[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] chkrootkit output, what does it mean?
- Subject: Re: [cobalt-security] chkrootkit output, what does it mean?
- From: Mike Vanecek <clist.mtv@xxxxxxxxxxxx>
- Date: Fri, 15 Mar 2002 08:25:27 -0600
- Organization: anonymous
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
On Fri, 15 Mar 2002 14:05:11 +0100, Michael Stauber <cobalt@xxxxxxxxxxxxxx>
wrote:
[snip]
:>Yes. Sometimes the network cards remain in promiscuous mode even after the
:>application that switched 'em to that mode have ended.
:>
:>Example: running "tcpdump -i eth0 -n" for instance will start a console based
:>network sniffer. Interrupt it by pressing CTRL+C, wait a moment and then
:>start chkrootkit. It will report that the network card is still in
:>promiscuous mode, even though tcpdump has already been stopped.
What exactly is promiscuous mode? Why does a program such as tcpdump turn on
promiscuous mode?
Once the network card is in promiscuous mode, how does one turn it off
(reboot)?
Thanks for the education.
--
Mike