biob Posted September 8, 2019 Posted September 8, 2019 Can someone please explain , why the PS MAC address is being picked up on my network while it is in passive mode? Doesn’t make it very stealthy🤔
Decoy Posted September 9, 2019 Posted September 9, 2019 Are you performing any attacks in the network? Or just running tcpdump?
biob Posted September 9, 2019 Author Posted September 9, 2019 9 hours ago, Decoy said: Are you performing any attacks in the network? Or just running tcpdump? Just running tcpdump. Technically is not a major problem for me, as I only use them at home. It doesn’t pick an IP address up(which I expect) , but I can see it in my logs as an active client.
Decoy Posted September 9, 2019 Posted September 9, 2019 You could use CLONE as opposed to TRANSPARENT to see if that resolves your issue. Modify the payload and try it?  Here is a description of CLONE: NETMODE CLONE This network mode clones the MAC address of the target device from the Ethernet In port, spoofing it for use on the LAN from the Packet Squirrel’s Ethernet Out ports. In practice, when deploying a Packet Squirrel payload with NETMODE CLONE, the MAC address is sniffed from the target (IN) and will change the MAC address on the LAN (OUT) side. This is done by inspecting sniffed packets from the target device and is typically done in just a few seconds. For stealth deployments, have the Packet Squirrel clone the MAC address of the target device from its Ethernet IN port before connecting the cable to the Ethernet OUT port. The Packet Squirrel will indicate that the MAC address has been successfully cloned by several seconds of rapid white blinking on its LED. Â
biob Posted September 10, 2019 Author Posted September 10, 2019 Unfortunately it was on a trunk port, so cloning might not work 🤔Â
Recommended Posts
Archived
This topic is now archived and is closed to further replies.