[26317] in bugtraq
Re: Interface promiscuity obscurity in Linux
daemon@ATHENA.MIT.EDU (Glynn Clements)
Thu Jul 25 13:06:14 2002
From: Glynn Clements <glynn.clements@virgin.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <15679.30075.748098.171790@cerise.nosuchdomain.co.uk>
Date: Thu, 25 Jul 2002 04:50:19 +0100
To: Ricardo Branco <97-29312@ldc.usb.ve>
Cc: <bugtraq@securityfocus.com>
In-Reply-To: <Pine.GSO.4.32.0207250011340.5286-100000@korba.ldc.usb.ve>
Ricardo Branco wrote:
> Using libpcap to put the interface in promiscuous mode, will cause that
> ifconfig(8) doesn't show it!
>
> libpcap uses setsockopt(..., SOL_PACKET, PACKET_ADD_MEMBERSHIP, ...) with
> PACKET_MR_PROMISC to set the interface in promiscuous mode.
>
> I notified this to the tcpdump-workers mailing list and the problem is
> that the setsockopt() sets the promisc flag in a variable that is not the
> same as the one that the SIOCGIFFLAGS ioctl() reads. I don't have the
> kernel source right now to make this advisory more precise.
This issue was discussed extensively on the linux-net list back in
February, in the thread entitled "IFF_PROMISC bug?":
http://marc.theaimsgroup.com/?t=101356558000002&r=1&w=2
--
Glynn Clements <glynn.clements@virgin.net>
