Wireshark-users: Re: [Wireshark-users] Listening on Port mirrored interface
From: "Luis Ontanon" <luis.ontanon@xxxxxxxxx>
Date: Sun, 18 Feb 2007 19:47:59 +0100
http://docs.sun.com/app/docs/doc/817-3947/6mjgnrl80?a=view says that
ce does actually support promiscuous mode.

You might have to change something in /kernel/drv/ce.conf but honestly
I do not knopw what.


Luis



On 2/18/07, William Murphy <William.Murphy@xxxxxxxxxxxxxxxxxx> wrote:
Supposedly....i have tried with tethereal also and it has same effect.No
traffic captured

-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Luis Ontanon
Sent: 18 February 2007 21:12
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] Listening on Port mirrored interface

does snoop work in promiscuous mode?

On 2/18/07, William Murphy <William.Murphy@xxxxxxxxxxxxxxxxxx> wrote:
> Hi,
>    Ok changed the rights on the file
>
> crw-rw-rw-   1 root     sys       11, 80 May 14  2006 clone@0:ce
>
> but this still does not make a difference. I did not restart the
system.
> Just changed rights and made trace which did not work.
>
> Will
>
> -----Original Message-----
> From: wireshark-users-bounces@xxxxxxxxxxxxx
> [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Luis
Ontanon
> Sent: 18 February 2007 20:55
> To: Community support list for Wireshark
> Subject: Re: [Wireshark-users] Listening on Port mirrored interface
>
> I used to capture promiscous on sun boxen without any problem.
>
> So it might be an issue with permissions of the /dev/ node for the
> interface which I remember I had to change myself.
> .
> Can you capture as root?
> If so which are the permissions on /dev/ifname?
> What happens if you change permissions on /dev/ifname so that it is
> writable by the user, can you capture promiscuous then?
>
> Luis
>
> On 2/18/07, William Murphy <William.Murphy@xxxxxxxxxxxxxxxxxx> wrote:
> > Hi ,
> >    Thanks for getting back to me....tcpdump does not capture
> either....i
> > have been reading up on this and here it is.
> > The laptop I use is not as secure as Sun server and the nic card can
> be
> > turned into promiscuous mode easily by software,
> > But on the Sun server I don't think the software can turn it into
> > promiscuous mode and thus the Nic card will not show the
sniffer(i.e.
> > snoop,tcpdump,tethereal,tshark) traffic from Mac address other than
> its
> > own mac address for security reasons.
> >
> > So I think now my question is:
> >
> > Is there a command I can run which will put the nic card on the SUN
> > server(i.e. Solaris 10) into promiscuous mode?
> >
> > Agree with my thinking?
> >
> > Will
> >
> > -----Original Message-----
> > From: wireshark-users-bounces@xxxxxxxxxxxxx
> > [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Luis
> Ontanon
> > Sent: 18 February 2007 20:26
> > To: Community support list for Wireshark
> > Subject: Re: [Wireshark-users] Listening on Port mirrored interface
> >
> > What about tcpdump, does it capture?
> > What happen if you run it as root, can you capture?
> > is /dev/ifname readable by the user you are trying to capture with?
> >
> > On 2/18/07, William Murphy <William.Murphy@xxxxxxxxxxxxxxxxxx>
wrote:
> > > Hi All,
> > >
> > >    Don't know if this is the correct board to put this too but
hear
> > goes anyway.
> > > I am having problems listening for packets on my Sun Machine.
> > >
> > > I have a F5 BIGIP switch on which I mirrored the traffic
port(i.e.9)
> > to another port 16 for listening and tracing. In port 16 bi run a
> cable
> > to my Sun Solaris V440 machine. On this machine I simply plumb the
> > interface to where the cable is, give it a dummy ip address,netmask
> and
> > broadcast address and bring it up. Issue is when I run Tshark I see
no
> > packets.
> > >
> > > Any ideas on what I have done wrong or even some tricks. When I
> > connect my laptop instead of Sun server and run wireshark , then I
can
> > see packets that I want. I don't even give the laptop interface card
a
> > ip address, netmask and broadcast address and it still works.
> > >
> > > William
> >
> >
> > --
> > This information is top security. When you have read it, destroy
> > yourself.
> > -- Marshall McLuhan
> > _______________________________________________
> > Wireshark-users mailing list
> > Wireshark-users@xxxxxxxxxxxxx
> > http://www.wireshark.org/mailman/listinfo/wireshark-users
> >
**********************************************************************
> > This email and any files transmitted with it are confidential and
> intended
> > solely for the use of the individual or entity to whom they are
> addressed.
> > If you have received this email in error please notify the system
> manager.
> > This footnote also confirms that this email message has been swept
for
> the
> > presence of computer viruses.
> >
> > www.adaptivemobile.com
> >
> >
**********************************************************************
> > _______________________________________________
> > Wireshark-users mailing list
> > Wireshark-users@xxxxxxxxxxxxx
> > http://www.wireshark.org/mailman/listinfo/wireshark-users
> >
>
>
> --
> This information is top security. When you have read it, destroy
> yourself.
> -- Marshall McLuhan
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-users
> **********************************************************************
> This email and any files transmitted with it are confidential and
intended
> solely for the use of the individual or entity to whom they are
addressed.
> If you have received this email in error please notify the system
manager.
> This footnote also confirms that this email message has been swept for
the
> presence of computer viruses.
>
> www.adaptivemobile.com
>
> **********************************************************************
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-users
>


--
This information is top security. When you have read it, destroy
yourself.
-- Marshall McLuhan
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users
**********************************************************************
This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify the system manager.
This footnote also confirms that this email message has been swept for the
presence of computer viruses.

www.adaptivemobile.com

**********************************************************************
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users



--
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan