Aiee :)
Hello!
On Wed, Jan 24, 2001 at 02:19:26PM +0100, Sebastian wrote:
> > IFF_PROMISC is not set, so 'ifconfig' doesn't see the interface in promisc
> > mode.
> Just to make things clear:
>
> the >= 2.2 kernels have a new way of setting promiscous mode via
> setsockopt(). We use this sicne a few month in pcap. It has the advantage
> of thread-safeness. The usage of ioctl() is depreciated. ifconfig doesnt
> show the flag, b/c kernel filters it out. Dont know why.
>
> Administrators should note that they dont see sniffers anymore on >= 2.2
> kernels!
Just use iproute2 by Alexey Kuznetsov (it should replace ifconfig, route
arp (?) and maybe a lot of other stuff - it's even powerfull :)
Really great work Alexey!)
e.g.
(I used a own-made - really bare/stupid program to set promiscuous flag on
my eth0. I did just a setsockopt with packet_mreq{} as libpcap)
sullivan@armageddon# ifconfig eth0 ~
eth0 Link encap:Ethernet HWaddr 00:60:97:F8:89:81
inet addr:192.168.1.5 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2959 errors:0 dropped:0 overruns:0 frame:0
TX packets:1650 errors:0 dropped:0 overruns:0 carrier:0
Collisions:0
Interrupt:3 Base address:0x300
sullivan@armageddon# ip link show eth0 ~
2: eth0: <BROADCAST,MULTICAST,PROMISC,UP> mtu 1500 qdisc pfifo_fast
link/ETHER 00:60:97:f8:89:81 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.5/24 brd 192.168.1.255 scope global eth0
iproute2 uses netlink socket to exchange messages to/from the kernel.
No more /proc is used (AFAIK, just browse its code).
> Sebastian
>
bye bye
-- gg sullivan
--
Lorenzo Cavallaro `Gigi Sullivan' <[EMAIL PROTECTED]>
LibRNet Project Home Page: http://www.sikurezza.org/sullivan
LibRNet Mailing List: [EMAIL PROTECTED]
Until I loved, life had no beauty;
I did not know I lived until I had loved. (Theodor Korner)
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
