Re: promiscuous mode

To: <debian-security@lists.debian.org>, "Noah Meyerhans" <noahm@debian.org>
Subject: Re: promiscuous mode
From: "Ian Goodall" <I.Goodall@exeter.ac.uk>
Date: Fri, 23 May 2003 23:24:10 +0100
Message-id: <003f01c3217a$081cd5a0$c30310ac@ijg0>
References: <002501c32162$0b725620$c30310ac@ijg0> <20030523200041.GO29081@unblinking-eye.lcs.mit.edu>

>Try using tcpdump to investigate the problem.  Make sure you use the
>'-p' flag to tcpdump to tell it not to set the interface into
>promiscuous mode.  Something like
># tcpdump -i eth0 -p -n

I have no idea what all the output means. Below is an extract from the
output:

23:17:22.564132 172.16.3.195.1957 > 172.16.5.92.22: P 211401:211445(44) ack
1380732 win 36168 (DF)
23:17:22.564551 172.16.5.92.22 > 172.16.3.195.1957: P 1380732:1380824(92)
ack 211445 win 17820 (DF) [tos 0x10]
23:17:22.565590 172.16.3.195.1957 > 172.16.5.92.22: P 211445:211489(44) ack
1380824 win 36076 (DF)
23:17:22.566376 172.16.5.92.22 > 172.16.3.195.1957: P 1380824:1381476(652)
ack 211489 win 17820 (DF) [tos 0x10]
23:17:22.566656 172.16.3.195.1957 > 172.16.5.92.22: P 211489:211533(44) ack
1381476 win 35424 (DF)
23:17:22.567099 172.16.5.92.22 > 172.16.3.195.1957: P 1381476:1381632(156)
ack 211533 win 17820 (DF) [tos 0x10]
23:17:22.573454 172.16.3.195.1957 > 172.16.5.92.22: P 211533:211577(44) ack
1381632 win 35268 (DF)
23:17:22.574079 172.16.5.92.22 > 172.16.3.195.1957: P 1381632:1382052(420)
ack 211577 win 17820 (DF) [tos 0x10]
23:17:22.574284 172.16.3.195.1957 > 172.16.5.92.22: P 211577:211621(44) ack
1382052 win 34848 (DF)
23:17:22.574712 172.16.5.92.22 > 172.16.3.195.1957: P 1382052:1382192(140)
ack 211621 win 17820 (DF) [tos 0x10]
23:17:22.578101 arp who-has 172.16.232.148 tell 172.16.5.210
23:17:22.580675 172.16.3.195.1957 > 172.16.5.92.22: . ack 1382192 win 56584
(DF)
23:17:22.580923 172.16.3.195.1957 > 172.16.5.92.22: P 211621:211665(44) ack
1382192 win 56584 (DF)
23:17:22.581483 172.16.5.92.22 > 172.16.3.195.1957: P 1382192:1382540(348)
ack 211665 win 17820 (DF) [tos 0x10]
23:17:22.581672 172.16.3.195.1957 > 172.16.5.92.22: P 211665:211709(44) ack
1382540 win 56236 (DF)

if it helps 172.16.3.195 is another computer directly connected to the
switch running windows xp. This computer is 172.16.5.92 . The switch is also
connected into the rest of the university student network. Even though the
rest of the network is connected to the server shouldn't the traffic be
ignored if it is not desined for it anyway?

Thanks for everyone's help.

Reply to:

Follow-Ups:
- Re: promiscuous mode
  - From: SLeiBt <irishseb@free.fr>

References:
- Re: promiscuous mode
  - From: "Ian Goodall" <I.Goodall@exeter.ac.uk>
- Re: promiscuous mode
  - From: Noah Meyerhans <noahm@debian.org>

Prev by Date: Re: promiscuous mode
Next by Date: Re: promiscuous mode
Previous by thread: Re: promiscuous mode
Next by thread: Re: promiscuous mode
Index(es):
- Date
- Thread