promiscous mode

[chandan820]

I have read in a book that sniffing is done when a lan card or a nic is set to the promiscous mode...

How exactly is this mode set....
i mean, in the socket programming... how to set this thing call promiscous mode...??
some one plz help me out.....

regards,
gc.

[Dolda2000]

You don't need to set promiscuous mode to sniff the network. All you need to do is bind a raw socket to an interface. Promiscuous mode means that the NIC will intercept _all_ packets, not just those intended for your computer. This means that if you're using a hub, you'll be able to listen to packets that other computers send to each other as well.
If you want to set promiscuous mode, it's probably done via some socket ioctl. I don't know exactly which one, but either check the kernel sources, or download the sources for tcpdump and examine them. You could also just not write the sniffing subsys yourself, but just use tcpdump with the -w option to do that part of the job, and then just interpret its output.

[andutt]

I suggest that you put on the flag on which port, interface and type of packets you want to listen to otherwise you will be drown in output from tcpdump...

Regards

[daveo]

I have read in a book that sniffing is done when a lan card or a nic is set to the promiscous mode...

How exactly is this mode set....
i mean, in the socket programming... how to set this thing call promiscous mode...??
some one plz help me out.....

regards,
gc.

Use the tcpdump method. With the following syntaxes:

tcpdump -s 1600 (take the whole packet size all protocols included) -w filename.pcap -i eth0

This will dump anything into the .pcap file, you can read this file by typeing: string filename.pcap, this will read 'all' readable strings out of the pcap file.