You can manually set your interface to promiscuous mode as follows (for
more, try 'man ifconfig')
[root@ishamael cdparanoia-IIIa9.6]# ifconfig eth0 promisc
Afterwards, this is what your ifconfig will look like. Note the
'PROMISC' in the third line of the stdout.
[root@ishamael cdparanoia-IIIa9.6]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:C0:4F:45:68:F7
inet addr:10.0.0.4 Bcast:10.255.255.255 Mask:255.0.0.0
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:507120 errors:0 dropped:0 overruns:0 frame:0
TX packets:1256155 errors:0 dropped:0 overruns:0 carrier:0
collisions:301635 txqueuelen:100
Interrupt:11 Base address:0xdc00
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:3924 Metric:1
RX packets:8731 errors:0 dropped:0 overruns:0 frame:0
TX packets:8731 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
This is how you set your interface to non-promiscuous mode:
[root@ishamael cdparanoia-IIIa9.6]# ifconfig eth0 -promisc
And this is what your normal 'ifconfig' should look like:
[root@ishamael cdparanoia-IIIa9.6]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:C0:4F:45:68:F7
inet addr:10.0.0.4 Bcast:10.255.255.255 Mask:255.0.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:507120 errors:0 dropped:0 overruns:0 frame:0
TX packets:1256155 errors:0 dropped:0 overruns:0 carrier:0
collisions:301635 txqueuelen:100
Interrupt:11 Base address:0xdc00
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:3924 Metric:1
RX packets:8731 errors:0 dropped:0 overruns:0 frame:0
TX packets:8731 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
[root@ishamael
cdparanoia-IIIa9.6]#
Hope this helps,
Monte
Ken Wilson wrote:
>
> If you watch the start up you will normally see a message when your nic
> is switched to promiscuous mode. Other than that, check in
> '/var/log/messages' to see what actually occurred when your machine was
> last started.
>
> Seeing that you do not say you are running a sniffer, which I'm sure
> you'd know because that would be a deliberate addition on your part, I
> would suspect 'arpwatch' as a potential client. If you don't have any
> need for mapping mac addresses to ip addresses on your net work you can
> turn 'arpwatch' off.
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Robert J Bartels
> Sent: May 2, 2000 12:16 PM
> To: [EMAIL PROTECTED]
> Subject: [expert] promiscuous mode
>
> I've been getting this security warning for the past few weeks.
> May 2 11:03:01 charm : Security warning : eth0 is in promiscuous mode.
> May 2 11:03:01 charm : A sniffer is probably running on your
> system.
>
> 1> How can I tell if eth0 is currently in promiscuous mode?
> 2> How can I tell what program is making it run in p mode?
> 3> The network connection for this machine has been messed up..
> i.e. While running a ftp server the outbound connections slow down
> to
> a crawl
> every so often... I get disconnected from home while using ssh... Could
> this
> p mode be causing this??
>
> 4> How can I fix this without reloading the whole system??
>
> Thanks a bunch!
>
> Bob
__________________________________________________
Do You Yahoo!?
Talk to your friends online with Yahoo! Messenger.
http://im.yahoo.com
