Results 1 to 3 of 3

Thread: Tcpdump didn't set promiscuous mode by default

  1. #1
    Join Date
    Feb 2014
    Beans
    2

    Post Tcpdump didn't set promiscuous mode by default

    The tcpdump manual says it will put the interface into promiscuous mode by default. It isn't work on my Ubuntu 12.04 but it work on my Mac. Alought I can set it with ifconfig. I want to figure what ubuntu do? Anyone have idea about it?


  2. #2
    Join Date
    Feb 2011
    Location
    Coquitlam, B.C. Canada
    Beans
    2,283
    Distro
    Ubuntu 16.04 Xenial Xerus

    Re: Tcpdump didn't set promiscuous mode by default

    Hi and welcome to Ubuntu forums.

    How do you know tcpdump is not putting your NIC into promiscuous mode? It might not be obvious from command level stuff. See this.
    I know mine went into promiscuous mode when using tcpdump from the kern.log entries:
    Code:
    doug@doug-64:~/temp3$ grep promisc kern*
    kern.log.2:Jan 23 16:33:39 doug-64 kernel: [1357003.956687] device eth0 left promiscuous mode
    kern.log.2:Jan 23 16:33:46 doug-64 kernel: [1357011.606082] device eth1 left promiscuous mode
    kern.log.2:Jan 23 16:38:22 doug-64 kernel: [   45.788228] device eth1 entered promiscuous mode
    kern.log.2:Jan 23 16:38:46 doug-64 kernel: [   70.048052] device eth0 entered promiscuous mode
    kern.log.3:Jan 12 09:53:50 doug-64 kernel: [382615.197803] device eth0 left promiscuous mode
    kern.log.3:Jan 12 09:54:03 doug-64 kernel: [382627.860080] device eth0 entered promiscuous mode
    kern.log.3:Jan 12 09:54:06 doug-64 kernel: [382631.221819] device eth1 left promiscuous mode
    kern.log.3:Jan 12 09:54:18 doug-64 kernel: [382643.460051] device eth1 entered promiscuous mode
    kern.log.4:Jan  7 23:35:22 doug-64 kernel: [829372.401259] device eth0 left promiscuous mode
    kern.log.4:Jan  7 23:35:27 doug-64 kernel: [829377.662658] device eth1 left promiscuous mode
    kern.log.4:Jan  7 23:38:11 doug-64 kernel: [   76.608052] device eth1 entered promiscuous mode
    kern.log.4:Jan  7 23:38:44 doug-64 kernel: [  109.376047] device eth0 entered promiscuous mode
    (the files were originally in /var/log , but I copied them so I could unzip the older ones.)
    Any follow-up information on your issue would be appreciated. Please have the courtesy to report back.

  3. #3
    Join Date
    Feb 2014
    Beans
    2

    Re: Tcpdump didn't set promiscuous mode by default

    Okay, I know what happens now. The NIC indeed entered promiscuous mode. I could see it in kernel message. Ubuntu won't show it through ifconfig or ip addr. But it will while I directly set it by "ifconfig eth0 promisc" command as below.
    Code:
    eth0      Link encap:Ethernet  HWaddr 50:6a:6d:1c:12:dd          inet addr:172.16.34.101  Bcast:172.16.34.255  Mask:255.255.255.128
              inet6 addr: fe80::5246:5dff:fe8c:11dd/64 Scope:Link
              UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
              RX packets:3034741 errors:0 dropped:102131 overruns:0 frame:0
              TX packets:22928 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000
              RX bytes:457033723 (457.0 MB)  TX bytes:2458093 (2.4 MB)
              Interrupt:50 Base address:0xc000
    You solve my question, thank you.

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •