From owner-freebsd-security Mon Dec 10 9:24:51 2001 Delivered-To: freebsd-security@freebsd.org Received: from mohegan.mohawk.net (mohegan.mohawk.net [63.66.68.21]) by hub.freebsd.org (Postfix) with ESMTP id 878CB37B405 for ; Mon, 10 Dec 2001 09:24:44 -0800 (PST) Received: from mohegan.mohawk.net (mohegan.mohawk.net [63.66.68.21]) by mohegan.mohawk.net (8.11.4/8.11.3) with ESMTP id fBAHOhV96892; Mon, 10 Dec 2001 12:24:43 -0500 (EST) Date: Mon, 10 Dec 2001 12:24:43 -0500 (EST) From: Ralph Huntington To: Troy Corbin Cc: Sander van Dinten , Subject: RE: promiscuous mode In-Reply-To: Message-ID: <20011210122359.H59192-100000@mohegan.mohawk.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org That was it: tcpdump Kind thanks to all who replied. On Mon, 10 Dec 2001, Troy Corbin wrote: > maybe one of your shell users ran tcpdump? > > -t > > On Mon, 10 Dec 2001, Ralph Huntington wrote: > > > No, there is no network sniffer running on that box (or any other on the > > local network-- at least that I know of, and I should know). How can I > > determine if someone has slipped on in? > > > > On Mon, 10 Dec 2001, Sander van Dinten wrote: > > > > > Are you using some kind of an network sniffer? > > > > > > Promiscuous will say that your network card picks up all network > > > packages (which means it will not only pick up the packages for your > > > IP-address). > > > > > > -----Original Message----- > > > From: owner-freebsd-security@FreeBSD.ORG > > > [mailto:owner-freebsd-security@FreeBSD.ORG] On Behalf Of Ralph > > > Huntington > > > Sent: Monday, December 10, 2001 6:04 PM > > > To: freebsd-security@FreeBSD.ORG > > > Subject: promiscuous mode > > > > > > I recently found these log entries: > > > > > > messages.2:Dec 6 13:45:35 mohawk /kernel: fxp0: promiscuous mode > > > enabled > > > messages.2:Dec 6 13:46:31 mohawk /kernel: fxp0: promiscuous mode > > > disabled > > > messages.2:Dec 6 13:47:53 mohawk /kernel: fxp0: promiscuous mode > > > enabled > > > messages.2:Dec 6 13:51:00 mohawk /kernel: fxp0: promiscuous mode > > > disabled > > > messages.2:Dec 6 13:51:00 mohawk /kernel: fxp0: promiscuous mode > > > enabled > > > messages.2:Dec 6 13:55:42 mohawk /kernel: fxp0: promiscuous mode > > > disabled > > > > > > Can someone tell me how this mode might be enabled/disabled? We have > > > very > > > few shell users on this machine and I didn't think any of them would > > > know > > > anything about promiscuous mode. Turns out I know little about it > > > myself. > > > > > > Any pointers to relevant docs and/or some idea of what this might be > > > about > > > would be very much appreciated. Thank you in advance. - Ralph > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-security" in the body of the message > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message