From owner-freebsd-stable  Tue Aug 14  0:15:37 2001
Delivered-To: freebsd-stable@freebsd.org
Received: from ns1.opencreative.com (ns1.opencreative.com [202.181.230.130])
	by hub.freebsd.org (Postfix) with ESMTP id 598DA37B40A
	for <stable@FreeBSD.ORG>; Tue, 14 Aug 2001 00:15:32 -0700 (PDT)
	(envelope-from hmchan@alumni.cuhk.edu.hk)
Received: from localhost (ns1 [127.0.0.1])
	by ns1.opencreative.com (8.9.3/8.9.3) with ESMTP id PAA57595;
	Tue, 14 Aug 2001 15:15:21 +0800 (CST)
	(envelope-from hmchan@alumni.cuhk.edu.hk)
Date: Tue, 14 Aug 2001 15:15:20 +0800 (China Standard Time)
From: Spencer Chan <hmchan@alumni.cuhk.edu.hk>
To: Eric Parusel <lists@globalrelay.net>
Cc: "Chad R. Larson" <chad@DCFinc.com>,
	FreeBSD Stable List <stable@FreeBSD.ORG>
Subject: Re: promiscuous but silent
In-Reply-To: <004301c12488$52f69b10$57954c18@cns>
Message-ID: <Pine.WNT.4.21.0108141511560.-531691@shmchan.nortel.com>
X-X-Sender: spencer@shmchan.nortel.com
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG

It depends. The hub may not forward frames to you if it cannot detect your
link. I use to just do a ifconfig up *without* specifying any IP
address. Just to keep tcpdump happy that the interface is up.

On Mon, 13 Aug 2001, Eric Parusel wrote:

> Try cutting the "Transmit" pair :)
> (not sure if it's wires 1&2 or 3&6)
> 
> http://archives.neohapsis.com/archives/snort/2001-06/0268.html
> 
> 
> > I want to monitor the behavior of a firewall we're evaluating.  I'd
> > like to run Ethereal or tcpdump and/or other such tools on both
> > sides of the firewall, to convince myself it's doing what it claims
> > to do (and don't even ask why I think it isn't).
> >
> > With one of those $25 four port hubs, I can get a FreeBSD notebook
> > in parallel with the firewall's input.  But I want to be absolutely
> > sure the notebook stays quiet.  That is, no ARP for its ownself when
> > bringing up the interface, nor responses to the network broadcast
> > address.  Nada.
> >
> > But, tcpdump and friends need to be able to put the interface into
> > promiscuous mode and copy =all= the traffic it sees.
> >
> > Should it be obvious how to do that, or is something tricky
> > involved?
> >
> > -crl
> > --
> > Chad R. Larson (CRL15)   602-953-1392   Brother, can you paradigm?
> > chad@dcfinc.com         chad@larsons.org          larson1@home.com
> > DCF, Inc. - 14623 North 49th Place, Scottsdale, Arizona 85254-2207
> >
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-stable" in the body of the message
> >
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-stable" in the body of the message
> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message