Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

promisc mode

0 views
Skip to first unread message

Maciej Szmit

unread,
Jan 3, 2003, 3:07:21 AM1/3/03
to
Hi

I am testing operation systems in promiscuous mode (sniffer detection).
Could you tell me how turn it in SCO Open Server? Or where can I find
any programm doing that (like tcpdump in Linux)

Maciej

Maciej Szmit

unread,
Jan 5, 2003, 6:40:41 PM1/5/03
to
anybody knows?????

Maciej Szmit wrote:

--
http://www.kis.p.lodz.pl/~mszmit


Stephen M. Dunn

unread,
Jan 5, 2003, 7:50:58 PM1/5/03
to
In article <3E18C279...@poczta.onet.pl> Maciej Szmit <m__s...@poczta.onet.pl> writes:
$anybody knows?????
$
$Maciej Szmit wrote:
$> Could you tell me how turn it in SCO Open Server? Or where can I find
$> any programm doing that (like tcpdump in Linux)

Why not look at how tcpdump does it and do the same yourself?
The FAQ includes a question entitled "Is there a packet sniffer
(tcpdump) available?" - http://pcunix.com/SCOFAQ/scotec2.html#tcpdump
--
Stephen M. Dunn <ste...@stevedunn.ca>
>>>----------------> http://www.stevedunn.ca/ <----------------<<<
------------------------------------------------------------------
Say hi to my cat -- http://www.stevedunn.ca/photos/toby/

Mike Brown

unread,
Jan 5, 2003, 8:36:57 PM1/5/03
to

Openserver supports tcpdump, it is on TLS604. The setup requires a
second nic running without an OS binding on it, which means a little
bit of playing with the system files. The documentation covers all
of the points.

You may wish to look at Network Instruments home page for a discussion
on what is allowed through the various brands of NICs when they
are in promiscuous mode. Normal cards like a 3COM filter the "bad"
packets out, like runt packets, so you cannot see or count them.

I have used Network Instruments Observer for years, and have one
of their PCMCIA cards that passes most of the available network
packets. I can use tcpdump for quick and dirty sniffing, but
the advanced features and decoding in a commercial product have
great value. You can download and test a demo copy from

www.networkinstruments.com

to see if it has any value for you.

Mike

--
Michael Brown

The Kingsway Group

Maciej Szmit

unread,
Jan 6, 2003, 10:04:17 AM1/6/03
to

Mike Brown wrote:

I am working on sniffers detections based on reply-test. With my students we
checking some operating systems (Win, Linux, Solaris, Open BSD) and looking
for more. I think if SCO open server need second card without any protocol,
the reply-test should does not opperate.

Thank you for the information

Maciej Szmit

--
Maciej Szmit
Ph.D., MCNE, CNI
http://www.kis.p.lodz.pl/~mszmit


Tony Lawrence

unread,
Jan 6, 2003, 2:55:26 PM1/6/03
to
Maciej Szmit wrote:

>
> "Stephen M. Dunn" wrote:
>
>
>>In article <3E18C279...@poczta.onet.pl> Maciej Szmit <m__s...@poczta.onet.pl> writes:
>>$anybody knows?????
>>$
>>$Maciej Szmit wrote:
>>$> Could you tell me how turn it in SCO Open Server? Or where can I find
>>$> any programm doing that (like tcpdump in Linux)
>>
>> Why not look at how tcpdump does it and do the same yourself?
>>The FAQ includes a question entitled "Is there a packet sniffer
>>(tcpdump) available?" - http://pcunix.com/SCOFAQ/scotec2.html#tcpdump
>
>
> Yes and the answer contain link to "Document Not Found" page :-(

Sorry: whatever morons are in charge of SCO's web pages have moved
things. As sooon as I can figure out where the hell it is (if anywhere)
I'll correct the link.

It must be nice to have so much business that you don't care if people
can find things through links they find on the web. It's also nice of
them to provide useful activity for those of us who attempt to maintain
such links.

Sometimes I just feel like redirecting all my SCO links to a page that
says "SCO management doesn't give a damn if you find what you are
looking for or not, so why should I?"

Unfortunately, *I* do care.

--
Tony Lawrence
Free SCO and Linux Skills Tests: http://aplawrence.com/skillstest.html

Stephen M. Dunn

unread,
Jan 6, 2003, 4:35:32 PM1/6/03
to
In article <3E1981FE...@poczta.onet.pl> Maciej Szmit <m__s...@poczta.onet.pl> writes:
$Yes and the answer contain link to "Document Not Found" page :-(

Yet another thing that got moved around as SCO changed to Caldera
changed to SCO :-(

The current location for this is
ftp://ftp2.caldera.com/pub/skunkware/osr5/net/nettools/

I'll email Tony to get him to update the FAQ entry, just in case
he doesn't spot it here.

Maciej Szmit

unread,
Jan 6, 2003, 7:11:16 PM1/6/03
to
Mike Brown wrote:

> You may wish to look at Network Instruments home page for a discussion
> on what is allowed through the various brands of NICs when they
> are in promiscuous mode. Normal cards like a 3COM filter the "bad"
> packets out, like runt packets, so you cannot see or count them.

Could you tell me on what of their pages may I find more information about
this (what kind errors normal cards in promisc mode do)? BTW: if yu are
interested in it there is sniffer written by student of mine
http://www.kis.p.lodz.pl/~mszmit/snif/sniff_ver1.3.zip (Windows, LibPCap
http://winpcap.polito.it/install/default.htm required)
--
http://www.kis.p.lodz.pl/~mszmit


Mike Brown

unread,
Jan 6, 2003, 8:52:55 PM1/6/03
to


Your right, it does not seem to be NI anymore, but here is a discussion
on the problems using MS NDIS driver:

http://www.networkinstruments.com/support/osup1022.html

And this looks like a copy of the original document:

http://www.commwatch.com/osup1002.html

Thanks for the info.

Mike

--
Michael Brown

The Kingsway Group
Voice: 905 669 8101
Fax: 905 669 8104

0 new messages