Michael Richardson <mcr@sandelman.ottawa.on.ca> writes:

> >>>>> "Noriyuki" == Noriyuki Soda <soda@sra.co.jp> writes:
>     Noriyuki> http://www.l0pht.com/antisniff/tech-paper.html claims that a remote user
>     Noriyuki> can examine that whether a interface of NetBSD machine is promiscuous
>     Noriyuki> mode or not.
> 
>   The technique is to send an ICMP ping addressed to the node at the IP
> layer, but not addressed to the node at the ethernet layer.

Most drivers explicitly filter out packets to the `wrong' Ethernet
address after passing them up to BPF.  Ones that don't should be
fixed.