Greetings,
I have installed tcpdump 3.6.1 and libpcap 0.6.1 on a machine running
Red Hat Linux release 6.2 the kernel is 2.2.14-5. During testing I
noticed ps shows tcpdump is running but the ifconfig does not
show the box in promiscuous mode.I also ran antisniff against the below
machine and it came back as positive on the arp test indicating the box
was in promiscuous mode.
I then restarted the machine without starting tcpdump and again ran
ifconfig and did a antisniff scan. Ifconfig showed the same thing as
when it should have shown promiscuous mode. Antisniff indicated the
machine was not in promiscuous mode.
What is your take? Is this a bug or am I missing something? Has this
been reported on other platforms? Is there a workaround?
root 4119 0.0 0.6 2176 800 pts/0 S 09:53 0:00 tcpdump
host xxx.xxx.xxx.xxx -w /tmp/testpro.dat
guest8 4123 0.0 0.6 2496 808 pts/0 R 09:53 0:00 ps -auwx
/sbin/ifconfig #this is when tcpdump was running
eth0 Link encap:Ethernet HWaddr 00:80:4D:X1:XD:X8
inet addr:xxx.xxx.xxx.xxx Bcast:xxx.xxx.xxx.255
Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:41438 errors:0 dropped:0 overruns:0 frame:0
TX packets:23441 errors:2 dropped:0 overruns:0 carrier:2
collisions:11 txqueuelen:100
Interrupt:20 Base address:0x1400
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:3924 Metric:1
RX packets:945 errors:0 dropped:0 overruns:0 frame:0
TX packets:945 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
Your input is much appreciated. Thank you.
Cheers,
Robin T
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
