Hi everyone!
I've been searching for a free program tool that allows remote detecting
of network nodes in promiscuous mode.
Found a few ones for Win32, but I need something for running on Linux
and, if possible, a separate tool (not a module for sniffer or etc).
So, I tried sentinel, and it seemed like it didn't work: neither -a, -d
or -e modes failed to detect a linux box with tcpdump running (or after
executing 'ifconfig -i eth0 promisc'). Maybe it's nothing wrong with it,
and I do misunderstand something. But as far as i can see, sentinel uses
well known and pretty old methods (for example, it looks like '-a'
option turns on the one that was described in
http://www.securityfriday.com/promiscuous_detection_01.pdf).
Anyway, I would appreciate, if someone helped me to find a way of
resolving this matter.
Thanks a lot!
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
