Promiscuous NICs

[riser]

I'm checking into getting a NIC for my laptop that supports promiscuous mode (wired).

Anyone ever really dabble in this for network troubleshooting?

I ask on network troubleshooting because I'm seeing that select switches without SNMP support don't work with P. NICs as far as capturing data.

This is an idea I only recently started to look in. I want to use my laptop to go to one of my many locations, plug in and check for excessive chatter on the Network.

We have basic Linksys 24 port switches (unmanaged) in most locations as far as I'm aware. I've only been to 4 of our 48 locations. Network documentation sucks around here.

I notice that a large amount of our networks have virii (proper term instead of viruses) running rampant, but since 98% of our desktops are using for AS400 emulation, network traffic doesn't seem to bother anyone since they're used to it being slow.

While I could use a free sniffer, I also want to check this option out for whatever reasons.

 

[Guest]

I was under the impression that all the most NIC could be put in promiscuous mode. Never had problem to sniff with a wired card, wifi is a bit more touchy sometimes.

I simply use WinPCAP and ethereal. Its all free and it does a great job. You just have to setup a few filters and your up and running

Asus P4P800DX, P4C 2.6ghz@3.25ghz, 2X512 OCZ PC4000 3-4-4-8, MSI 6800Ultra stock, 2X30gig Raid0

 

[riser]

I have ethereal installed. I have a IBM Thinkpad G40 and for some reason the wifi and wired network card are crap.

I just read some stuff where some cards weren't supported for some reason. I've used ethereal plenty of times - just didn't test it out on this particular laptop yet.

I guess I was thinking there was more to it than just using the program.

 

[Guest]

I think you also need WinPCap: Windows Packet Capture Library to analyse the packet's content

Other than that im not aware of any additionnal hardware/software limitation

Asus P4P800DX, P4C 2.6ghz@3.25ghz, 2X512 OCZ PC4000 3-4-4-8, MSI 6800Ultra stock, 2X30gig Raid0

 

[riser]

Sorry, meant to add that in there too. I have the newer version of that. Downloaded it a few weeks ago.
It's basically doing a packet capture and knowing if your card is promiscuous or not doesn't really matter.. as people mention it, I start to wonder if there was something extra in there or not..

On a side note, have you tried to use the Windows based Nmap? When I run it from a dos prompt, it dies on me. I'm running it from C:\portscan\nmap

Maybe it needs run in a different directory?

 

[folken]

I think that auditor live cd toms reviewed a while back had packet sniffing. I know it did a bunch of wireless cracking things but it also had a bunch of wired utilities too.
I think cisco has a packet analyzer app too, that is probably a tad on the expensive side though

<A HREF="http://www.folken.net/myrig.htm" target="_new">My precious...</A>

 

[riser]

The bootable CD one that did all that? Yeah I was looking for that article a while back but I couldn't find it. I forgot the name of the CD, but I think it was a German name or something.

I haven't really looked since then for it though. It was a complilation of all the top rated network related tools all on one CD.. I wanted to download it but never got around to it.

 

[folken]

Here is the download section for it:
The Auditor LiveCD by RemoteExploit
<A HREF="http://new.remote-exploit.org/index.php/Auditor_mirrors" target="_new">http://new.remote-exploit.org/index.php/Auditor_mirrors</A>

If you have a centrino notebook w/ an intel 2200b/g (IPW2200) wireless card in it you need to get that special auditor disc. All other cards can use the regular one.

<A HREF="http://www.folken.net/myrig.htm" target="_new">My precious...</A>

 

[Dev]

Never gone promiscous on a Windows box, but most all nics can do it under some form of *nix. I heard a rumour that SP2 for XP messed with the stack and is no longer able to really go promiscous. I am not at all sure about that since I haven't tested it yet.

---
I want my epitaph to be: "Moved to /dev/null"

 

[Guest]

I tested it with my Laptop, no problem whatsoever, In hard wire, doesnt need anything, in Wifi, you need special driver that support atheros and aegere chipset, not intel... Good stuff my laptop came with a atheros A/B/G!

Asus P4P800DX, P4C 2.6ghz@3.25ghz, 2X512 OCZ PC4000 3-4-4-8, MSI 6800Ultra stock, 2X30gig Raid0