I need to demonstrate the differences of a NIC being in promiscuous mode and when it's not for a college class. Can anyone think of any good shell commands to run "before and after" which show what traffic the NIC can and can't see?
Greg Lawson Rolling Hills Consolidated Library 1912 N. Belt Highway St. Joseph, MO 64506
for AP scanning `iwlist <interface> scan` for traffic loging try using ntop
On Wed, Jul 16, 2008 at 1:50 PM, Greg Lawson [email protected] wrote:
I need to demonstrate the differences of a NIC being in promiscuous mode and when it's not for a college class. Can anyone think of any good shell commands to run "before and after" which show what traffic the NIC can and can't see?
Greg Lawson Rolling Hills Consolidated Library 1912 N. Belt Highway St. Joseph, MO 64506 _______________________________________________ Kclug mailing list [email protected] http://kclug.org/mailman/listinfo/kclug
tcpdump or tshark (text mode version of wireshark) are the first that come to mind.
On Wed, 2008-07-16 at 13:50 -0500, Greg Lawson wrote:
I need to demonstrate the differences of a NIC being in promiscuous mode and when it's not for a college class. Can anyone think of any good shell commands to run "before and after" which show what traffic the NIC can and can't see?
Greg Lawson Rolling Hills Consolidated Library 1912 N. Belt Highway St. Joseph, MO 64506 _______________________________________________ Kclug mailing list [email protected] http://kclug.org/mailman/listinfo/kclug
Doesn't wireshark have a mode where it fully parses observed port 80 traffic, including displaying binary types? Running such a mode on the projector and asking a volunteer to surf for images (at their desk, on the same hub) would make a cool demonstration.
On Jul 16, 2008, at 14:14, "David Nicol" [email protected] wrote:
Doesn't wireshark have a mode where it fully parses observed port 80 traffic, including displaying binary types? Running such a mode on the projector and asking a volunteer to surf for images (at their desk, on the same hub) would make a cool demonstration.
Dunno about Wireshark, but Pikachu will capture jpegs. Of course Wireshark in full content capture mode will capture the bits, but you might have to carve them out with a hex editor.
On Wednesday 16 July 2008, Greg Lawson wrote:
I need to demonstrate the differences of a NIC being in promiscuous mode and when it's not for a college class. Can anyone think of any good shell commands to run "before and after" which show what traffic the NIC can and can't see?
tcpdump -p = without promiscuous mode tcpdump = with promiscuous mode
Note that in virtually all cases, there are no differences...
On Wed, Jul 16, 2008 at 10:50 PM, Luke -Jr [email protected] wrote:
Note that in virtually all cases, there are no differences...
Are there no more dumb hubs? You need a dumb hub for your demonstration. A switch won't work.
On Jul 17, 2008, at 7:43, "David Nicol" [email protected] wrote:
On Wed, Jul 16, 2008 at 10:50 PM, Luke -Jr [email protected] wrote:
Note that in virtually all cases, there are no differences...
I'd agree if you'd said "most cases."
Are there no more dumb hubs?
They still have their uses. And don't forget that 802.11 is "shared media."
-
Dave Hull -
David Nicol -
Greg Lawson -
Luke -Jr -
Philip Dorr -
Shawn C. Powell