Firewall Wizards mailing list archives
Re: tcpdump on my firewall
From: roel () SiliconDefense com
Date: Fri, 26 Oct 2001 16:44:57 -0700
Hello,
... tcpdump on our firewall ...
Unless you disable the promiscuous part of tcpdump/libpcap, the risk is rather large, you're exposing user level apps to packets that are otherwise dropped, before they get anywhere. Besides whenever an interface goes in promiscuous mode the ip stack has to deal with all packets flying by (Aside from the ones that it needs to process), this of course can have a considerable impact on cpu load depending on the network. On top of that argument is that as soon as you do anything with libpcap/tcpdump, that in itself will have a considerable impact on the cpu, since it has to duplicate every packet... Depending on your network, your users may come after you for lousy internet performance because the fw bogged down to a snail's pace. If you have to put tcpdump on your firewall, make sure it doesn't run as root. (Unless you're on linux in that case you're stuck with running it as root, for other OS'es I can provide you with some instruction on how to run it without root priviledges.) Good luck. -- roel Silicon Defense: Technical Support for Snort! http://www.SiliconDefense.com _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- tcpdump on my firewall hesselsp (Oct 26)
- Re: tcpdump on my firewall Jose Nazario (Oct 26)
- Re: tcpdump on my firewall Frederick M Avolio (Oct 26)
- Re: tcpdump on my firewall Chad Schieken (Oct 27)
- RE: Re: tcpdump on my firewall hesselsp (Oct 28)
- RE: Re: tcpdump on my firewall R. DuFresne (Oct 28)
- RE: Re: tcpdump on my firewall hesselsp (Oct 28)
- Re: tcpdump on my firewall Chad Schieken (Oct 27)
- Re: tcpdump on my firewall hermit1 (Oct 27)
- Re: tcpdump on my firewall Barney Wolff (Oct 28)
- <Possible follow-ups>
- RE: tcpdump on my firewall Ames, Neil (Oct 26)
- RE: tcpdump on my firewall J B (Oct 27)
- Re: tcpdump on my firewall Matthew Jach (Oct 29)
- Re: tcpdump on my firewall Brian Ford (Oct 31)