Hello! I've recently read the paper "Detection of Promiscuous Nodes
Using ARP Packets" [1] that lists various ways you can detect network
cards that are set on promiscuous mode on your local network using
custom built ARP-packets, thereby finding computers that run sniffer
software like Wireshark.
I was just thinking that it would be nice to have such a scanner in
Nmap, as far as I know the only program that incorporates the techniques
mentioned in the paper is "Cain and Abel" [2] and that's for Windows
only. A cool thing about this is that as an added benefit different
operating systems respond differently to these special ARP-packets so it
could potentially be used for OS detection too.
There's also talk about a "DNS test", "ICMP etherping test" and perhaps
even more ways but I haven't delved further into that.
[1]
http://www.securityfriday.com/promiscuous_detection_01.pdf[2]
http://www.oxid.it/ca_um/topics/promiscuous-mode_scanner.htm--
Hans Nilsson
hasse_gg@...
--
http://www.fastmail.fm - Send your email first class
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-devArchived at
http://SecLists.Org
