|
EtherealRe: [Ethereal-Users] sniffing theory |
|
||
|
|
EtherealRe: [Ethereal-Users] sniffing theory |
|
||
Thanks for the test...I compiled my own (2.4.18) kernel and have been having problems (General Intelligence Failure) with getting the kernel to support iptables. I was mostly wondering if my current set of iptables rules on my other computer would affect it's capturing. But either way, this is a very good thing to know. Thanks for you help! -Rick Farina ----- Original Message ----- From: "Gerald Combs" <gerald@xxxxxxxxxxxx> To: "Rick Farina" <farinard@xxxxxxxxxx> Cc: <ethereal-users@xxxxxxxxxxxx> Sent: Sunday, April 07, 2002 20:24 Subject: Re: [Ethereal-Users] sniffing theory On Sun, 7 Apr 2002, Rick Farina wrote: > I have a really odd question. If I am using linux, and block ALL outgoing > AND incoming traffic with iptables, can I still sniff? I would assume not, > but promisc does have some odd features. If this would work, is there a > disadvantage to this? As a quick test I ran "iptables -A INPUT -j DROP" and "iptables -A OUTPUT -j DROP" on a stock RH 7.2 machine (kernel version 2.4.9). I was able to capture without any problems. However, I haven't found any documentation that states that this is the case for all 2.4 kernels. What are you trying to accomplish by blocking all traffic? If you want to sniff on an interface that's invisible to the local network, you might try bringing your interface up without an IP address. You should still be able to see traffic without having to worry about iptables intercepting anything. > Thanks > > -Rick Farina > > > "a false sense of security, is worse than insecurity" -Steve Gibson > > > _______________________________________________ > Ethereal-users mailing list > Ethereal-users@xxxxxxxxxxxx > http://www.ethereal.com/mailman/listinfo/ethereal-users > _______________________________________________ Ethereal-users mailing list Ethereal-users@xxxxxxxxxxxx http://www.ethereal.com/mailman/listinfo/ethereal-users
Powered by MHonArc 2.6.10