On Sunday, Feb 2, 2003, at 21:57 America/Detroit, Justin Walker wrote:
On Sunday, Feb 2, 2003, at 18:43 US/Pacific, Robert Brugman wrote:
Hello Everyone,
Is it possible to capture when plugged into a hub without actually
having an ethernet address? I'm trying to do some intrusion testing
for the company I work for, and in most cases, intruders wouldn't
have an IP. Is there any way to do this?
Just in case: ethernet addresses and IP addresses are not the same
thing. You would probably not find an ethernet interface without an
ethernet address.
You can, generally, use libpcap and ethereal on interfaces that are
not configured for IP activity, but whether that's possible really
depends on the implementation details of the system you are using.
*BSDs and Linux let you do this.
On systems with 'ifconfig', you should be able to do something like
# ifconfig en0 up
or something like that (the actual device name will depend on your
system). You will usually have to be root (or "privileged") to do
this.
Regards,
Justin
Thanks Jusin. I am using Mac OS X, which supports ifconfig. Basically
I just need to be able to plug in to the switch and capture packets.
Is there any special config I need to set in order to capture packets
without having an IP?, or do I just have to have eth0 "up".
Thanks again
Robert