE hubs), only broadcast traffic (ARP/DHCP/etc) will be visible in > > promisc mode. > > Which won't save you against a smart attacker unless you are keeping > an eye on the traffic on the network. > > If I want to listed to IP traffic between A and B I can spoof ARP > frames in both directions, the switch will ensure neither box sees the > unicast arps being used to poison the other and I can then forward the > frames with the mac headers faked. > > Alan I'm well aware of that. Please read my second comment. - Gilboa -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
