From owner-freebsd-questions Sun Jul 7 6:30:55 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 239EF37B400 for ; Sun, 7 Jul 2002 06:30:53 -0700 (PDT) Received: from smtp.infracaninophile.co.uk (happy-idiot-talk.infracaninophile.co.uk [81.2.69.218]) by mx1.FreeBSD.org (Postfix) with ESMTP id C1CEF43E4A for ; Sun, 7 Jul 2002 06:30:51 -0700 (PDT) (envelope-from m.seaman@infracaninophile.co.uk) Received: from happy-idiot-talk.infracaninophile.co.uk (localhost.infracaninophile.co.uk [IPv6:::1]) by smtp.infracaninophile.co.uk (8.12.5/8.12.5) with ESMTP id g67DUoYn021793; Sun, 7 Jul 2002 14:30:50 +0100 (BST) (envelope-from matthew@happy-idiot-talk.infracaninophile.co.uk) Received: (from matthew@localhost) by happy-idiot-talk.infracaninophile.co.uk (8.12.5/8.12.5/Submit) id g67DUji0021792; Sun, 7 Jul 2002 14:30:45 +0100 (BST) Date: Sun, 7 Jul 2002 14:30:45 +0100 From: Matthew Seaman To: saju.pillai@oracle.com Cc: questions@FreeBSD.ORG Subject: Re: intel pro/100 vm not going to promiscuous mode ? Message-ID: <20020707133045.GB21479@happy-idiot-talk.infracaninophi> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.1i Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Sun, Jul 07, 2002 at 05:55:10PM +0530, saju.pillai@oracle.com wrote: > I am running 'tcpdump -i fxp0' , but I am only seeing packets > which are meant for me. (tcpdump is v3.4) Sounds like you're working on a fully switched network --- very nice, if you can afford it. Switched networks work by knowing what machines are accessible through which network ports --- they keep a table of the ethernet MAC addresses seen on passing packets --- and they make the most efficient possible use of bandwidth by only sending traffic down the wires to the machines it's intended for. Your NIC is going into promiscuous mode just fine, but it's not showing other machine's traffic as those packets never get anywhere near your machine. If your intent is to snoop on all the traffic traversing your network, as for instance would be necessary to run a NIDS, like snort (http://www.snort.org/) then you're going to have to arrange for some special configuration of your network. Exactly how to do that depends on the manufacturer of your infrastructure kit -- the terms "spanning port" or "network tap" when whispered into the ear of a network operator might elicit a useful response. This document explains the pros and cons: http://www.snort.org/docs/iss-placement.pdf Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way Tel: +44 1628 476614 Marlow Fax: +44 0870 0522645 Bucks., SL7 1TH UK To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message