Date: Tue, 23 May 2000 17:05:56 -0700 From: "Justin C. Walker" <justin@apple.com> To: Olaf Hoyer <ohoyer@fbwi.fh-wilhelmshaven.de> Cc: freebsd-net@freebsd.org Subject: Re: BPF vs. promiscuous mode Message-ID: <200005240005.RAA00688@rhapture.apple.com>
next in thread | raw e-mail | index | archive | help
> From: Olaf Hoyer <ohoyer@fbwi.fh-wilhelmshaven.de> > Date: 2000-05-23 16:42:57 -0700 > To: freebsd-net@FreeBSD.ORG > Subject: BPF vs. promiscuous mode > Delivered-to: freebsd-net@freebsd.org > X-Sender: ohoyer@mail.rz.fh-wilhelmshaven.de > X-Loop: FreeBSD.org > X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1 > > hi! > > Whats the real difference between the berkeley packet filter and > promiscuous mode? The Berkeley Packet Filter is a mechanism to filter incoming packets based on a "machine language" scheme that is supposed to compile filter requests into a matching algorithm. It can act on a variety of network devices, even those that don't support anything like "promiscuous mode". Promiscuous mode is an operating mode of some network interfaces that causes them to accept packets other than those that are directly or indirectly (broadcast, multicast) addressed to the interface. The two concepts are only marginally related. > Any URLs explaining that? Don't know them off-hand. > Also, what about detecting some folks using that from an administrative > point of view, e.g. running some software like Antisniff? Check the mail archives. There are only mildly effective ways of doing this. > BTW: Which mechanisms one can use to "fake" MAC entries on (preferrable) > Linux systems, and how to detect them? I'm not sure what a "fake" MAC 'entry' would be. First, 'entry' where? Second, how "fake". Do you mean "different from the one that's in the adapter's address ROM"? Third, this is a BSD list, not a Linux list. If you need info specific to Linux, try a different list. > On our dorm network some students do some things that, seen from an > administrative point of view, needs to get some ... measures... Ah, those pesky students. We tend to hire them if they get too pesky :-}. Regards, Justin -- Justin C. Walker, Curmudgeon-At-Large * Institute for General Semantics | Manager, CoreOS Networking | When crypto is outlawed, Apple Computer, Inc. | Only outlaws will have crypto. 2 Infinite Loop | Cupertino, CA 95014 | *-------------------------------------*-------------------------------* To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200005240005.RAA00688>