Date: Tue, 20 Apr 1999 07:32:00 -0500 (CDT) From: "Paul T. Root" <proot@iaces.com> To: ChrisMic@clientlogic.com (Christopher Michaels) Cc: grog@lemis.com, freebsd-questions@FreeBSD.ORG Subject: Re: Sniffers and Sniffer detection [General UNIX question] Message-ID: <199904201232.HAA02926@iaces.com> In-Reply-To: <6C37EE640B78D2118D2F00A0C90FCB441A6090@site2s1> from Christopher Michaels at "Apr 19, 99 05:34:25 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
In a previous message, Christopher Michaels said:
> > -----Original Message-----
> > From: Greg Lehey [SMTP:grog@lemis.com]
> > Sent: Sunday, April 18, 1999 4:41 AM
> > To: Eric S. Nooden; freebsd-questions@FreeBSD.ORG
> > Subject: Re: Sniffers and Sniffer detection [General UNIX question]
> >
> <snip>
>
> > > 2. Is it possible to install a sniffer, in a user account (with no root
> > > access), and sniff the network and watch for passwords?
> >
> > FreeBSD won't allow you to set promiscuous mode unless you're root.
> >
> <snip>
>
> This brought up a couple questions in my mind...
>
> 1. If the interface is already in promiscuous mode (I realize the
> implication of this), is it possible for a regular user to use a sniffer
> program?
No, I tried it.
However, the previous answer isn't entirely write. Promiscuous mode is
a factor of the permissions on the /dev/bpf? device. When I set bpf0
to 660 root.wheel, and I'm in wheel, I was able to use tcpdump. When
I set it to 600 root.wheel I couldn't. Even when in another window root
was running tcpdump.
> 2. How do you take the interface out of promiscuous mode once it's
> in it?
This I'm not sure, I hope that this closes automatically.
--
ON THE ROLE OF BEAUTY AND HANDSOMENESS IN LOVE
"Beauty is skin deep. But how rich you are can last a long time."
--Christine, age 9
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199904201232.HAA02926>