Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 7 Jul 2002 14:30:45 +0100
From:      Matthew Seaman <m.seaman@infracaninophile.co.uk>
To:        saju.pillai@oracle.com
Cc:        questions@FreeBSD.ORG
Subject:   Re: intel pro/100 vm not going to promiscuous mode ?
Message-ID:  <20020707133045.GB21479@happy-idiot-talk.infracaninophi>
In-Reply-To: <Pine.BSF.4.44.0207051906520.19021-100000@incq120sb.idc.oracle.com>
References:  <Pine.BSF.4.44.0207051906520.19021-100000@incq120sb.idc.oracle.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Sun, Jul 07, 2002 at 05:55:10PM +0530, saju.pillai@oracle.com wrote:

> 	I am running 'tcpdump -i fxp0' , but I am only seeing packets
> which are meant for me. (tcpdump is v3.4)

Sounds like you're working on a fully switched network --- very nice,
if you can afford it.  Switched networks work by knowing what machines
are accessible through which network ports --- they keep a table of
the ethernet MAC addresses seen on passing packets --- and they make
the most efficient possible use of bandwidth by only sending traffic
down the wires to the machines it's intended for.

Your NIC is going into promiscuous mode just fine, but it's not
showing other machine's traffic as those packets never get anywhere
near your machine.

If your intent is to snoop on all the traffic traversing your network,
as for instance would be necessary to run a NIDS, like snort
(http://www.snort.org/) then you're going to have to arrange for some
special configuration of your network.  Exactly how to do that depends
on the manufacturer of your infrastructure kit -- the terms "spanning
port" or "network tap" when whispered into the ear of a network
operator might elicit a useful response.

This document explains the pros and cons:
http://www.snort.org/docs/iss-placement.pdf

	Cheers,

	Matthew	

-- 
Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
Tel: +44 1628 476614                                  Marlow
Fax: +44 0870 0522645                                 Bucks., SL7 1TH UK

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020707133045.GB21479>