Find the answer to your Linux question:
Results 1 to 4 of 4
I have read in a book that sniffing is done when a lan card or a nic is set to the promiscous mode... How exactly is this mode set.... i ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    May 2003
    Location
    vijayawada
    Posts
    4

    promiscous mode


    I have read in a book that sniffing is done when a lan card or a nic is set to the promiscous mode...

    How exactly is this mode set....
    i mean, in the socket programming... how to set this thing call promiscous mode...??
    some one plz help me out.....

    regards,
    gc.

  2. #2
    Linux Guru
    Join Date
    Oct 2001
    Location
    Täby, Sweden
    Posts
    7,578
    You don't need to set promiscuous mode to sniff the network. All you need to do is bind a raw socket to an interface. Promiscuous mode means that the NIC will intercept _all_ packets, not just those intended for your computer. This means that if you're using a hub, you'll be able to listen to packets that other computers send to each other as well.
    If you want to set promiscuous mode, it's probably done via some socket ioctl. I don't know exactly which one, but either check the kernel sources, or download the sources for tcpdump and examine them. You could also just not write the sniffing subsys yourself, but just use tcpdump with the -w option to do that part of the job, and then just interpret its output.

  3. #3
    Linux Engineer
    Join Date
    Apr 2003
    Location
    Sweden
    Posts
    796
    I suggest that you put on the flag on which port, interface and type of packets you want to listen to otherwise you will be drown in output from tcpdump...

    Regards

    Regards

    Andutt

  4. #4
    Just Joined!
    Join Date
    Aug 2003
    Posts
    26

    Re: promiscous mode

    Quote Originally Posted by chandan820
    I have read in a book that sniffing is done when a lan card or a nic is set to the promiscous mode...

    How exactly is this mode set....
    i mean, in the socket programming... how to set this thing call promiscous mode...??
    some one plz help me out.....

    regards,
    gc.
    Use the tcpdump method. With the following syntaxes:

    tcpdump -s 1600 (take the whole packet size all protocols included) -w filename.pcap -i eth0

    This will dump anything into the .pcap file, you can read this file by typeing: string filename.pcap, this will read 'all' readable strings out of the pcap file.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •