Ask them “honestly, what is the problem” – other than having an interface in promiscuous mode is a signature of a sniffer and security folks look for unauthorized sniffers?
ntop needs promiscuous mode so that it sees the full range of traffic. Any similar product will do the same thing. If the security people think traffic on the wire is secure, they’re wrong! Face facts – just about every Windows user, except for 2K/XP Pro (and then only if TBTP have especially locked them down) can install the windows version of tcpdump… If it’s a checklist item, just gen up a form to “authorize” it, have the boss and VP/CIO sign it and give it to them.
Related Questions
- Ask them "honestly, what is the problem" - other than having an interface in promiscuous mode is a signature of a sniffer and security folks look for unauthorized sniffers?
- Through the application security interface, can our site limit access to application functions, etc., through RACF/ACF2/TOP SECRET?
- How can I configure Pilot and/or WinPcap to NOT attempt to place the capture interface in promiscuous mode?
