Thursday, December 28, 2006

INFO ON Promiscuous mode

INFO ON Promiscuous mode

Promiscuous mode is usually initiated by a network sniffer of some sort. Like Ethereal or dsniff. You may want to check your running processes and verify you're not running something like that or even a trojaned version or something normal. If I saw that in my logs, I would be concerned. You can see promiscuous mode by running /sbin/ifconfig -a

normal: look--> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:7153852 errors:0 dropped:0 overruns:0 frame:0 TX packets:6107958 errors:0 dropped:0 overruns:0 carrier:14

Promiscuous: look--> UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1 RX packets:7153858 errors:0 dropped:0 overruns:0 frame:0 TX packets:6107962 errors:0 dropped:0 overruns:0 carrier:14

In this case its normal state and can be ignored :
 
eth0      Link encap:Ethernet  HWaddr 00:13:21:07:5A:2B
          inet addr:154.1.33.140  Bcast:154.1.33.255  Mask:255.255.255.128
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:15985086 errors:0 dropped:0 overruns:0 frame:0
          TX packets:21467022 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:7258750788 (6922.4 Mb)  TX bytes:15187993324 (14484.3 Mb)
          Interrupt:25
 
eth1      Link encap:Ethernet  HWaddr 00:13:21:07:5A:2A
          inet addr:172.18.39.17  Bcast:172.18.39.127  Mask:255.255.255.128
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:39861538 errors:0 dropped:0 overruns:0 frame:0
          TX packets:78187478 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:2552135645 (2433.9 Mb)  TX bytes:118484247360 (112995.3 Mb)

No comments: