The following is a copy of a promiscuous mode scanner for linux. This has
been on rootshell.com
This will scan your devices to detect sniffers on your system.
Linux support is ready but SunOS has some problems (mainly in
net/if.h when i tried compiling i got a lot of parse errors in
if.h and socket.h <shrug> maybe the system i was on was damaged.)
Comments welcome :-).
begin promisc.c --
// $Id: promisc.c,v null 1997/03/09 10:35:58 trevorl Exp $
// promisc.c: test devices for sniffers and device moniters.
//
// Copyright (C) 1997 Trevor F. Linton ([EMAIL PROTECTED])
//
// Created for Linux based loosely upon linux ioctl controls.
// ioctl() is used to detect different flags set on devices used
// on your system.
//
// gcc -o sys_test promisc.c
//
#include <stdio.h>
#include <sys/socket.h>
#include <sys/ioctl.h>
#include <errno.h>
#if defined (__linux__)
#include <linux/if.h>
#else
#include <net/if.h>
#endif
#define size(p) (sizeof(p))
int dev_flags=0,
device_flags=0,
set_look_all=0;
int
main(int argc, char **argv) {
struct ifreq ifreq, *ifr;
struct ifconf ifc;
char buf[BUFSIZ], *cp, *cplim;
if(argc <= 1)
set_look_all++;
if((dev_flags = socket(PF_INET, SOCK_DGRAM, 0)) < 0) {
fprintf(stderr, "An error occured establiashing while establishing a
socket\n");
perror("socket");
exit(1);
}
ifc.ifc_len = sizeof(buf);
ifc.ifc_buf = buf;
if(ioctl(dev_flags, SIOCGIFCONF, (char *)&ifc) < 0) {
perror("SIOCGIFCONF");
exit(1);
}
ifr = ifc.ifc_req;
cplim=buf+ifc.ifc_len;
for(cp = buf; cp < cplim;
cp += sizeof (ifr->ifr_name) + size(ifr->ifr_addr))
{
ifr = (struct ifreq *)cp;
if(argv[1])
if(strcmp(ifr->ifr_name, argv[1]) && !set_look_all)
continue;
ifreq = *ifr;
if(ioctl(dev_flags, SIOCGIFFLAGS, (char *)&ifreq) < 0)
{
fprintf(stderr, "SIOCGIFFLAGS: %s (get interface
flags): %s\n", ifr->ifr_name,strerror(errno));
continue;
}
device_flags=0; device_flags = ifreq.ifr_flags;
fprintf(stdout, "%s: ", ifreq.ifr_name);
if((device_flags & IFF_PROMISC) != 0)
fprintf(stdout, "Promiscuous: Sniffer detected.\n");
else
fprintf(stdout, "Not-Promiscous: No Sniffers
detected.\n");
if(!set_look_all)
exit(0); // We're finished..
else
continue; // Go onto next device..
}
if(!set_look_all)
fprintf(stdout, "%s: Unknown device.\n", argv[1]);
// Device not found..
}
end promisc.c --
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Carric Dooley
Sent: Tuesday, January 12, 1999 3:57 PM
To: 'GANG WANG'; [EMAIL PROTECTED]
Subject: RE: How can I detect if there is a sniffer running on my local
sobnet?
I have seen a program for Linux that is supposed to go out and look for
NIC's in promiscuous mode.
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of GANG WANG
Sent: Tuesday, January 12, 1999 1:30 PM
To: [EMAIL PROTECTED]
Subject: How can I detect if there is a sniffer running on my local
sobnet?
That bothers me for a long time.
Thanks.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
