Promiscuous Mode Question
This is a discussion on Promiscuous Mode Question within the Linux Security forums, part of the System Security and Security Related category; Running Root Kit Hunter reports that eth0 is in promiscuous mode, however, running ifconfig shows the below: eth0 Link encap:...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
09-18-2004
|
|||
|
|||
Promiscuous Mode Question
Running Root Kit Hunter reports that eth0 is in promiscuous mode, however,
running ifconfig shows the below: eth0 Link encap:Ethernet HWaddr 00:50:FC:2C:93:EE inet addr:192.168.1.2 Bcast:192.168.1.3 Mask:255.255.255.252 UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU:1500 Metric:1 RX packets:3324705 errors:0 dropped:0 overruns:0 frame:0 TX packets:2652514 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:3973739921 (3789.6 Mb) TX bytes:198962665 (189.7 Mb) Interrupt:11 Base address:0xb000 It doesn't appear that I am to me, or am I missing something here? -- Chris Registered Linux User 283774 http://counter.li.org 11:54am up 10 days, 16:33, 1 user, load average: 0.02, 0.14, 0.10 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~ I am not a politician and my other habits are also good. -- A. Ward ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~ 
|
|
09-19-2004
|
|||
|
|||
|
Re: Promiscuous Mode Question
Chris wrote:
> Running Root Kit Hunter reports that eth0 is in promiscuous mode, however, > running ifconfig shows the below: > > eth0 Link encap:Ethernet HWaddr 00:50:FC:2C:93:EE > inet addr:192.168.1.2 Bcast:192.168.1.3 Mask:255.255.255.252 > UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:3324705 errors:0 dropped:0 overruns:0 frame:0 > TX packets:2652514 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:100 > RX bytes:3973739921 (3789.6 Mb) TX bytes:198962665 (189.7 Mb) > Interrupt:11 Base address:0xb000 > > It doesn't appear that I am to me, or am I missing something here? If a program uses libpcap to put a device in promiscuous mode, ifconfig will not report it. There are two ways to put a device into promiscuous mode. libpcap uses one of them. ifconfig uses/tests the other.
|
|
09-20-2004
|
|||
|
|||
|
Re: Promiscuous Mode Question
Chris wrote:
> Allen Kistler wrote: > > If a program uses libpcap to put a device in promiscuous mode, > ifconfig > > will not report it. There are two ways to put a device into > promiscuous > > mode. libpcap uses one of them. ifconfig uses/tests the other. > > Allen, how then can I check for sure the I'm either in promiscuous > mode or > I'm not? Supposedly ip link ls dev eth0 should show it, but it doesn't appear to work on my system. I've seen code snippets in some references. Apparently chkrootkit knows how to do it.
|
|
09-20-2004
|
|||
|
|||
|
Re: Promiscuous Mode Question
Allen Kistler wrote:
> > Allen, how then can I check for sure the I'm either in promiscuous > > mode or > > I'm not? > > Supposedly > > ip link ls dev eth0 > > should show it, but it doesn't appear to work on my system. > > I've seen code snippets in some references. Apparently chkrootkit knows > how to do it. Allen, found out the cause was prelude, if I run ip link show eth0 with prelude running I'm in promiscuous mode, if I shut prelude down I'm not. Thanks for your help -- Chris Registered Linux User 283774 http://counter.li.org 10:06pm up 12 days, 2:46, 1 user, load average: 0.18, 0.24, 0.30 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~ .... ich bin in einem dusenjet ins jahr 53 vor chr ... ich lande im antiken Rom ... einige gladiatoren spielen scrabble ... ich rieche PIZZA ... ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~
|
Linear Mode
