Re: just running tcpdump makes promisc mode?
From: Craig Van Tassle (cvantassle_at_idealsystems.com)
Date: 06/24/04
- Previous message: Eric Paynter: "Re: just running tcpdump makes promisc mode?"
- In reply to: Monty Ree: "just running tcpdump makes promisc mode?"
- Next in thread: Skander Ben Mansour: "RE: just running tcpdump makes promisc mode?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 24 Jun 2004 10:17:58 -0400
As I recall, they use IOCTL() to change the device to Promiscuous mode.
That may be the reason why they are not showing as promiscuous when you
see the results of an ifconfig.
I may be wrong though. I don't have my Stevens book on me at the moment.
Craig
Monty Ree wrote:
> Hello, all.
>
> I have operated redhat linux 7.x whcih kernel is 2.4.26. When I run
> tcpdump or snort, the dmesg is seen like below.
>
> "device eth0 entered promiscuous mode"
>
> and when I stop tcpdump or snort, the dmesg is seen like below.
>
> "device eth0 left promiscuous mode"
>
> But I can't find PROMISC message when I execute ifconfig while tcpdump
> or snort.
>
> Why the result of the dmesg and ifconfig is different?
>
>
>
> Thanks in advance.
>
> _________________________________________________________________
> MSN Messenger¸¦ ÅëÇØ ¿Â¶óÀÎ»ó¿¡ Àִ ģ±¸¿Í ´ëȸ¦ ³ª´©¼¼¿ä.
> http://messenger.msn.co.kr
-- Craig Van Tassle Ideal Systems, INC Network Administrator Toll-Free:(888)308-9888 Mobile: (224)659-0796 Email: Cvantassle@idealsystems.com
- Previous message: Eric Paynter: "Re: just running tcpdump makes promisc mode?"
- In reply to: Monty Ree: "just running tcpdump makes promisc mode?"
- Next in thread: Skander Ben Mansour: "RE: just running tcpdump makes promisc mode?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
