Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: tcpdump and promiscuous mode (on Linux and HP-UX)
Special Forums IP Networking tcpdump and promiscuous mode (on Linux and HP-UX) Post 302170293 by one71 on Monday 25th of February 2008 05:28:00 AM
Old 02-25-2008
tcpdump and promiscuous mode (on Linux and HP-UX)
Hallo,

I want to use tcpdump to analyze the NTP traffic on some of my machines. The machines that I want to analyze run HP-UX and linux. To use tcpdump 2 packages are required Libpcap and Tcpdump. I know that tcpdump (libcap?) sets the network interface to promiscuous mode. I have some questions:

1) does the installation itself of libcap/tcpdump set the interface to promiscuous mode mode or does tcpdump set the interface to promiscuous mode when it is started and then it sets back to non promiscuous mode when it is stopped?

2) If the promiscuous mode is activated at installation time, how to deactivate it when I am ready with my analysis? Is it enough to de-install the 2 packages?

3) How to check if the promiscuous mode is activated without installing extra packages? (I do not see anything in the logs (at least on HP-UX) and nothing with dmesg)

4) which are the drawbacks with an active promiscuous mode? I guess higher latency time (?), what about security?, what else?

Most important for me is what happens with the HP-UX machines.

Thanks a lot.
 

5 More Discussions You Might Find Interesting

1. IP Networking

promiscuous mode machines

/* SCO OpenServer 5 */ anyone know an effective way to tell what machines, if any, are running in promiscuous mode?? e0- (1 Reply)
Discussion started by: LowOrderBit
1 Replies

2. SuSE

Convet Linux OS from text mode to graphic mode

Hi All, I used to have my suse linux(VM) server in graphic mode but not anymore since morning. I cant rolback since i loose somuch work. Any idea how to it back to normal. Thanks (6 Replies)
Discussion started by: s_linux
6 Replies

3. AIX

promiscuous mode AIX

Hi Guys, What do I need to do to set an physical adapter to promiscuous mode? The networkport is already spanned/mirrored. Is this also possible when there is an virtual nic (through vios) configured? regards, Randy (7 Replies)
Discussion started by: raba
7 Replies

4. UNIX for Dummies Questions & Answers

Will Linux force NIC into promiscuous mode?

Right now I have a computer that I want to use as the monitor for my network. It's currently running Windows 7, and so as I understand it the NIC won't monitor all the traffic on the network. So my question is, if I install Linux on this computer will I be able to force the NIC card into... (1 Reply)
Discussion started by: iJeydon
1 Replies

5. Red Hat

Interface goes into promiscuous mode

Hi all, I am using a Linux VM. Once the node boots up, I am able to access it and it is able to ping its default gateway. At that time, the config is; eth1 Link encap:Ethernet HWaddr 00:50:56:01:01:FB inet addr:142.133.174.246 Bcast:142.133.175.255 ... (1 Reply)
Discussion started by: Junaid Subhani
1 Replies

LEARN ABOUT X11R4

pcap_activate

PCAP_ACTIVATE(3PCAP)													      PCAP_ACTIVATE(3PCAP)

NAME

       pcap_activate - activate a capture handle

SYNOPSIS

       #include <pcap/pcap.h>

       int pcap_activate(pcap_t *p);

DESCRIPTION

       pcap_activate() is used to activate a packet capture handle to look at packets on the network, with the options that were set on the handle
       being in effect.

RETURN VALUE

       pcap_activate() returns 0 on success without warnings, PCAP_WARNING_PROMISC_NOTSUP on success on a device that doesn't support  promiscuous
       mode  if  promiscuous  mode  was  requested,  PCAP_WARNING_TSTAMP_TYPE_NOTSUP  on  success  if  the time stamp type specified in a previous
       pcap_set_tstamp_type() call isn't supported by the capture source (the time stamp type is left as the  default),  PCAP_WARNING  on  success
       with  any  other  warning,  PCAP_ERROR_ACTIVATED  if the handle has already been activated, PCAP_ERROR_NO_SUCH_DEVICE if the capture source
       specified when the handle was created doesn't exist, PCAP_ERROR_PERM_DENIED if the process doesn't have	permission  to	open  the  capture
       source,	PCAP_ERROR_PROMISC_PERM_DENIED if the process has permission to open the capture source but doesn't have permission to put it into
       promiscuous  mode,  PCAP_ERROR_RFMON_NOTSUP  if	monitor  mode  was  specified  but  the  capture  source  doesn't  support  monitor  mode,
       PCAP_ERROR_IFACE_NOT_UP	if  the  capture  source  is  not  up, and PCAP_ERROR if another error occurred.  If PCAP_WARNING or PCAP_ERROR is
       returned, pcap_geterr() or pcap_perror() may be called with p as an argument to fetch or display a message describing the warning or error.
       If  PCAP_WARNING_PROMISC_NOTSUP,  PCAP_ERROR_NO_SUCH_DEVICE,  or  PCAP_ERROR_PERM_DENIED is returned, pcap_geterr() or pcap_perror() may be
       called with p as an argument to fetch or display an message giving additional details about the problem that might be useful for  debugging
       the problem if it's unexpected.

SEE ALSO

       pcap(3PCAP)

								   5 April 2008 					      PCAP_ACTIVATE(3PCAP)
All times are GMT -4. The time now is 07:37 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy