On Sat, 27 Dec 2003 22:33:00 -0600 (CST) Robert Brown <eli@xxxxxxxxxxxxxxxx> wrote: > Yes, and I have similar symptoms on other boxes, although the only > other multi-homed boxes are the firewalls. I see the problem even > when I run the above tcpdump cammand line from my worksation. > > I think promiscuous mode is broken. I can set it with ifconfig, and > ifconfig reports that it is set, but I do not think it is working > anymore, not since the upgrade to the 2.4.20-27.9 kernel. Forgive me if you already answered this question earlier in the thread: Are you able to use promiscuous mode with an older kernel on the exact same network? It sure sounds like you are trying to sniff while plugged into a network switch rather than a hub. A switch routes the traffic intelligently so you won't see anything but broadcasts and traffic destined for your machine directly. Are you sure you're using a hub in so that you can snoop all traffic? If not you'll need a managed switch which allows configuring a port as a snooping-port which isn't a feature on many low end switches. > How, other than by sniffing with tcpdump, can I verify this? Snort can listen itself without tcpdump, check out the man page for the relevent switch settings. Sean. -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
