From owner-freebsd-net Tue May 23 17: 6: 3 2000 Delivered-To: freebsd-net@freebsd.org Received: from mail-out2.apple.com (mail-out2.apple.com [17.254.0.51]) by hub.freebsd.org (Postfix) with ESMTP id 8DA1D37BA6C for ; Tue, 23 May 2000 17:05:59 -0700 (PDT) (envelope-from justin@rhapture.apple.com) Received: from mailgate1.apple.com (A17-128-100-225.apple.com [17.128.100.225]) by mail-out2.apple.com (8.9.3/8.9.3) with ESMTP id RAA23258 for ; Tue, 23 May 2000 17:05:58 -0700 (PDT) Received: from scv1.apple.com (scv1.apple.com) by mailgate1.apple.com (Content Technologies SMTPRS 4.1.5) with ESMTP id ; Tue, 23 May 2000 17:05:43 -0700 Received: from rhapture.apple.com (rhapture.apple.com [17.202.40.59]) by scv1.apple.com (8.9.3/8.9.3) with ESMTP id RAA14623; Tue, 23 May 2000 17:05:58 -0700 (PDT) Received: by rhapture.apple.com (8.9.1/8.9.1) id RAA00688; Tue, 23 May 2000 17:05:58 -0700 (PDT) Message-Id: <200005240005.RAA00688@rhapture.apple.com> To: Olaf Hoyer Subject: Re: BPF vs. promiscuous mode Cc: freebsd-net@freebsd.org Date: Tue, 23 May 2000 17:05:56 -0700 From: "Justin C. Walker" Reply-To: justin@apple.com X-Mailer: by Apple MailViewer (2.105.dev) Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > From: Olaf Hoyer > Date: 2000-05-23 16:42:57 -0700 > To: freebsd-net@FreeBSD.ORG > Subject: BPF vs. promiscuous mode > Delivered-to: freebsd-net@freebsd.org > X-Sender: ohoyer@mail.rz.fh-wilhelmshaven.de > X-Loop: FreeBSD.org > X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1 > > hi! > > Whats the real difference between the berkeley packet filter and > promiscuous mode? The Berkeley Packet Filter is a mechanism to filter incoming packets based on a "machine language" scheme that is supposed to compile filter requests into a matching algorithm. It can act on a variety of network devices, even those that don't support anything like "promiscuous mode". Promiscuous mode is an operating mode of some network interfaces that causes them to accept packets other than those that are directly or indirectly (broadcast, multicast) addressed to the interface. The two concepts are only marginally related. > Any URLs explaining that? Don't know them off-hand. > Also, what about detecting some folks using that from an administrative > point of view, e.g. running some software like Antisniff? Check the mail archives. There are only mildly effective ways of doing this. > BTW: Which mechanisms one can use to "fake" MAC entries on (preferrable) > Linux systems, and how to detect them? I'm not sure what a "fake" MAC 'entry' would be. First, 'entry' where? Second, how "fake". Do you mean "different from the one that's in the adapter's address ROM"? Third, this is a BSD list, not a Linux list. If you need info specific to Linux, try a different list. > On our dorm network some students do some things that, seen from an > administrative point of view, needs to get some ... measures... Ah, those pesky students. We tend to hire them if they get too pesky :-}. Regards, Justin -- Justin C. Walker, Curmudgeon-At-Large * Institute for General Semantics | Manager, CoreOS Networking | When crypto is outlawed, Apple Computer, Inc. | Only outlaws will have crypto. 2 Infinite Loop | Cupertino, CA 95014 | *-------------------------------------*-------------------------------* To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message