logoalt Hacker News

wjholdentoday at 2:04 AM0 repliesview on HN

I did a small research project years ago (like 16 years ago) where I tried to detect hosts in promiscuous mode. The entire effort wasn't super relevant even in 2010 because switched networks had already largely replaced old hubs but it was interesting stuff.

The most interesting thing I remember looking at was a tool called Neped. I can't find the source but it might be here: https://www.apostols.org/projects. As I recall, Neped would do things exactly like this article says — send an ping packet to the right IP address but wrong MAC address and see if it responds. I probably have the details wrong but that's the idea. It was some really clever stuff. I always wonder what old vulnerabilities like this we would rediscover if we put new computers on old networks (especially hubs).