KarkomaOnline

It is possible to sniff packets through an unplumbed interface, so the interface can not be detected, remaining invisible to detection and attack.

I’m not sure if this works in all configurations, but here goes the trick:

ifconfig hme0 plumb
ifconfig hme0 192.168.100.50 netmask 255.255.255.0 up
ifconfig hme0 unplumb

Now the fun…

snoop -d hme0

Now the sniffer will silently gather all traffic on the wire and hme0 interface will not respond to any traffic.

This entry was posted on Saturday, July 26th, 2003 at 8:35 pm and is filed under Solaris. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.