|
Posted by Peter Pearson on December 16, 2007, 2:14 am
If you were Registered and logged in, you could reply and use other advanced thread options
>
> http://www.askapache.com/security/sniffing-on-ethernet-undetected.html
>
>
> This is probably overkill for your situation, and the cable modem
> isn't going to care if it sees some packets from your machine, but if
> you're interested in being as certain as possible you aren't changing
> anything, this would be the way to go.
Thank you for helpfully goading me out of procrastination
mode. For the benefit of other lost souls wandering these
parts, this sequence of commands seemed to make my Linux box
disinclined to transmit:
sudo ifconfig eth1 down
sudo ifconfig eth1 hw ether 00:00:00:00:00:00 promisc
sudo ifconfig eth1 0.0.0.0
sudo ifconfig eth1 -arp up
and this sequence of commands restored normal network access:
sudo ifconfig eth1 down
sudo ifconfig eth1 hw ether 00:15:F2:3D:9D:C9 -promisc
sudo ifconfig eth1 arp
sudo ifconfig eth1 192.168.1.99 (restore normal IP address)
sudo route add default gw 192.168.1.1 (restore normal gateway route)
As for the fun part, the data, five minutes of sniffing caught
3431 messages, about 3100 of which were like this:
Cisco_e4:4f:5d Broadcast ARP Who has 68.189.121.12? Tell 68.189.121.1
Cisco_e4:4f:5d Broadcast ARP Who has 68.185.88.154? Tell 68.185.88.1
Cisco_e4:4f:5d Broadcast ARP Who has 68.185.93.107? Tell 68.185.88.1
So clifto's prediction of ARP traffic was exactly right.
There were also several dozen messages between Vonage sites
and my telephone adapter. Logical.
Inevitably, traces of mischief: two ping requests from 122.25.177.46,
= p2046-ipad201aobadori.miyagi.ocn.ne.jp
--
To email me, substitute nowhere->spamcop, invalid->net.
| 
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
XML site map