Bugtraq mailing list archives

Re: Interface promiscuity obscurity in Linux

From: Rasmus Bøg Hansen <moffe () amagerkollegiet dk>
Date: Thu, 25 Jul 2002 01:06:02 +0200 (CEST)

On Thu, 25 Jul 2002, Ricardo Branco wrote:

This affects Linux 2.2 and 2.4

Using libpcap to put the interface in promiscuous mode, will cause that
ifconfig(8) doesn't show it!

libpcap uses setsockopt(..., SOL_PACKET, PACKET_ADD_MEMBERSHIP, ...) with
PACKET_MR_PROMISC to set the interface in promiscuous mode.


I can confirm that with 2.4.19-rc3. When using tcpdump (with libpcap),
ifconfig does not report, that the interface is in promiscous mode:

root@grignard:~# tcpdump -n -i eth0 > /dev/null &
[1] 20101
tcpdump: listening on eth0
root@grignard:~# /sbin/ifconfig
eth0      Link encap:Ethernet  HWaddr 00:90:27:A6:63:DC
          inet addr:172.16.0.130  Bcast:172.31.255.255  Mask:255.240.0.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1848637 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2654247 errors:0 dropped:0 overruns:0 carrier:0
          collisions:34909 txqueuelen:100
          RX bytes:231541983 (220.8 MiB)  TX bytes:3666205284 (3.4 GiB)
          Interrupt:10 Base address:0xb000

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:101208 errors:0 dropped:0 overruns:0 frame:0
          TX packets:101208 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:32332341 (30.8 MiB)  TX bytes:32332341 (30.8 MiB)

root@grignard:~# uname -a
Linux grignard 2.4.19-rc3 #1 lør jul 20 04:06:23 CEST 2002 i686 unknown
root@grignard:~#

tcpdump does use libpcap here, and it does set eth0 in promiscous mode:

moffe@grignard:~# ldd /usr/sbin/tcpdump
        libpcap.so.0 => /usr/lib/libpcap.so.0 (0x4001e000)
        libnsl.so.1 => /lib/libnsl.so.1 (0x40039000)
        libc.so.6 => /lib/libc.so.6 (0x4004e000)
        /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)
moffe@grignard:/tmp# dpkg -l libpcap0 tcpdump net-tools
Ønsket=Ukendt/Installér/Fjern/Udrens/Tilbagehold
| Status=Ikke/Installeret/Opsæt.-files/Upakket/Opsætn.-fejl/Halvt-inst.
|/ Fjl?=(ingen)/Tilbageholdt/Geninst.-krævet/X=begge-dele (Status,Fjl:
versaler=slemt)
||/ Navn           Version        Beskrivelse
+++-==============-==============-============================================
ii  libpcap0       0.6.2-2        System interface for user-level packet captu
ii  tcpdump        3.6.2-2.0.1    A powerful tool for network monitoring and d
ii  net-tools      1.60-4         The NET-3 networking toolkit
moffe@grignard:~# dmesg
[...]
device eth0 entered promiscuous mode
device eth0 left promiscuous mode

/Rasmus

-- 
-- [ Rasmus "Møffe" Bøg Hansen ] ---------------------------------------
Don't you hate yourself in the morning?
- Sleep till noon!
----------------------------------[ moffe at amagerkollegiet dot dk ] --

Current thread:

Interface promiscuity obscurity in Linux Ricardo Branco (Jul 24)
- Re: Interface promiscuity obscurity in Linux Paul Starzetz (Jul 25)
- Re: Interface promiscuity obscurity in Linux Glynn Clements (Jul 25)
- Re: Interface promiscuity obscurity in Linux Frédéric Raynal (Jul 25)
  - Re: Interface promiscuity obscurity in Linux Casper Dik (Jul 25)
    - Re: Interface promiscuity obscurity in Linux Jim Mellander (Jul 25)
- Re: Interface promiscuity obscurity in Linux Ademar de Souza Reis Jr. (Jul 25)
- <Possible follow-ups>
- Re: Interface promiscuity obscurity in Linux Rasmus Bøg Hansen (Jul 24)
  - Re: Interface promiscuity obscurity in Linux plattner (Jul 24)
    - Re: Interface promiscuity obscurity in Linux quentyn (Jul 25)