On Mon, 31 Jan 2005 10:54:02 -0500, Phil Dyer <phil.dyer@cox.net> wrote:
Are you using the -p switch to tcpdump? That will take it out of permiscuous mode, and you'll only see traffic destined for the box, not forwarded traffic. Perhaps the nic doesn't support promisc mode? You could try "ifconfig eth0 promisc" before running tcpdump.
Tried it, didn't work. Tried tcpdump -p with eth0 in promisc and NO promisc mode, tried tcpdump also with eth0 in promisc and no promisc. Still nothing, all I get is lots of arp who-has requests and some things about DNS. Another silly thing is that I have mysql installed and listening on port 3306 (standard), but even if mysql is running (it's present in ps -ax and is used by snort and snortreport), it doesn't show up in "netstat -npta". And IT'S NOT BLOCKED ANYWHERE !! But that's off-topic anyway.
-- --------------------------- Alexandru Stefan-Voicu Catalyst Semiconductor INC. Device testing department ---------------------------