02-25-2008
tcpdump and promiscuous mode (on Linux and HP-UX)
Hallo,
I want to use tcpdump to analyze the NTP traffic on some of my machines. The machines that I want to analyze run HP-UX and linux. To use tcpdump 2 packages are required Libpcap and Tcpdump. I know that tcpdump (libcap?) sets the network interface to promiscuous mode. I have some questions:
1) does the installation itself of libcap/tcpdump set the interface to promiscuous mode mode or does tcpdump set the interface to promiscuous mode when it is started and then it sets back to non promiscuous mode when it is stopped?
2) If the promiscuous mode is activated at installation time, how to deactivate it when I am ready with my analysis? Is it enough to de-install the 2 packages?
3) How to check if the promiscuous mode is activated without installing extra packages? (I do not see anything in the logs (at least on HP-UX) and nothing with dmesg)
4) which are the drawbacks with an active promiscuous mode? I guess higher latency time (?), what about security?, what else?
Most important for me is what happens with the HP-UX machines.
Thanks a lot.
5 More Discussions You Might Find Interesting
1. IP Networking
/* SCO OpenServer 5 */
anyone know an effective way to tell what machines, if any, are running in promiscuous mode??
e0- (1 Reply)
Discussion started by: LowOrderBit
1 Replies
2. SuSE
Hi All,
I used to have my suse linux(VM) server in graphic mode but not anymore since morning. I cant rolback since i loose somuch work. Any idea how to it back to normal. Thanks (6 Replies)
Discussion started by: s_linux
6 Replies
3. AIX
Hi Guys,
What do I need to do to set an physical adapter to promiscuous mode?
The networkport is already spanned/mirrored.
Is this also possible when there is an virtual nic (through vios) configured?
regards,
Randy (7 Replies)
Discussion started by: raba
7 Replies
4. UNIX for Dummies Questions & Answers
Right now I have a computer that I want to use as the monitor for my network. It's currently running Windows 7, and so as I understand it the NIC won't monitor all the traffic on the network. So my question is, if I install Linux on this computer will I be able to force the NIC card into... (1 Reply)
Discussion started by: iJeydon
1 Replies
5. Red Hat
Hi all,
I am using a Linux VM.
Once the node boots up, I am able to access it and it is able to ping its default gateway.
At that time, the config is;
eth1 Link encap:Ethernet HWaddr 00:50:56:01:01:FB
inet addr:142.133.174.246 Bcast:142.133.175.255 ... (1 Reply)
Discussion started by: Junaid Subhani
1 Replies
LEARN ABOUT DEBIAN
tcpdump2xplot
TCPDUMP2XPLOT(1) BSD General Commands Manual TCPDUMP2XPLOT(1)
NAME
tcpdump2xplot -- converts tcpdump output to xplot input for analysis
SYNOPSIS
tcpdump2xplot [-?] [-c] [-help] [-list[filename]] [-plot[filename]] [-q] [-r] [-s] [-t] [-w]
DESCRIPTION
tcpdump2xplot takes the output of
tcpdump -tt -S ...
and plots it in terms of sequence-number versus time, with other info displayed (e.g., the TCP window, acks, etc.).
OPTIONS
-?, -help prints a help message. -c, ``cumulative'', adds all the data coming from a server. -list[filename] prints the list of generated
plot files to filename. -plot[filename] plots the packets from filename. The filename may be built out of a hostname and port number, e.g.:
abc.def.com:1234. The default is
fromhost:fromport-tohost:toport.xplot
where fromhost, fromport, thost, toport are extracted as conversations from the tcpdump data. -q means "quiet" --- no visible output. -r
means use relative sequence numbers. -s means break up conversations on TCP syns. -t convert time to decimal number of seconds. -w plots
the TCP window.
EXAMPLES
SEE ALSO
tcpdump(1), xplot.org(1)
BUGS
tcpdump2xplot may not deal properly with output from tcpdump that is not TCP. Either filter to only tcp or be careful.
HISTORY
The tcpdump2xplot has been contributed by xplot.org users. Thanks to Garret Wollman for contributing the original tcpdump2xplot.pl script
and thanks to Eric Prud'hommeaux (@ w3.org) for making <http://www.w3.org/pub/WWW/config/tcpdump2xplot.pl> available, a much improved ver-
sion. The one included here is a slightly improved version of Eric's.
BSD
27 January 1999 BSD