Jump to content

PS MAC address visible in mode 1


biob

Recommended Posts

Posted

Can someone please explain , why the PS MAC address is being picked up on my network while it is in passive mode? Doesn’t make it very stealthy🤔

Posted
9 hours ago, Decoy said:

Are you performing any attacks in the network? Or just running tcpdump?

Just running tcpdump. Technically is not a major problem for me, as I only use them at home. 

It doesn’t pick an IP address up(which I expect) , but I can see it in my logs as an active client.

Posted

You could use CLONE as opposed to TRANSPARENT to see if that resolves your issue. Modify  the payload and try it?

 

Here is a description of CLONE:

NETMODE CLONE

This network mode clones the MAC address of the target device from the Ethernet In port, spoofing it for use on the LAN from the Packet Squirrel’s Ethernet Out ports.

In practice, when deploying a Packet Squirrel payload with NETMODE CLONE, the MAC address is sniffed from the target (IN) and will change the MAC address on the LAN (OUT) side. This is done by inspecting sniffed packets from the target device and is typically done in just a few seconds.

For stealth deployments, have the Packet Squirrel clone the MAC address of the target device from its Ethernet IN port before connecting the cable to the Ethernet OUT port. The Packet Squirrel will indicate that the MAC address has been successfully cloned by several seconds of rapid white blinking on its LED.

 

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...