Hi Mark, The option of "any" enables us to monitor multiple interfaces on the machine at the same time.
One example, where I use "any" is, when I attach more than one applications to different virtual IP address on the same machine and I wish to track the message exchanges between these applications. Thanks Regards, Satish On Mon, Aug 17, 2009 at 5:42 PM, Mark Ryden <[email protected]> wrote: > Guy, > Thanks a lot for your answer ! > > This cause me to ask myself: why, in fact, do we need the "any" > pseudo-device > when sniffing in Linux ? Is there any information that we can get with > the "any" pseudo-device when sniffing, that we can't get without it? > > Regards, > Mark > > > On Thu, Aug 13, 2009 at 3:35 PM, Guy Harris<[email protected]> wrote: > > > > On Aug 13, 2009, at 2:44 AM, Mark Ryden wrote: > > > >> I had noticed that when running tshark in Pseudo-device mode (tshark > >> -i any), the > >> machine does not enter promiscuos mode, whereas in the usual case, > >> such as > >> thsark -i eth0 (or without "-i" option at all), it does enter > >> promiscuos mode. > >> (I tested it on Linux). > > > > There is no notion at the hardware level of a machine being in > > promiscuous mode; there is only a notion, for devices on "broadcast" > > networks such as Ethernet, of a network adapter being in promiscuous > > mode. Neither Linux nor any other OS I know of have any notion of a > > machine being in promiscuous mode, either, just of a device being in > > that mode. > > > >> I would appreciate if somebody can explain in few sentences why is > >> it so. > > > > It's because libpcap implements the "any" pseudo-device on Linux by > > creating a PF_PACKET socket but not binding it to a particular > > device. (On other platforms, it's not implemented at all.) The Linux > > socket calls to turn promiscuous mode on don't work on sockets such as > > that - the kernel rejects them rather than setting promiscuous mode on > > all devices in the system. > > > > > ___________________________________________________________________________ > > Sent via: Wireshark-dev mailing list <[email protected]> > > Archives: http://www.wireshark.org/lists/wireshark-dev > > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > > mailto:[email protected] > ?subject=unsubscribe > > > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <[email protected]> > Archives: http://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > mailto:[email protected]?subject=unsubscribe > -- Satish Chandra
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
