tcpdump mailing list archives
Re: Question about "promiscuous" mode
From: Guy Harris <guy () alum mit edu>
Date: Mon, 01 Nov 2004 23:41:46 -0800
(Blah blah blah oops I did it again blah blah blah avoid duplicate message detection blah blah blah.)
Kathy Chen wrote:
I want to know in what situations the machine's network is set to "promiscuous" mode.
It's put into promiscuous mode if an application requests that the interface be put into promiscuous mode.
For example, I know when I execute "tcpdump" on my machine, it's set to be in promiscuous mode.
Only if you run tcpdump without the "-p" flag; the default is promiscuous mode, but "-p" causes tcpdump not to put the interface into promiscuous mode.
Any other cases?
Ethereal and Tethereal will also put the interface into promiscuous mode by default; you'd have to use "-p" as a command-line argument to Tethereal (or Ethereal, if you start the capture from the command line), or turn off the promiscuous mode option in the Ethereal GUI, not to run in promiscuous mode. Some other applications, such as snoop on Solaris (and possibly some other OSes), or Analyzer (on Windows), or other network analyzers, might put the interface into promiscuous mode as well.
And is it correct that without "tcpcump", the network is not in promiscuous mode?
No. Another program might put the interface into promiscuous mode. - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
Current thread:
- Question about "promiscuous" mode Kathy Chen (Nov 01)
- Re: Question about "promiscuous" mode Sebastien Vincent (Nov 01)
- Re: Question about "promiscuous" mode Kathy Chen (Nov 01)
- Re: Question about "promiscuous" mode Guy Harris (Nov 01)
- Re: Question about "promiscuous" mode Guy Harris (Nov 01)
- Re: Question about "promiscuous" mode Sebastien Vincent (Nov 01)