Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 14 Aug 2001 10:06:26 -0400
From:      Jonathan Chen <jon@spock.org>
To:        "Chad R. Larson" <chad@DCFinc.com>
Cc:        FreeBSD Stable List <stable@FreeBSD.ORG>
Subject:   Re: promiscuous but silent
Message-ID:  <20010814100626.B26202@enterprise.spock.org>
In-Reply-To: <20010813214553.A21348@freeway.dcfinc.com>; from chad@DCFinc.com on Mon, Aug 13, 2001 at 09:45:53PM -0700
References:  <20010813214553.A21348@freeway.dcfinc.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Mon, Aug 13, 2001 at 09:45:53PM -0700, Chad R. Larson wrote:
> I want to monitor the behavior of a firewall we're evaluating.  I'd
> like to run Ethereal or tcpdump and/or other such tools on both
> sides of the firewall, to convince myself it's doing what it claims
> to do (and don't even ask why I think it isn't).
> 
> With one of those $25 four port hubs, I can get a FreeBSD notebook
> in parallel with the firewall's input.  But I want to be absolutely
> sure the notebook stays quiet.  That is, no ARP for its ownself when
> bringing up the interface, nor responses to the network broadcast
> address.  Nada.
> 
> But, tcpdump and friends need to be able to put the interface into
> promiscuous mode and copy =all= the traffic it sees.
> 
> Should it be obvious how to do that, or is something tricky
> involved?

You should be able to prevent all network output by a simple modification 
to your network driver.  Search for if_start in your network driver code, 
find something like "ifp->if_start = dc_start".  Now search for the 
function dc_start (or whatever it may be in your case) and make it return 
immediately.

Or do it in hardware -- cutting the transmit pair in 10baseT will likely 
not work.  Instead, convert your ethernet into 10base5 thinknet (aui), 
lookup the pinout and cut the appropiate pins.  Convert back to 10baseT as 
needed.  I believe you need to supply power if you plan on coupling two 
10base5 media connvertors.

-Jon

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010814100626.B26202>