I am testing operation systems in promiscuous mode (sniffer detection).
Could you tell me how turn it in SCO Open Server? Or where can I find
any programm doing that (like tcpdump in Linux)
Maciej
Why not look at how tcpdump does it and do the same yourself?
The FAQ includes a question entitled "Is there a packet sniffer
(tcpdump) available?" - http://pcunix.com/SCOFAQ/scotec2.html#tcpdump
--
Stephen M. Dunn <ste...@stevedunn.ca>
>>>----------------> http://www.stevedunn.ca/ <----------------<<<
------------------------------------------------------------------
Say hi to my cat -- http://www.stevedunn.ca/photos/toby/
Openserver supports tcpdump, it is on TLS604. The setup requires a
second nic running without an OS binding on it, which means a little
bit of playing with the system files. The documentation covers all
of the points.
You may wish to look at Network Instruments home page for a discussion
on what is allowed through the various brands of NICs when they
are in promiscuous mode. Normal cards like a 3COM filter the "bad"
packets out, like runt packets, so you cannot see or count them.
I have used Network Instruments Observer for years, and have one
of their PCMCIA cards that passes most of the available network
packets. I can use tcpdump for quick and dirty sniffing, but
the advanced features and decoding in a commercial product have
great value. You can download and test a demo copy from
to see if it has any value for you.
Mike
--
Michael Brown
The Kingsway Group
Mike Brown wrote:
I am working on sniffers detections based on reply-test. With my students we
checking some operating systems (Win, Linux, Solaris, Open BSD) and looking
for more. I think if SCO open server need second card without any protocol,
the reply-test should does not opperate.
Thank you for the information
Maciej Szmit
--
Maciej Szmit
Ph.D., MCNE, CNI
http://www.kis.p.lodz.pl/~mszmit
Sorry: whatever morons are in charge of SCO's web pages have moved
things. As sooon as I can figure out where the hell it is (if anywhere)
I'll correct the link.
It must be nice to have so much business that you don't care if people
can find things through links they find on the web. It's also nice of
them to provide useful activity for those of us who attempt to maintain
such links.
Sometimes I just feel like redirecting all my SCO links to a page that
says "SCO management doesn't give a damn if you find what you are
looking for or not, so why should I?"
Unfortunately, *I* do care.
--
Tony Lawrence
Free SCO and Linux Skills Tests: http://aplawrence.com/skillstest.html
Yet another thing that got moved around as SCO changed to Caldera
changed to SCO :-(
The current location for this is
ftp://ftp2.caldera.com/pub/skunkware/osr5/net/nettools/
I'll email Tony to get him to update the FAQ entry, just in case
he doesn't spot it here.
> You may wish to look at Network Instruments home page for a discussion
> on what is allowed through the various brands of NICs when they
> are in promiscuous mode. Normal cards like a 3COM filter the "bad"
> packets out, like runt packets, so you cannot see or count them.
Could you tell me on what of their pages may I find more information about
this (what kind errors normal cards in promisc mode do)? BTW: if yu are
interested in it there is sniffer written by student of mine
http://www.kis.p.lodz.pl/~mszmit/snif/sniff_ver1.3.zip (Windows, LibPCap
http://winpcap.polito.it/install/default.htm required)
--
http://www.kis.p.lodz.pl/~mszmit
Your right, it does not seem to be NI anymore, but here is a discussion
on the problems using MS NDIS driver:
http://www.networkinstruments.com/support/osup1022.html
And this looks like a copy of the original document:
http://www.commwatch.com/osup1002.html
Thanks for the info.
Mike
--
Michael Brown
The Kingsway Group
Voice: 905 669 8101
Fax: 905 669 8104