snoop

[Bill Moran]

adrian kok wrote:
> Hi all
> 
> Thank you for your reply
> 
> If I install those software, does my server have
> security problem?
> 
> In my memory, I read a books before.
> sth will make the network card to prismous mode and
> there is security problem
> 
> I am not sure about it. please teach me

Promiscuous mode is a mode supported by most network cards where the card will
pass all recieved traffic on to the network software.  When not in promiscuous
mode, the card only passes on network traffic that has it's MAC address as the
destination or the broadcast MAC address.
When in promiscuous mode, it is possible for anyone logged into that machine
to monitor _all_ traffic on the network, since promiscuous mode is a hardware
mode, and can't be set for individual users.
However, it's no more dangerous than the user next to you being able to boot
their machine off a CD and put _their_ card in promiscuous mode.
Any packet monitoring software is going to have to put the card into
promiscuous mode to do its work, so tcpdump isn't any more or less dangerous
than any other.

> 
> thank you again
> 
> 
>  --- Fernando Gleiser <fgleiser at cactus.fi.uba.ar>
> wrote: > On Fri, 20 Jun 2003, adrian kok wrote:
> 
>>>Hi all
>>>
>>>Do you know where I can get snoop to analysis the
>>>traffic?
>>
>>If you mean Solaris' snoop, take a look at
>>tcpdump(1). It's in the base
>>system. You may also look at tcpshow (in the ports,
>>net/tcpshow) for
>>decoding tcpdump's output
>>
>>
>>			Fer
>> 
> 
> 
> _______________________________________________________________________
> Do You Yahoo!?
> Get your free @yahoo.com.hk address at http://mail.english.yahoo.com.hk
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
> 
> 


-- 
Bill Moran
Potential Technologies
http://www.potentialtech.com