From owner-freebsd-questions@FreeBSD.ORG Tue Jun 24 16:31:23 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4044D37B401 for ; Tue, 24 Jun 2003 16:31:23 -0700 (PDT) Received: from mta1.adelphia.net (mta1.adelphia.net [64.8.50.175]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7B8F743FCB for ; Tue, 24 Jun 2003 16:31:22 -0700 (PDT) (envelope-from wmoran@potentialtech.com) Received: from potentialtech.com ([24.53.179.151]) by mta1.adelphia.net (InterMail vM.5.01.05.32 201-253-122-126-132-20030307) with ESMTP id <20030624233436.GHVH25556.mta1.adelphia.net@potentialtech.com>; Tue, 24 Jun 2003 19:34:36 -0400 Message-ID: <3EF8DF49.2030205@potentialtech.com> Date: Tue, 24 Jun 2003 19:31:21 -0400 From: Bill Moran User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.3) Gecko/20030429 X-Accept-Language: en-us, en MIME-Version: 1.0 To: adrian kok References: <20030624183547.43952.qmail@web21201.mail.yahoo.com> In-Reply-To: <20030624183547.43952.qmail@web21201.mail.yahoo.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-questions@freebsd.org Subject: Re: snoop X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Jun 2003 23:31:23 -0000 adrian kok wrote: > Hi all > > Thank you for your reply > > If I install those software, does my server have > security problem? > > In my memory, I read a books before. > sth will make the network card to prismous mode and > there is security problem > > I am not sure about it. please teach me Promiscuous mode is a mode supported by most network cards where the card will pass all recieved traffic on to the network software. When not in promiscuous mode, the card only passes on network traffic that has it's MAC address as the destination or the broadcast MAC address. When in promiscuous mode, it is possible for anyone logged into that machine to monitor _all_ traffic on the network, since promiscuous mode is a hardware mode, and can't be set for individual users. However, it's no more dangerous than the user next to you being able to boot their machine off a CD and put _their_ card in promiscuous mode. Any packet monitoring software is going to have to put the card into promiscuous mode to do its work, so tcpdump isn't any more or less dangerous than any other. > > thank you again > > > --- Fernando Gleiser > wrote: > On Fri, 20 Jun 2003, adrian kok wrote: > >>>Hi all >>> >>>Do you know where I can get snoop to analysis the >>>traffic? >> >>If you mean Solaris' snoop, take a look at >>tcpdump(1). It's in the base >>system. You may also look at tcpshow (in the ports, >>net/tcpshow) for >>decoding tcpdump's output >> >> >> Fer >> > > > _______________________________________________________________________ > Do You Yahoo!? > Get your free @yahoo.com.hk address at http://mail.english.yahoo.com.hk > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > > -- Bill Moran Potential Technologies http://www.potentialtech.com