Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: tcpdump and promiscuous mode (on Linux and HP-UX)
Special Forums IP Networking tcpdump and promiscuous mode (on Linux and HP-UX) Post 302170293 by one71 on Monday 25th of February 2008 05:28:00 AM
Old 02-25-2008
tcpdump and promiscuous mode (on Linux and HP-UX)
Hallo,

I want to use tcpdump to analyze the NTP traffic on some of my machines. The machines that I want to analyze run HP-UX and linux. To use tcpdump 2 packages are required Libpcap and Tcpdump. I know that tcpdump (libcap?) sets the network interface to promiscuous mode. I have some questions:

1) does the installation itself of libcap/tcpdump set the interface to promiscuous mode mode or does tcpdump set the interface to promiscuous mode when it is started and then it sets back to non promiscuous mode when it is stopped?

2) If the promiscuous mode is activated at installation time, how to deactivate it when I am ready with my analysis? Is it enough to de-install the 2 packages?

3) How to check if the promiscuous mode is activated without installing extra packages? (I do not see anything in the logs (at least on HP-UX) and nothing with dmesg)

4) which are the drawbacks with an active promiscuous mode? I guess higher latency time (?), what about security?, what else?

Most important for me is what happens with the HP-UX machines.

Thanks a lot.
 

5 More Discussions You Might Find Interesting

1. IP Networking

promiscuous mode machines

/* SCO OpenServer 5 */ anyone know an effective way to tell what machines, if any, are running in promiscuous mode?? e0- (1 Reply)
Discussion started by: LowOrderBit
1 Replies

2. SuSE

Convet Linux OS from text mode to graphic mode

Hi All, I used to have my suse linux(VM) server in graphic mode but not anymore since morning. I cant rolback since i loose somuch work. Any idea how to it back to normal. Thanks (6 Replies)
Discussion started by: s_linux
6 Replies

3. AIX

promiscuous mode AIX

Hi Guys, What do I need to do to set an physical adapter to promiscuous mode? The networkport is already spanned/mirrored. Is this also possible when there is an virtual nic (through vios) configured? regards, Randy (7 Replies)
Discussion started by: raba
7 Replies

4. UNIX for Dummies Questions & Answers

Will Linux force NIC into promiscuous mode?

Right now I have a computer that I want to use as the monitor for my network. It's currently running Windows 7, and so as I understand it the NIC won't monitor all the traffic on the network. So my question is, if I install Linux on this computer will I be able to force the NIC card into... (1 Reply)
Discussion started by: iJeydon
1 Replies

5. Red Hat

Interface goes into promiscuous mode

Hi all, I am using a Linux VM. Once the node boots up, I am able to access it and it is able to ping its default gateway. At that time, the config is; eth1 Link encap:Ethernet HWaddr 00:50:56:01:01:FB inet addr:142.133.174.246 Bcast:142.133.175.255 ... (1 Reply)
Discussion started by: Junaid Subhani
1 Replies

LEARN ABOUT DEBIAN

tcpdump2xplot

TCPDUMP2XPLOT(1)					    BSD General Commands Manual 					  TCPDUMP2XPLOT(1)

NAME

     tcpdump2xplot -- converts tcpdump output to xplot input for analysis

SYNOPSIS

     tcpdump2xplot [-?] [-c] [-help] [-list[filename]] [-plot[filename]] [-q] [-r] [-s] [-t] [-w]

DESCRIPTION

     tcpdump2xplot takes the output of
	   tcpdump -tt -S ...
     and plots it in terms of sequence-number versus time, with other info displayed (e.g., the TCP window, acks, etc.).

OPTIONS

     -?, -help prints a help message.  -c, ``cumulative'', adds all the data coming from a server.  -list[filename] prints the list of generated
     plot files to filename.  -plot[filename] plots the packets from filename. The filename may be built out of a hostname and port number, e.g.:
     abc.def.com:1234. The default is
	   fromhost:fromport-tohost:toport.xplot
     where fromhost, fromport, thost, toport are extracted as conversations from the tcpdump data.  -q means "quiet" --- no visible output.  -r
     means use relative sequence numbers.  -s means break up conversations on TCP syns.  -t convert time to decimal number of seconds.	-w plots
     the TCP window.

EXAMPLES

SEE ALSO

     tcpdump(1), xplot.org(1)

BUGS

     tcpdump2xplot may not deal properly with output from tcpdump that is not TCP.  Either filter to only tcp or be careful.

HISTORY

     The tcpdump2xplot has been contributed by xplot.org users.  Thanks to Garret Wollman for contributing the original tcpdump2xplot.pl script
     and thanks to Eric Prud'hommeaux (@ w3.org) for making <http://www.w3.org/pub/WWW/config/tcpdump2xplot.pl> available, a much improved ver-
     sion.  The one included here is a slightly improved version of Eric's.

BSD
								  27 January 1999							       BSD
All times are GMT -4. The time now is 09:13 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy