Greetings,
I sent the below over a week ago and haven't heard a response. I just
wanted to see if you received it and if you had seen similar issues.
Thank you,
Robin
> Greetings,
>
> I have installed tcpdump 3.6.1 and libpcap 0.6.1 on a machine running
> Red Hat Linux release 6.2 the kernel is 2.2.14-5. During testing I
> noticed ps shows tcpdump is running but the ifconfig does not
> show the box in promiscuous mode.I also ran antisniff against the below
> machine and it came back as positive on the arp test indicating the box
> was in promiscuous mode.
>
> I then restarted the machine without starting tcpdump and again ran
> ifconfig and did a antisniff scan. Ifconfig showed the same thing as
> when it should have shown promiscuous mode. Antisniff indicated the
> machine was not in promiscuous mode.
>
> What is your take? Is this a bug or am I missing something? Has this
> been reported on other platforms? Is there a workaround?
>
> root 4119 0.0 0.6 2176 800 pts/0 S 09:53 0:00 tcpdump
> host xxx.xxx.xxx.xxx -w /tmp/testpro.dat
> guest8 4123 0.0 0.6 2496 808 pts/0 R 09:53 0:00 ps -auwx
>
> /sbin/ifconfig #this is when tcpdump was running
> eth0 Link encap:Ethernet HWaddr 00:80:4D:X1:XD:X8
> inet addr:xxx.xxx.xxx.xxx Bcast:xxx.xxx.xxx.255
> Mask:255.255.255.0
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:41438 errors:0 dropped:0 overruns:0 frame:0
> TX packets:23441 errors:2 dropped:0 overruns:0 carrier:2
> collisions:11 txqueuelen:100
> Interrupt:20 Base address:0x1400
>
> lo Link encap:Local Loopback
> inet addr:127.0.0.1 Mask:255.0.0.0
> UP LOOPBACK RUNNING MTU:3924 Metric:1
> RX packets:945 errors:0 dropped:0 overruns:0 frame:0
> TX packets:945 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:0
>
> Your input is much appreciated. Thank you.
> Cheers,
> Robin T
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
