The FreeBSD Diary

The FreeBSD Diary (TM)

Providing practical examples since 1998

If you buy from Amazon USA, please support us by using this link.
[ HOME | TOPICS | INDEX | WEB RESOURCES | BOOKS | CONTRIBUTE | SEARCH | FEEDBACK | FAQ | FORUMS ]

FreeBSD Support
 New Topic  |  Go to Top  |  Go to Topic  |  Search  |  Log In   Newer Topic  |  Older Topic 
 promiscuous mode... help
Author: green 
Date:   21-11-00 01:57

very often i've got this kernel messages:

Nov 21 00:02:48 mega /kernel: ppp0: promiscuous mode enabled
Nov 21 00:02:58 mega /kernel: ppp0: promiscuous mode disabled
Nov 21 00:06:15 mega /kernel: ed0: promiscuous mode enabled
Nov 21 00:06:38 mega /kernel: ed0: promiscuous mode disabled
Nov 21 00:06:49 mega /kernel: ed1: promiscuous mode enabled
Nov 21 00:07:03 mega /kernel: ed1: promiscuous mode disabled
Nov 21 00:07:06 mega /kernel: ppp0: promiscuous mode enabled
Nov 21 00:07:23 mega /kernel: ppp0: promiscuous mode disabled
Nov 21 00:10:23 mega /kernel: ed0: promiscuous mode enabled
Nov 21 00:10:36 mega /kernel: ed0: promiscuous mode disabled

plz help me ?
what this ?

Reply To This Message
 
 RE: promiscuous mode... help
Author: Dan Langille 
Date:   21-11-00 02:54

Promiscuous mode means the card is reading everything that comes to it. Normally, it reads only those packets which are addressed to that card. Promiscuous mode can be useful for various debugging tools, such as tcpdump. Such tools put the card into promiscuous mode in order to read all the network traffic flowing past.

Have you been running tcpdump? Are you the only user on this box? If not, it could, I repeat could be that someone else is running tcpdump, or something similar, in order to sniff your traffic (e.g. for gathering passwords etc).


Reply To This Message
 
 RE: promiscuous mode... help
Author: green 
Date:   21-11-00 14:21

very often i run trafshow
how do you think, kernel enables promiscuous mode then i run trafshow?

Reply To This Message
 
 RE: promiscuous mode... help
Author: Don Brearley 
Date:   21-11-00 18:11


Green,

Yeah chances are, its trafshow that is doing it.

You should run it, and see if that message appears when you run it.

- Don



Reply To This Message
 
 RE: promiscuous mode... help
Author: Dan Langille 
Date:   21-11-00 20:46

I have never used trafshow. But Don's suggestion is good.

On one screen, run tail -f /var/log/messages.

On another screen, run trafshow. See if the messages appear in the first screen.

Reply To This Message
 
 RE: promiscuous mode... help
Author: Daniel Schrock 
Date:   22-11-00 17:38

It is your trafshow. I use it quite a bit. I would worry about it too much if you are the only user on the box, but i would keep an eye on it. Just to make sure your card isn't in promiscuous mode without you putting it in that mode.

Last months issue of SysAdmin had some nice security scripts that run as a cronjob. One of the scripts checks the network interfaces for promiscuous mode and emails you if it finds a problem. They are originally for Sun and Linux but after few path changes and tweaks, they work great in FreeBSD. I set some scripts to run every hour, the rest to run once a day, and then email my cell phone as soon as it finds a problem. Very nice.

ftp://ftp.mfi.com/pub/sysadmin/2000/nov2000.tar.Z
or just go to http://www.sysadminmag.com


Reply To This Message
 
 RE: promiscuous mode... help
Author: Dan Langille 
Date:   22-11-00 19:27

Sounds like <a href="http://freshports.org/port-description.php3?port=2691">logcheck</a>. But AFAIK, logcheck does much more thatn just check for promiscuous mode. It looks through /var/log/messages (for example) and reports anything which appears and isn't on an "ignore" list.

Reply To This Message
 
 RE: promiscuous mode... help
Author: green 
Date:   22-11-00 20:09

thanx to all of you ! :)

Reply To This Message
 
 RE: promiscuous mode... help
Author: Don Brearley 
Date:   23-11-00 00:58


The bill is in the mail :)


(yes that was a big boooooo I know)

- Don



Reply To This Message
 Forum List  |  Threaded View   Newer Topic  |  Older Topic 


 Forum List  |  Need a Login? Register Here 
 User Login
 User Name:
 Password:
 Remember my login:
   
 Forgot Your Password?
Enter your email address or user name below and a new password will be sent to the email address associated with your profile.
How to get the most out of the forum

phorum.org