From owner-freebsd-security Mon Dec 10 9:21:44 2001 Delivered-To: freebsd-security@freebsd.org Received: from titan.communitech.net (titan.communitech.net [209.15.2.49]) by hub.freebsd.org (Postfix) with SMTP id 2CAED37B41C for ; Mon, 10 Dec 2001 09:21:38 -0800 (PST) Received: from localhost ([209.15.2.49]) by titan.communitech.net ; Mon, 10 Dec 2001 17:21:31 -0000 Date: Mon, 10 Dec 2001 11:21:31 -0600 (CST) From: Troy Corbin To: Ralph Huntington Cc: Sander van Dinten , freebsd-security@FreeBSD.ORG Subject: RE: promiscuous mode In-Reply-To: <20011210121632.D59192-100000@mohegan.mohawk.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org maybe one of your shell users ran tcpdump? -t On Mon, 10 Dec 2001, Ralph Huntington wrote: > No, there is no network sniffer running on that box (or any other on the > local network-- at least that I know of, and I should know). How can I > determine if someone has slipped on in? > > On Mon, 10 Dec 2001, Sander van Dinten wrote: > > > Are you using some kind of an network sniffer? > > > > Promiscuous will say that your network card picks up all network > > packages (which means it will not only pick up the packages for your > > IP-address). > > > > -----Original Message----- > > From: owner-freebsd-security@FreeBSD.ORG > > [mailto:owner-freebsd-security@FreeBSD.ORG] On Behalf Of Ralph > > Huntington > > Sent: Monday, December 10, 2001 6:04 PM > > To: freebsd-security@FreeBSD.ORG > > Subject: promiscuous mode > > > > I recently found these log entries: > > > > messages.2:Dec 6 13:45:35 mohawk /kernel: fxp0: promiscuous mode > > enabled > > messages.2:Dec 6 13:46:31 mohawk /kernel: fxp0: promiscuous mode > > disabled > > messages.2:Dec 6 13:47:53 mohawk /kernel: fxp0: promiscuous mode > > enabled > > messages.2:Dec 6 13:51:00 mohawk /kernel: fxp0: promiscuous mode > > disabled > > messages.2:Dec 6 13:51:00 mohawk /kernel: fxp0: promiscuous mode > > enabled > > messages.2:Dec 6 13:55:42 mohawk /kernel: fxp0: promiscuous mode > > disabled > > > > Can someone tell me how this mode might be enabled/disabled? We have > > very > > few shell users on this machine and I didn't think any of them would > > know > > anything about promiscuous mode. Turns out I know little about it > > myself. > > > > Any pointers to relevant docs and/or some idea of what this might be > > about > > would be very much appreciated. Thank you in advance. - Ralph > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message