The UNIX and Linux Forums  

Go Back   The UNIX and Linux Forums > Special Forums > IP Networking
Reload this Page tcpdump and promiscuous mode (on Linux and HP-UX)
Google UNIX.COM
Forums Portal Register Rules & FAQContribute Members List Arcade Search Today's Posts Mark Forums Read



Thread: tcpdump and promiscuous mode (on Linux and HP-UX)
View Single Post in UNIX Forums - Click on the Thread or Permalink to View Entire Thread -->
  #1 (permalink)  
Old 02-25-2008
one71 one71 is offline
Registered User
  

Join Date: Feb 2008
Posts: 8
tcpdump and promiscuous mode (on Linux and HP-UX)
Hallo,

I want to use tcpdump to analyze the NTP traffic on some of my machines. The machines that I want to analyze run HP-UX and linux. To use tcpdump 2 packages are required Libpcap and Tcpdump. I know that tcpdump (libcap?) sets the network interface to promiscuous mode. I have some questions:

1) does the installation itself of libcap/tcpdump set the interface to promiscuous mode mode or does tcpdump set the interface to promiscuous mode when it is started and then it sets back to non promiscuous mode when it is stopped?

2) If the promiscuous mode is activated at installation time, how to deactivate it when I am ready with my analysis? Is it enough to de-install the 2 packages?

3) How to check if the promiscuous mode is activated without installing extra packages? (I do not see anything in the logs (at least on HP-UX) and nothing with dmesg)

4) which are the drawbacks with an active promiscuous mode? I guess higher latency time (?), what about security?, what else?

Most important for me is what happens with the HP-UX machines.

Thanks a lot.
Reply With Quote
Forum Sponsor