Date: Tue, 14 Aug 2001 15:15:20 +0800 (China Standard Time) From: Spencer Chan <hmchan@alumni.cuhk.edu.hk> To: Eric Parusel <lists@globalrelay.net> Cc: "Chad R. Larson" <chad@DCFinc.com>, FreeBSD Stable List <stable@FreeBSD.ORG> Subject: Re: promiscuous but silent Message-ID: <Pine.WNT.4.21.0108141511560.-531691@shmchan.nortel.com> In-Reply-To: <004301c12488$52f69b10$57954c18@cns>
next in thread | previous in thread | raw e-mail | index | archive | help
It depends. The hub may not forward frames to you if it cannot detect your link. I use to just do a ifconfig up *without* specifying any IP address. Just to keep tcpdump happy that the interface is up. On Mon, 13 Aug 2001, Eric Parusel wrote: > Try cutting the "Transmit" pair :) > (not sure if it's wires 1&2 or 3&6) > > http://archives.neohapsis.com/archives/snort/2001-06/0268.html > > > > I want to monitor the behavior of a firewall we're evaluating. I'd > > like to run Ethereal or tcpdump and/or other such tools on both > > sides of the firewall, to convince myself it's doing what it claims > > to do (and don't even ask why I think it isn't). > > > > With one of those $25 four port hubs, I can get a FreeBSD notebook > > in parallel with the firewall's input. But I want to be absolutely > > sure the notebook stays quiet. That is, no ARP for its ownself when > > bringing up the interface, nor responses to the network broadcast > > address. Nada. > > > > But, tcpdump and friends need to be able to put the interface into > > promiscuous mode and copy =all= the traffic it sees. > > > > Should it be obvious how to do that, or is something tricky > > involved? > > > > -crl > > -- > > Chad R. Larson (CRL15) 602-953-1392 Brother, can you paradigm? > > chad@dcfinc.com chad@larsons.org larson1@home.com > > DCF, Inc. - 14623 North 49th Place, Scottsdale, Arizona 85254-2207 > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-stable" in the body of the message > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-stable" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.WNT.4.21.0108141511560.-531691>