Promiscuous mode on Solaris?

361 views
Skip to first unread message

Patrick Forsberg

unread,
Jun 9, 1999, 3:00:00 AM6/9/99
to
Hi!

I was wondering if anyone knows of a way to tell wether the network device
is in promiscuous mode or not on a Solaris box that I have root access to.
I heard someone say that netstat shows this, but running snoop I cannot find
anything in netstat's output that tells me that I'm in promiscuous mode.

/Patrick

Alan J Rosenthal

unread,
Jun 9, 1999, 3:00:00 AM6/9/99
to
fo...@math.chalmers.se (Patrick Forsberg) writes:
>I was wondering if anyone knows of a way to tell wether the network device
>is in promiscuous mode or not on a Solaris box that I have root access to.

No, nobody does. From man page reading, I see that it is torturous and not
necessarily possible (although I think it is indeed possible, but writing the
appropriate program would be very non-trivial).

Incidentally, CERT's "cpm" utility always reports that the ethernet devices
are not in promiscuous mode, whether they are or not. It should probably
be modified to emit an error message when run on solaris, saying "this
doesn't work on solaris".

georg haber

unread,
Jun 9, 1999, 3:00:00 AM6/9/99
to
Try ifconfig, I don't use solaris. But maybe it works.

Tom

Neil Long

unread,
Jun 10, 1999, 3:00:00 AM6/10/99
to
"georg haber" <georg...@pandora.be> writes:

>Try ifconfig, I don't use solaris. But maybe it works.

>Tom


Use ifstatus - it works on 2.6 (and with hme interfaces with uptodate
patches.

v2.2 is out and I think it is in the COAST security archive under
mirrors/www.ers.ibm.com/ifstatus


There were some strange patches from Sun when it was either 'never' or
'always' promiscuous regardless of reality but ifstatus works fine since
quite some time.

Neil
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
* Dr Neil J Long, Computing Services, University of Oxford
* Banbury Road, Oxford, OX2 6NN, UK
* Tel: +44 1865 273232 Fax: +44 1865 273275
* EMail: Neil...@computing-services.oxford.ac.uk

Mark Drummond

unread,
Jun 11, 1999, 3:00:00 AM6/11/99
to
According to the Solaris Security FAQ there is a utility called ifstatus
which can detect this. There might be a link on the page:

http://www.sunworld.com/sunworldonline/common/security-faq.html

--
___________________________________________________________________
Mark E Drummond Royal Military College of Canada
drumm...@rmc.ca Computing Services
Linux Uber Alles perl || die

...there are two types of command interfaces in the world of
computing: good interfaces and user interfaces.
- Dan Bernstein, Author of qmail

PGP Fingerprint = 503D A72D AF41 2AD1 D433 C514 98D9 9A39 B25A 2405

Alan J Rosenthal

unread,
Jun 11, 1999, 3:00:00 AM6/11/99
to
Mark Drummond <drumm...@rmc.ca> writes:
>According to the Solaris Security FAQ there is a utility called ifstatus
>which can detect this.

Really? When *I* read the solaris security faq just now it said "Apparently
this program does not work on Solaris".

The paragraph is rather poorly written, because the first sentence seems to
state that it does. But if you read the whole paragraph, the opinion of the
author is clearly that "ifstatus" does not report whether the interface is
in promiscuous mode in Solaris.

--
very frequently asked questions at
ftp://rtfm.mit.edu/pub/faqs/computer-security/most-common-qs

Neil Rickert

unread,
Jun 11, 1999, 3:00:00 AM6/11/99
to
fl...@dgp.toronto.edu (Alan J Rosenthal) writes:

>Mark Drummond <drumm...@rmc.ca> writes:
>>According to the Solaris Security FAQ there is a utility called ifstatus
>>which can detect this.

>Really? When *I* read the solaris security faq just now it said "Apparently
>this program does not work on Solaris".

I picked up 'ifstatus' about a month ago. It didn't work. I picked
it up again yesterday (from purdue), and it was a different version
that has enough solaris specifics that it probably does work.


Alan J. Flavell

unread,
Jun 14, 1999, 3:00:00 AM6/14/99
to
On 14 Jun 1999, Alan J Rosenthal wrote:

> ric...@cs.niu.edu (Neil Rickert) writes:
> >I picked up 'ifstatus' about a month ago. It didn't work. I picked
> >it up again yesterday (from purdue), and it was a different version
> >that has enough solaris specifics that it probably does work.
>

> Wow! It does!
>
> This is very useful information....

Good news, but I'm puzzled that when I inspect Purdue, I find

ftp://coast.cs.purdue.edu/pub/Purdue/ifstatus

which claims to be version 2.2 dated 21 Sep 1998. Doesn't this make it
hard to understand why a version fetched 1 month ago would be different
from one fetched today...?

best regards


Richard L. Hamilton

unread,
Jun 17, 1999, 3:00:00 AM6/17/99
to
It looks as if the code to detect promiscuous mode is specific
to each flavor of interface on Solaris 2.x. The only interfaces
supported in the code (as far as I can see) are ie, le, qe, and hme.
That covers a bunch, but certainly not everything.

In article <1999Jun14....@jarvis.cs.toronto.edu>,


fl...@dgp.toronto.edu (Alan J Rosenthal) writes:

> ric...@cs.niu.edu (Neil Rickert) writes:
>>I picked up 'ifstatus' about a month ago. It didn't work. I picked
>>it up again yesterday (from purdue), and it was a different version
>>that has enough solaris specifics that it probably does work.
>
> Wow! It does!
>

> This is very useful information.... tell all your friends...

--
ftp> get |fortune
377 I/O error: smart remark generator failed

Bogonics: the primary language inside the Beltway

mailto:rlh...@mindwarp.smart.net http://www.smart.net/~rlhamil

73g...@gmail.com

unread,
May 15, 2017, 9:13:39 AM5/15/17
to
Old thread but kstat works on Sol 10

$ kstat -p | grep promisc
Reply all
Reply to author
Forward
0 new messages