[CentOS] how to find out promiscuous mode
Markus Falb
markus.falb at fasel.at
Sun Feb 7 03:15:10 UTC 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 03/02/2010 23:28, Bill Campbell wrote:
> On Wed, Feb 03, 2010, Vadkan Jozsef wrote:
>> How can I find out that someone is using it's network card in
>> promiscuous mode in a subnet?
>
> We use the swatch log watcher, to detect lines like this in
> /var/log/messages (this is from a system running VMware virtual
> machines in bridging mode so this is normal):
i believe the interface flags are defined in the kernel sources in
include/linux/if.h
#define IFF_PROMISC 0x100 /* receive all packets */
You can read the flags from /sys
Promiscous mode off:
#$ cat /sys/class/net/eth0/flags
0x1003
Promiscous mode on:
#$ cat /sys/class/net/eth0/flags
0x1103
Anyway, both grepping the logs or looking at /sys requires local access.
- --
best regards,
markus
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAktuMD4ACgkQYoWFBIJE9eX3aQCgs56Gd8PJfNgIsgJNy/YPh/VE
Y2sAn0azT/GEXPg8bzIABirICo19W3km
=fCT8
-----END PGP SIGNATURE-----
More information about the CentOS
mailing list