From owner-freebsd-questions@FreeBSD.ORG Sat Mar 5 19:32:48 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 11EDE106564A for ; Sat, 5 Mar 2011 19:32:48 +0000 (UTC) (envelope-from mikes@siralan.org) Received: from mail.suso.org (mail.suso.org [66.244.94.5]) by mx1.freebsd.org (Postfix) with ESMTP id E5A188FC13 for ; Sat, 5 Mar 2011 19:32:47 +0000 (UTC) Received: from c-69-136-1-54.hsd1.in.comcast.net (c-69-136-1-54.hsd1.in.comcast.net [69.136.1.54]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.suso.org (Postfix) with ESMTP id E0FC71B095; Sat, 5 Mar 2011 19:02:58 +0000 (GMT) Date: Sat, 5 Mar 2011 14:01:48 -0500 (EST) From: "Michael L. Squires" X-X-Sender: mikes@familysquires.net To: erikmccaskey64 In-Reply-To: <12e85ece3b5.7517152619980667233.9119604654657332096@zoho.com> Message-ID: <20110305135922.I39360@familysquires.net> References: <12e85ece3b5.7517152619980667233.9119604654657332096@zoho.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd Subject: Re: Is it safe to run tcpdump? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 05 Mar 2011 19:32:48 -0000 On Sat, 5 Mar 2011, erikmccaskey64 wrote: > Is it safe to always run tcpdump on the server, e.g.: like this: > > > tcpdump -qn dst net 192.168.1.0/24 Depends on who's watching; running tcpdump on a network managed by someone else might be noticed by the network admin if they're looking for NICs being run in promsicuous mode. This is a red flag if you're looking for someone running a password sniffer. Mike Squires