Configuring a silent network interface

/ Felipe Alfaro Solana

A silent network interface is one whose main purpose is to passively monitor for traffic while not revealing or advertising its presence. By default, network interfaces in UNIX-like systems, even when configured with no IP address, could send or respond to ARP traffic, thus defeating its stealthy operation.

To prevent a network interface from sending or responding to ARP traffic, one can configure the network interface to ignore it by supplying the -arp option to ifconfig. This will put the interface into NOARP mode and, when configured with no IP address, will become stealth.

For example:

# ifconfig eth1
eth1 Link encap:Ethernet HWaddr 00:00:00:00:00:00
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
Interrupt:17 Base address:0x4000
# ifconfig eth1 -arp
# ifconfig eth1
eth1 Link encap:Ethernet HWaddr 00:00:00:00:00:00
UP BROADCAST NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
Interrupt:17 Base address:0x4000

In Fedora Core this can be easily achieved by adding the following line to the network interface configuration file, located in /etc/sysconfig/network-scripts:

ARP=no

For example, this line can be added to file /etc/sysconfig/network-scripts/ifcfg-eth1 so next time interface eth1 is brought up, it will be configured in NOARP mode. This can be done manually using two different commands:

  • ifconfig eth1 -arp
  • ip link set dev eth1 arp off

To re-enable ARP support:

  • ifconfig eth1 arp
  • ip link set dev eth1 arp on

3 thoughts on “Configuring a silent network interface

  1. Oh, my GOSH! For decades I have thought that I was hallucinating because nobody I ever spoke to remembered the Seven Up bar. It was my absolute FAVORITE. Thank you so much for confirming that I was not out of my mind and they really did exist. REALLY BUMMED to know they no longer make them. Maybe we can all bombard the company with requests to bring it back under a different name. Keep hope alive! : )
    I used to get mine at the Jewel-Osco in Racine, WI, before it disappeared and became Shopko. This was likely in the late 60s early 70s when I was just a pup using mom’s money, so I have no idea when they may have stopped producing them.

  2. Taylor, I’m not sure if he was advised by his agents (I hope so for their sake), but it’s the first smart thing Vince has done during this whole situation and I very much agree with your assessment.

  3. Hello There. I found your blog using msn. This is a very neatly written article. I will make sure to bookmark it and come back to read more of your useful info. Thanks for the post. I’ll certainly comeback.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s