[Snort-users] Testing read-only cable
neptune at ...13131...
Sat Mar 5 12:14:40 EST 2005
I have a Debian Linux box running the 126.96.36.199 kernel and snort 2.2.0-9. It
has two NIC's, eth0 for admin and eth1 for sniffing. I have a built a
read-only cable and wanted to test that cable versus a standard one to make
absolutely sure that it's working.
I've read about promiscuous interfaces being exposed by sending them ARP
packets. I've spent hours looking for how to do this, and just can't come up
with it! I've tried using 'arping', thinking that would expose something,
but I'm not getting anywhere. I've seen references to AntiSniff, but can't
even find that anymore.
Is this still even a concern with modern Linux kernels? For instance, I did
read that the 'neped' program was only able to pick up ARP strangeness in the
Thank you in advance for any information you might be able to give.
More information about the Snort-users