Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Promiscuous Mode

from [Muhammad Farooq-i-Azam] Network Security [Permanent Link]
Subject: Re: Promiscuous Mode
Date: Mon, 24 Mar 2008 16:49:02 +0000 
On Mon, Mar 24, 2008 at 07:43:58PM +1300, Robin Sheat wrote:
# On Tue, 25 Mar 2008, Muhammad Farooq-i-Azam wrote:
# > In short, if the NIC is not in promiscuous mode, it will discard a
# > packet with an IP matching its own if the destination MAC in the packet
# > is not its own.
# You've answered the inverse of my question :) to clarify my rather bulky 
# paragraph in the previous mail,

# if:
#  * the NIC is in promiscuous mode, and
#  * you receive a packet /p/, and
#  * the MAC address in /p/ is _not_ yours, and
#  * the IP address in /p/ _is_ yours,
# what do network stacks (not NICs) typically do? Do they respond to the packet 
# in any way, or do they understand that because the MAC is different it should 
# be ignored? I expect that is what they should do, but I'm curious if it is 
# actually the case.
#

In my opinion, the network stack would not care whether the MAC is 
different than expected. The TCP/IP stack processes packet headers
on the basis of layer to layer i.e. when processing IP header, the
network stack would not know what the MAC header was in the packet
that it is processing. Same is the case with every other header in
the entire packet.

However, for such packet processing to be meaningful for the entire
operating system which is running the network stack, there should be
a corresponding application running which should utilize the payload
received in the packet and prepare and send the expected response 
packets as well. 

 
# -- 
# Robin <robin@kallisti.net.nz> JabberID: <eythian@jabber.kallisti.net.nz>
# 
# Hostes alienigeni me abduxerunt. Qui annus est?
# 
# PGP Key 0xA99CEB6D = 5957 6D23 8B16 EFAB FEF8  7175 14D3 6485 A99C EB6D

-- 
Muhammad Farooq-i-Azam

lists@chase.org.pk
http://www.chase.org.pk/

----------------------------------------------------------------------
        THEORY
Into love and out again,
        Thus I went and thus I go.
Spare your voice, and hold your pen:
        Well and bitterly I know
All the songs were ever sung,
        All the words were ever said;
Could it be, when I was young,
        Someone dropped me on my head?
                -- Dorothy Parker
----------------------------------------------------------------------

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Wireless keyboard security?, Eygene Ryabinkin
Next by Date:  Re: Wireless keyboard security?, Orlin Gueorguiev
Previous by Thread:  Re: Promiscuous Mode, Robin Sheat
Next by Thread:  RE : Promiscuous Mode, benoni.martin
Indexes:  [Date] [Thread] [Top] [All Lists]