Re: Question about "promiscuous" mode

[Guy Harris <guy () alum mit edu>]

(Blah blah blah oops I did it again blah blah blah avoid duplicate 
message detection blah blah blah.)

Kathy Chen wrote:

> I want to know in what situations the machine's
> network is set to "promiscuous" mode.

It's put into promiscuous mode if an application requests that the
interface be put into promiscuous mode.

> For example, I
> know when I execute "tcpdump" on my machine, it's set
> to be in promiscuous mode.

Only if you run tcpdump without the "-p" flag; the default is
promiscuous mode, but "-p" causes tcpdump not to put the interface into
promiscuous mode.

> Any other cases?

Ethereal and Tethereal will also put the interface into promiscuous mode
by default; you'd have to use "-p" as a command-line argument to
Tethereal (or Ethereal, if you start the capture from the command line),
or turn off the promiscuous mode option in the Ethereal GUI, not to run
in promiscuous mode.

Some other applications, such as snoop on Solaris (and possibly some
other OSes), or Analyzer (on Windows), or other network analyzers, might
put the interface into promiscuous mode as well.

> And is it correct that without "tcpcump", the network
> is not in promiscuous mode?

No.  Another program might put the interface into promiscuous mode.

-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.