[26303] in bugtraq
Re: Interface promiscuity obscurity in Linux
daemon@ATHENA.MIT.EDU (plattner@caltech.edu)
Wed Jul 24 19:43:51 2002
Date: Wed, 24 Jul 2002 18:21:46 -0500
From: plattner@caltech.edu
To: Rasmus B?g Hansen <moffe@amagerkollegiet.dk>
Cc: Ricardo Branco <97-29312@ldc.usb.ve>, bugtraq@securityfocus.com
Message-ID: <20020724232146.GA23775@aaron.homeip.net>
Mail-Followup-To: Rasmus B?g Hansen <moffe@amagerkollegiet.dk>,
Ricardo Branco <97-29312@ldc.usb.ve>, bugtraq@securityfocus.com
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="u3/rZRmxL6MmkK24"
Content-Disposition: inline
In-Reply-To: <Pine.LNX.4.44.0207250101220.19904-100000@grignard.amagerkollegiet.dk>
--u3/rZRmxL6MmkK24
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Thu, Jul 25, 2002 at 01:06:02AM +0200, Rasmus B?g Hansen wrote:
> On Thu, 25 Jul 2002, Ricardo Branco wrote:
>=20
> > This affects Linux 2.2 and 2.4
> >
> > Using libpcap to put the interface in promiscuous mode, will cause that
> > ifconfig(8) doesn't show it!
> >
> > libpcap uses setsockopt(..., SOL_PACKET, PACKET_ADD_MEMBERSHIP, ...) wi=
th
> > PACKET_MR_PROMISC to set the interface in promiscuous mode.
>=20
> I can confirm that with 2.4.19-rc3. When using tcpdump (with libpcap),
> ifconfig does not report, that the interface is in promiscous mode:
ip (from iproute2), however, DOES report interfaces that are promiscuous:
aaron root # tethereal -n -i eth0 > /dev/null &
[2] 23793
aaron root # Capturing on eth0
ifconfig eth0
eth0 Link encap:Ethernet HWaddr 00:20:78:02:00:00
inet addr:192.168.0.2 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::220:78ff:fe02:0/10 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:371623 errors:0 dropped:0 overruns:0 frame:0
TX packets:396584 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:131646171 (125.5 Mb) TX bytes:128753858 (122.7 Mb)
Interrupt:12 Base address:0xd000
aaron root # ip link ls dev eth0
2: eth0: <BROADCAST,MULTICAST,PROMISC,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:20:78:02:00:00 brd ff:ff:ff:ff:ff:ff
aaron root # ldd /usr/bin/tethereal | grep pcap
libpcap.so.0 =3D> /usr/lib/libpcap.so.0 (0x40143000)
aaron root #
--u3/rZRmxL6MmkK24
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE9PzaJ5lBcW90Nc7oRAuQBAKCqbBbfKTjXXfjrdaGbhu/+v+eCQQCgiyJY
Fb+uzwPD8UuRTEOZOAF/4tI=
=USRz
-----END PGP SIGNATURE-----
--u3/rZRmxL6MmkK24--
