Re: just running tcpdump makes promisc mode?
From: Eric Paynter (eric_at_arcticbears.com)
Date: 06/24/04
- Previous message: Bryan Shake: "Re: Close ports 137 and 138 samba server?"
- In reply to: Monty Ree: "just running tcpdump makes promisc mode?"
- Next in thread: Craig Van Tassle: "Re: just running tcpdump makes promisc mode?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 24 Jun 2004 10:11:50 -0700 (PDT) To: focus-linux@securityfocus.com
On Wed, June 23, 2004 12:21 am, Monty Ree said:
> I have operated redhat linux 7.x whcih kernel is 2.4.26.
> When I run tcpdump or snort, the dmesg is seen like below.
>
> "device eth0 entered promiscuous mode"
>
> and when I stop tcpdump or snort, the dmesg is seen like below.
>
> "device eth0 left promiscuous mode"
>
> But I can't find PROMISC message when I execute ifconfig while tcpdump or
> snort.
>
> Why the result of the dmesg and ifconfig is different?
I don't know why your ifconfig is not reporting promisc, but if you don't
want promisc:
$ man tcpdump
[...]
-p Don't put the interface into promiscuous mode.
Note that the interface might be in promiscuous
mode for some other reason; hence, `-p' cannot be
used as an abbreviation for `ether host {local-hw-
addr} or ether broadcast'.
-Eric
-- arctic bears - affordable email and name services @yourdomain.com http://www.arcticbears.com
- Previous message: Bryan Shake: "Re: Close ports 137 and 138 samba server?"
- In reply to: Monty Ree: "just running tcpdump makes promisc mode?"
- Next in thread: Craig Van Tassle: "Re: just running tcpdump makes promisc mode?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
