Re: just running tcpdump makes promisc mode?
From: Fred Barnes (F.R.M.Barnes_at_kent.ac.uk)
Date: 06/24/04
- Previous message: John Madden: "Re: just running tcpdump makes promisc mode?"
- In reply to: Monty Ree: "just running tcpdump makes promisc mode?"
- Next in thread: Public: "Re: just running tcpdump makes promisc mode?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "Monty Ree" <chulmin2@hotmail.com> Date: Thu, 24 Jun 2004 14:37:14 +0100
Hi Monty,
> I have operated redhat linux 7.x whcih kernel is 2.4.26.
> When I run tcpdump or snort, the dmesg is seen like below.
>
> "device eth0 entered promiscuous mode"
>
> and when I stop tcpdump or snort, the dmesg is seen like below.
>
> "device eth0 left promiscuous mode"
That's tcpdump (or rather libpcap I guess) putting the interface into
promiscuous mode -- i.e. it'll receive all packets it sees on the wire,
regardless of IP/netmask/etc. Different cards may vary in their
handling of this.
> But I can't find PROMISC message when I execute ifconfig while tcpdump or
> snort.
>
> Why the result of the dmesg and ifconfig is different?
Because ifconfig configures interfaces. It has no need to receive all
packets on the wire. dmesg displays the kernel message buffer; it has
nothing to do with configuring interfaces or tcpdump really.
Regards,
-- Fred
- Previous message: John Madden: "Re: just running tcpdump makes promisc mode?"
- In reply to: Monty Ree: "just running tcpdump makes promisc mode?"
- Next in thread: Public: "Re: just running tcpdump makes promisc mode?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
