http://docs.sun.com/app/docs/doc/817-3947/6mjgnrl80?a=view says that ce does actually support promiscuous mode.
You might have to change something in /kernel/drv/ce.conf but honestly I do not knopw what. Luis On 2/18/07, William Murphy <[EMAIL PROTECTED]> wrote: > Supposedly....i have tried with tethereal also and it has same effect.No > traffic captured > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Luis Ontanon > Sent: 18 February 2007 21:12 > To: Community support list for Wireshark > Subject: Re: [Wireshark-users] Listening on Port mirrored interface > > does snoop work in promiscuous mode? > > On 2/18/07, William Murphy <[EMAIL PROTECTED]> wrote: > > Hi, > > Ok changed the rights on the file > > > > crw-rw-rw- 1 root sys 11, 80 May 14 2006 [EMAIL PROTECTED]:ce > > > > but this still does not make a difference. I did not restart the > system. > > Just changed rights and made trace which did not work. > > > > Will > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Luis > Ontanon > > Sent: 18 February 2007 20:55 > > To: Community support list for Wireshark > > Subject: Re: [Wireshark-users] Listening on Port mirrored interface > > > > I used to capture promiscous on sun boxen without any problem. > > > > So it might be an issue with permissions of the /dev/ node for the > > interface which I remember I had to change myself. > > . > > Can you capture as root? > > If so which are the permissions on /dev/ifname? > > What happens if you change permissions on /dev/ifname so that it is > > writable by the user, can you capture promiscuous then? > > > > Luis > > > > On 2/18/07, William Murphy <[EMAIL PROTECTED]> wrote: > > > Hi , > > > Thanks for getting back to me....tcpdump does not capture > > either....i > > > have been reading up on this and here it is. > > > The laptop I use is not as secure as Sun server and the nic card can > > be > > > turned into promiscuous mode easily by software, > > > But on the Sun server I don't think the software can turn it into > > > promiscuous mode and thus the Nic card will not show the > sniffer(i.e. > > > snoop,tcpdump,tethereal,tshark) traffic from Mac address other than > > its > > > own mac address for security reasons. > > > > > > So I think now my question is: > > > > > > Is there a command I can run which will put the nic card on the SUN > > > server(i.e. Solaris 10) into promiscuous mode? > > > > > > Agree with my thinking? > > > > > > Will > > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED] On Behalf Of Luis > > Ontanon > > > Sent: 18 February 2007 20:26 > > > To: Community support list for Wireshark > > > Subject: Re: [Wireshark-users] Listening on Port mirrored interface > > > > > > What about tcpdump, does it capture? > > > What happen if you run it as root, can you capture? > > > is /dev/ifname readable by the user you are trying to capture with? > > > > > > On 2/18/07, William Murphy <[EMAIL PROTECTED]> > wrote: > > > > Hi All, > > > > > > > > Don't know if this is the correct board to put this too but > hear > > > goes anyway. > > > > I am having problems listening for packets on my Sun Machine. > > > > > > > > I have a F5 BIGIP switch on which I mirrored the traffic > port(i.e.9) > > > to another port 16 for listening and tracing. In port 16 bi run a > > cable > > > to my Sun Solaris V440 machine. On this machine I simply plumb the > > > interface to where the cable is, give it a dummy ip address,netmask > > and > > > broadcast address and bring it up. Issue is when I run Tshark I see > no > > > packets. > > > > > > > > Any ideas on what I have done wrong or even some tricks. When I > > > connect my laptop instead of Sun server and run wireshark , then I > can > > > see packets that I want. I don't even give the laptop interface card > a > > > ip address, netmask and broadcast address and it still works. > > > > > > > > William > > > > > > > > > -- > > > This information is top security. When you have read it, destroy > > > yourself. > > > -- Marshall McLuhan > > > _______________________________________________ > > > Wireshark-users mailing list > > > Wireshark-users@wireshark.org > > > http://www.wireshark.org/mailman/listinfo/wireshark-users > > > > ********************************************************************** > > > This email and any files transmitted with it are confidential and > > intended > > > solely for the use of the individual or entity to whom they are > > addressed. > > > If you have received this email in error please notify the system > > manager. > > > This footnote also confirms that this email message has been swept > for > > the > > > presence of computer viruses. > > > > > > www.adaptivemobile.com > > > > > > > ********************************************************************** > > > _______________________________________________ > > > Wireshark-users mailing list > > > Wireshark-users@wireshark.org > > > http://www.wireshark.org/mailman/listinfo/wireshark-users > > > > > > > > > -- > > This information is top security. When you have read it, destroy > > yourself. > > -- Marshall McLuhan > > _______________________________________________ > > Wireshark-users mailing list > > Wireshark-users@wireshark.org > > http://www.wireshark.org/mailman/listinfo/wireshark-users > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended > > solely for the use of the individual or entity to whom they are > addressed. > > If you have received this email in error please notify the system > manager. > > This footnote also confirms that this email message has been swept for > the > > presence of computer viruses. > > > > www.adaptivemobile.com > > > > ********************************************************************** > > _______________________________________________ > > Wireshark-users mailing list > > Wireshark-users@wireshark.org > > http://www.wireshark.org/mailman/listinfo/wireshark-users > > > > > -- > This information is top security. When you have read it, destroy > yourself. > -- Marshall McLuhan > _______________________________________________ > Wireshark-users mailing list > Wireshark-users@wireshark.org > http://www.wireshark.org/mailman/listinfo/wireshark-users > ********************************************************************** > This email and any files transmitted with it are confidential and intended > solely for the use of the individual or entity to whom they are addressed. > If you have received this email in error please notify the system manager. > This footnote also confirms that this email message has been swept for the > presence of computer viruses. > > www.adaptivemobile.com > > ********************************************************************** > _______________________________________________ > Wireshark-users mailing list > Wireshark-users@wireshark.org > http://www.wireshark.org/mailman/listinfo/wireshark-users > -- This information is top security. When you have read it, destroy yourself. -- Marshall McLuhan _______________________________________________ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
