Re: Promiscuous Mode

On Mon, Mar 24, 2008 at 07:43:58PM +1300, Robin Sheat wrote:
# On Tue, 25 Mar 2008, Muhammad Farooq-i-Azam wrote:
# > In short, if the NIC is not in promiscuous mode, it will discard a
# > packet with an IP matching its own if the destination MAC in the packet
# > is not its own.
# You've answered the inverse of my question :) to clarify my rather bulky
# paragraph in the previous mail,

# if:
# * the NIC is in promiscuous mode, and
# * you receive a packet /p/, and
# * the MAC address in /p/ is _not_ yours, and
# * the IP address in /p/ _is_ yours,
# what do network stacks (not NICs) typically do? Do they respond to the packet
# in any way, or do they understand that because the MAC is different it should
# be ignored? I expect that is what they should do, but I'm curious if it is
# actually the case.
#

In my opinion, the network stack would not care whether the MAC is
different than expected. The TCP/IP stack processes packet headers
on the basis of layer to layer i.e. when processing IP header, the
network stack would not know what the MAC header was in the packet
that it is processing. Same is the case with every other header in
the entire packet.

However, for such packet processing to be meaningful for the entire
operating system which is running the network stack, there should be
a corresponding application running which should utilize the payload
received in the packet and prepare and send the expected response
packets as well.


# --
# Robin <robin@xxxxxxxxxxxxxxx> JabberID: <eythian@xxxxxxxxxxxxxxxxxxxxxx>
#
# Hostes alienigeni me abduxerunt. Qui annus est?
#
# PGP Key 0xA99CEB6D = 5957 6D23 8B16 EFAB FEF8 7175 14D3 6485 A99C EB6D

--
Muhammad Farooq-i-Azam

lists@xxxxxxxxxxxx
http://www.chase.org.pk/

----------------------------------------------------------------------
THEORY
Into love and out again,
Thus I went and thus I go.
Spare your voice, and hold your pen:
Well and bitterly I know
All the songs were ever sung,
All the words were ever said;
Could it be, when I was young,
Someone dropped me on my head?
-- Dorothy Parker
----------------------------------------------------------------------

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

Relevant Pages

  • Re: NFS-related hang in 5.4?
    ... >> netisr context. ... the network stack avoids recursion in processing for ... "complicated" packets by deferring processing an offending packet to a ... network stack from the outbound path. ...
    (freebsd-stable)
  • Re: NFS-related hang in 5.4?
    ... >> All using dummynet in a comparable manner. ... the network stack avoids recursion in processing ... > packet to a thread called the 'netisr'. ...
    (freebsd-stable)
  • Re: Forcedeth driver bug
    ... > Do you really know that the driver don't get the stuck packet. ... I'm not sure it's the driver's fault. ... Such an important bug in the network stack would hardly go unnoticed. ...
    (Linux-Kernel)
  • netisr
    ... I'm studying the network stack and now I'm confronted with something ... It seems ether_demux puts the packet in a netisr queue ... instead of passing it directly to ip_input (if that was the packet's ...
    (freebsd-hackers)
  • RE: Transfer a sending packet to upper TCP/IP protocol layer in IM
    ... If the IPv6 address can be resolved, ... IPv4 header will be larger than the MTU. ... After prepending IPv4 header and UDP header to the original IPv6 packet, ...
    (microsoft.public.development.device.drivers)