It rally depends on your version of ifconfig/what kernel your using/what
adapter you have.
Tell us those things and we'll try and help.
otherwise read RTFM....
(granted the man page doesnt have the promisc flag, the option for you is
promisc.)
-humboldt
bash-2.03$ man ifconfig
IFCONFIG(8) FreeBSD System Manager's Manual
IFCONFIG(8)
NAME
ifconfig - configure network interface parameters
SYNOPSIS
ifconfig interface address_family [address [dest_address]] [parameters]
ifconfig -a [-d] [-u] [address_family]
ifconfig -l [-d] [-u] [address_family]
DESCRIPTION
Ifconfig is used to assign an address to a network interface and/or
con-
figure network interface parameters. Ifconfig must be used at boot
time
to define the network address of each interface present on a machine;
it
may also be used at a later time to redefine an interface's address or
other operating parameters.
The following options are available:
address
For the DARPA-Internet family, the address is either a host
name
present in the host name data base, hosts(5), or a DARPA
Inter-
net address expressed in the Internet standard ``dot
notation''.
address_family
Specify the address family which affects interpretation of the
remaining parameters. Since an interface can receive transmis-
sions in differing protocols with different naming schemes,
spec-
ifying the address family is recommended. The address or
proto-
col families currently supported are ``inet'', ``atalk'', and
``ipx''.
dest_address
Specify the address of the correspondent on the other end of a
point to point link.
interface
This parameter is a string of the form ``name unit'', for exam-
ple, ``en0''.
The following parameters may be set with ifconfig:
alias Establish an additional network address for this interface.
This
is sometimes useful when changing network numbers, and one
wishes
to accept packets addressed to the old interface.
arp Enable the use of the Address Resolution Protocol in mapping
be-
tween network level addresses and link level addresses
(default).
This is currently implemented for mapping between DARPA
Internet
addresses and 10Mb/s Ethernet addresses.
-arp Disable the use of the Address Resolution Protocol.
broadcast
(Inet only) Specify the address to use to represent broadcasts
to
the network. The default broadcast address is the address with
a
host part of all 1's.
debug Enable driver dependent debugging code; usually, this turns on
extra console error logging.
-debug Disable driver dependent debugging code.
delete Remove the network address specified. This would be used if
you
incorrectly specified an alias, or it was no longer needed. If
you have incorrectly set an NS address having the side effect
of
specifying the host portion, removing all NS addresses will
allow
you to respecify the host portion.
down Mark an interface ``down''. When an interface is marked
``down'', the system will not attempt to transmit messages
through that interface. If possible, the interface will be
reset
to disable reception as well. This action does not
automatically
disable routes using the interface.
media type
If the driver supports the media selection system, set the
media
type of the interface to type. Some interfaces support the
mutu-
ally exclusive use of one of several different physical media
connectors. For example, a 10Mb/s Ethernet interface might
sup-
port the use of either AUI or twisted pair connectors. Setting
the media type to ``10base5/AUI'' would change the currently
ac-
tive connector to the AUI port. Setting it to ``10baseT/UTP''
would activate twisted pair. Refer to the interfaces' driver
specific documentation or man page for a complete list of the
available types.
mediaopt opts
If the driver supports the media selection system, set the
speci-
fied media options on the interface. Opts is a comma delimited
list of options to apply to the interface. Refer to the inter-
faces' driver specific man page for a complete list of
available
options.
-mediaopt opts
If the driver supports the media selection system, disable the
specified media options on the interface.
metric n
Set the routing metric of the interface to n, default 0. The
routing metric is used by the routing protocol (routed(8)).
Higher metrics have the effect of making a route less
favorable;
metrics are counted as addition hops to the destination network
or host.
mtu n Set the maximum transmission unit of the interface to n,
default
is interface specific. The mtu is used to limit the size of
packets that are transmitted on an interface. Not all
interfaces
support setting the mtu, and some interfaces have range
restric-
tions.
netmask mask
(Inet only) Specify how much of the address to reserve for
subdi-
viding networks into sub-networks. The mask includes the
network
part of the local address and the subnet part, which is taken
from the host field of the address. The mask can be specified
as
a single hexadecimal number with a leading 0x, with a dot-nota-
tion Internet address, or with a pseudo-network name listed in
the network table networks(5). The mask contains 1's for the
bit
positions in the 32-bit address which are to be used for the
net-
work and subnet parts, and 0's for the host part. The mask
should contain at least the standard network portion, and the
subnet field should be contiguous with the network portion.
range Under appletalk, set the interface to respond to a netrange. of
the form startnet-endnet. Appletalk uses this scheme instead of
netmasks though FreeBSD implements it internally as a set of
net-
masks.
phase The argument following this specifies the version (phase) of
the
Appletalk network attached to the interface. Values of 1 or 2
are
permitted.
link[0-2]
Enable special processing of the link level of the interface.
These three options are interface specific in actual effect,
how-
ever, they are in general used to select special modes of
opera-
tion. An example of this is to enable SLIP compression, or to
se-
lect the connector type for some Ethernet cards. Refer to the
man page for the specific driver for more information.
-link[0-2]
Disable special processing at the link level with the specified
interface.
up Mark an interface ``up''. This may be used to enable an
interface
after an ``ifconfig down''. It happens automatically when
setting
the first address on an interface. If the interface was reset
when previously marked down, the hardware will be
re-initialized.
Ifconfig displays the current configuration for a network interface
when
no optional parameters are supplied. If a protocol family is
specified,
ifconfig will report only the details specific to that protocol family.
If the driver does supports the media selection system, the supported
me-
dia list will be included in the output.
Optionally, the -a flag may be used instead of an interface name. This
flag instructs ifconfig to display information about all interfaces in
the system. The -d flag limits this to interfaces that are down, and
-u
limits this to interfaces that are up.
The -l flag may be used to list all available interfaces on the system,
with no other additional information. Use of this flag is mutually ex-
clusive with all other flags and commands, except for -d (only list in-
terfaces that are down) and -u (only list interfaces that are up).
Only the super-user may modify the configuration of a network
interface.
NOTES
The media selection system is relatively new and only some drivers sup-
port it (or have need for it).
DIAGNOSTICS
Messages indicating the specified interface does not exist, the
requested
address is unknown, or the user is not privileged and tried to alter an
interface's configuration.
SEE ALSO
netstat(1), netintro(4), rc(8), routed(8)
HISTORY
The ifconfig command appeared in 4.2BSD.
4.2 Berkeley Distribution February 13, 1996
3
bash-2.03$
-----Original Message-----
From: Anatoly Shein [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, August 22, 2001 12:05 PM
To: [EMAIL PROTECTED]
Subject: RE: Promiscous interface and remote users [7:16734]
Hi
what are you mean exactly by "unbind IP from that interface"
is it
ifconfig 0.0.0.0
for UNIX or something else
thank you in advance
toly
-----Original Message-----
From: Patrick Ramsey [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, August 22, 2001 4:04 PM
To: [EMAIL PROTECTED]
Subject: Re: Promiscous interface and remote users [7:16734]
If it is truely in promiscuos mode, there should not be any problem. You
can test this by pinging the ip address. (It should not respond)
alot of drivers do not allow for full promiscuity however. Remember it's
not the app that talks to the nic, it's the driver. Some companies do offer
promiscuous drivers however if yours does not. NAI also has their own
drivers built for specific nics. (of course you ahve to use they're product
to take advantage) These drivers are advanced prmiscuous drivers that allow
you to see runts and the like across the wire.
But if you are willing to take a server down by putting it's nic in
promiscuous mode, why not just unbind IP from that interface?
-Patrick
>>> "Subba Rao" 08/21/01 05:39PM >>>
Hi,
We have 2 sniffer systems on NT and on Unix. The sniffer puts the ethernet
interfaces
on both the systems in promiscuous mode. Currently we are not worried about
any local
users on the system. Are there any threats from remote users on the
promiscuous interface,
on either system? When I say "remote users", I am talking about John Doe on
our network who
has no business with either of these system. John Doe could be on Internet
as well but has
no user accounts on these systems. Would he get any vulnerable information
from the sniffer
interfaces on either system?
Thank you in advance for any info.
--
Subba Rao
[EMAIL PROTECTED]
http://members.home.net/subba9/
GPG public key ID CCB7344E
Key fingerprint = A8DD 4CBA 1E9B D962 A55B 2B55 BAFE 92C5 CCB7 344E
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=16838&t=16734
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
