From owner-freebsd-stable Mon Aug 13 21:46: 1 2001 Delivered-To: freebsd-stable@freebsd.org Received: from freeway.dcfinc.com (cx74889-a.phnx3.az.home.com [24.1.193.157]) by hub.freebsd.org (Postfix) with ESMTP id A81F037B407 for ; Mon, 13 Aug 2001 21:45:53 -0700 (PDT) (envelope-from chad@freeway.dcfinc.com) Received: (from chad@localhost) by freeway.dcfinc.com (8.8.8/8.8.8) id VAA21377 for stable@FreeBSD.org; Mon, 13 Aug 2001 21:45:53 -0700 (MST) (envelope-from chad) Date: Mon, 13 Aug 2001 21:45:53 -0700 From: "Chad R. Larson" To: FreeBSD Stable List Subject: promiscuous but silent Message-ID: <20010813214553.A21348@freeway.dcfinc.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG I want to monitor the behavior of a firewall we're evaluating. I'd like to run Ethereal or tcpdump and/or other such tools on both sides of the firewall, to convince myself it's doing what it claims to do (and don't even ask why I think it isn't). With one of those $25 four port hubs, I can get a FreeBSD notebook in parallel with the firewall's input. But I want to be absolutely sure the notebook stays quiet. That is, no ARP for its ownself when bringing up the interface, nor responses to the network broadcast address. Nada. But, tcpdump and friends need to be able to put the interface into promiscuous mode and copy =all= the traffic it sees. Should it be obvious how to do that, or is something tricky involved? -crl -- Chad R. Larson (CRL15) 602-953-1392 Brother, can you paradigm? chad@dcfinc.com chad@larsons.org larson1@home.com DCF, Inc. - 14623 North 49th Place, Scottsdale, Arizona 85254-2207 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message