On Sat, Mar 22, 2008 at 05:04:57PM +1300, Robin Sheat wrote:
# On Thursday 20 March 2008 14:27:38 Morgan Reed wrote:
# > It won't make any difference on a switched network as you won't see
# > packets not destined for your MAC address anyway (Unless they're
# > broadcast packets)
# ...or you arp-flood the appropriate switch.
#
# I have a related question: if your network card is in promisc mode and
# assuming you can see the packets at all (because you're on a hub or
# something), and someone sends a packet with a MAC address that isn't yours,
# but that is addressed to your IP, what is the typical response of the network
# stack? Ignore it because the MAC is wrong, or accept it because the IP
# address is correct? Does this behaviour vary based on configuration or OS?
IF the NIC is in promiscuous mode, it is going to capture ALL the packets
anyway regardless of their destination MAC.
However, If the NIC is *not* in promiscuous mode, it will discard
the packet if the destination MAC does not match its own. Therefore, the
packet will not get a chance to be passed to the TCP/IP stack where IP
header is processed.
In short, if the NIC is not in promiscuous mode, it will discard a
packet with an IP matching its own if the destination MAC in the packet
is not its own.
#
# PS: Hi Morgan, fancy seeing you here :)
#
# --
# Robin <robin@kallisti.net.nz> JabberID: <eythian@jabber.kallisti.net.nz>
#
# Hostes alienigeni me abduxerunt. Qui annus est?
#
# PGP Key 0xA99CEB6D = 5957 6D23 8B16 EFAB FEF8 7175 14D3 6485 A99C EB6D
--
Muhammad Farooq-i-Azam
lists@chase.org.pk
http://www.chase.org.pk/
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
