> > in the destination HW address field. The Linux box in promiscuous mode
> > can see this query and sends an ARP reply.
> >
> > Can the Linux ARP be modified to not replying to non-broadcast
> >ARP packets?
> >
I know it has been a while since this was posted, but an idea occured to
me.
> Oldest trick in the book: cut the Tx pair.
I suspect he doesn't want to dedicate the machine to being a sniffer (or
else he wouldn't have given it an IP.)
Instead of making one of your stock ethernet interfaces promiscous, how
about making an alias promiscuous? Then "ifconfig eth1:1 up -arp +promisc"
or something (no IP and no ARP, but promisc.) Would that be enough to hide
your sniffing? If you were creative enough, you might be able to disable a
few other sniffer detection schemes this way too... (assuming it works.)
-Mike
[EMAIL PROTECTED]
-Mike
[EMAIL PROTECTED]
"...the simple solution is to not do anything stupid as root." - Linus Torvalds
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
