From owner-freebsd-questions Mon Apr 19 19:39:21 1999 Delivered-To: freebsd-questions@freebsd.org Received: from allegro.lemis.com (allegro.lemis.com [192.109.197.134]) by hub.freebsd.org (Postfix) with ESMTP id 066C815639 for ; Mon, 19 Apr 1999 19:39:15 -0700 (PDT) (envelope-from grog@freebie.lemis.com) Received: from freebie.lemis.com (freebie.lemis.com [192.109.197.137]) by allegro.lemis.com (8.9.1/8.9.0) with ESMTP id MAA21199; Tue, 20 Apr 1999 12:06:48 +0930 (CST) Received: (from grog@localhost) by freebie.lemis.com (8.9.3/8.9.0) id MAA45134; Tue, 20 Apr 1999 12:06:47 +0930 (CST) Message-ID: <19990420120647.J40482@lemis.com> Date: Tue, 20 Apr 1999 12:06:47 +0930 From: Greg Lehey To: Christopher Michaels Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Sniffers and Sniffer detection [General UNIX question] References: <6C37EE640B78D2118D2F00A0C90FCB441A6090@site2s1> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.93.2i In-Reply-To: <6C37EE640B78D2118D2F00A0C90FCB441A6090@site2s1>; from Christopher Michaels on Mon, Apr 19, 1999 at 05:34:25PM -0400 WWW-Home-Page: http://www.lemis.com/~grog X-PGP-Fingerprint: 6B 7B C3 8C 61 CD 54 AF 13 24 52 F8 6D A4 95 EF Organization: LEMIS, PO Box 460, Echunga SA 5153, Australia Phone: +61-8-8388-8286 Fax: +61-8-8388-8725 Mobile: +61-41-739-7062 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Monday, 19 April 1999 at 17:34:25 -0400, Christopher Michaels wrote: >> On Sunday, April 18, 1999 4:41 AM, Greg Lehey wrote: >> > > >>> 2. Is it possible to install a sniffer, in a user account (with no root >>> access), and sniff the network and watch for passwords? >> >> FreeBSD won't allow you to set promiscuous mode unless you're root. >> > > > This brought up a couple questions in my mind... > > 1. If the interface is already in promiscuous mode (I realize the > implication of this), is it possible for a regular user to use a sniffer > program? No, they still need to be root. The sniffer program sets promiscuous mode, it's not a separate step. > 2. How do you take the interface out of promiscuous mode once it's > in it? Close the last bpf device. In other words, stop the sniffer(s). Greg -- When replying to this message, please copy the original recipients. For more information, see http://www.lemis.com/questions.html See complete headers for address, home page and phone numbers finger grog@lemis.com for PGP public key To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message