|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
RE: [PLUG] trapping web site communications
|
--> [mailto:plug-admin@lists.phillylinux.org]On Behalf Of eric@lucii.org
--> Sent: Sunday, August 17, 2003 12:46 PM
--> To: plug@lists.phillylinux.org
--> Subject: Re: [PLUG] trapping web site communications
<snip>
--> That brings up another point... How can I tell if the network interface
--> is in promiscuous mode? It's a 10/100 Intel card internal to the IBM
--> X20 laptop. A friend tells me that some cards will not do promiscuous
--> mode (moral objections? :-)
<snip>
(While far from authoritative on Linux, since the list volume is low
recently on weekends I'll jump in.)
It is true that some cards will not support promiscuous mode.
from man ifconfig on Red Hat 9:
[-]promisc
Enable or disable the promiscuous mode of the interface.
If
selected, all packets on the network will be received by
the
interface.
Once you turn it on it looks like there'll be a flag showing it's on when
you do for ex. ifconfig eth0
To test I would put the sniffer machine [S] on the hub with two other
devices [A] and [B]:
>From [A] ping [S], and you should see the ping in ethereal.
>From [A] ping [B] and if working [S] will see it, if not working then [S]
won't see it.
I think ping is a uni-cast thing, and thus this will test it.
IIRC there is a config file in which you specify the interface as
promiscuous, but can't find it at the moment.
Also of note is that some switches have a management port which when set the
right way allows a sniffer attached to it to snif properly.
_________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.netisland.net/mailman/listinfo/plug-announce
General Discussion -- http://lists.netisland.net/mailman/listinfo/plug
|
|