Linux Help
guides forums blogs
Home Desktops Distributions ISO Images Logos Newbies Reviews Software Support & Resources Linuxhelp Wiki

Welcome Guest ( Log In | Register )



Advanced DNS Management
New ZoneEdit. New Managment.

FREE DNS Is Back

Sign Up Now
 
Reply to this topicStart new topic
> Promiscuous Or Not Promiscuous Mode?
Robert83
post May 3 2004, 07:42 AM
Post #1


Its GNU/Linuxhelp.net
*******

Group: Support Specialist
Posts: 1,439
Joined: 3-January 04
From: Germany
Member No.: 2,069



Hi,

I just installed Bandwidthd , and it's working ok, I just wanted to ask one question,
if I want Bandwidthd to only monitor data that passes trough the proxy/nat server then I should dissable promiscuous mode right?
By the way, could someone give me a link about how this promiscuous stuff works?

Here is a small part of my bandwidthd.conf file
CODE
####################################################
# Bandwidthd.conf
#
# Commented out options are here to provide
# documentation and represent defaults

# Subnets to collect statistics on
subnet 192.168.0.0 255.255.255.0
subnet 192.168.1.0 255.255.255.0
subnet 192.168.2.0 255.255.255.0

# Device to listen on
dev "eth0"

###################################################

my guess would be if I set that promiscuous mode to false, then I need to have the following in the Device to listen on section :
dev "eth0" (192.168.0.x)
dev "eth1" (192.168.1.x)
dev "eth2" (192.168.2.x)

And it should work right? , I don't need to add dev"eth3" if I'm correct since it only connects the NAT/Proxy server to the gateway computer....

Sincerely
Robert B


--------------------
Robert Becskei
robert83@linuxhelp.net
--------------------
May the source be with us!
--------------------
AMD X2-3800 @ 2400Mhz
2048MB DDR 400Mhz
DFI Lanparty UT4 NF4 ULTRA-D
GeForce 7800GT
250GB+250GB
Pioneer DVD-RW
17inch Samsung Syncmaster 757NF
WinXP Pro (SP2)/ CentOS 4.3
--------------------
Go to the top of the page
 
+Quote Post
Robert83
post May 5 2004, 04:35 AM
Post #2


Its GNU/Linuxhelp.net
*******

Group: Support Specialist
Posts: 1,439
Joined: 3-January 04
From: Germany
Member No.: 2,069



Sorry for posting this again, but please help me with this one,...


Sincerely
Robert B


--------------------
Robert Becskei
robert83@linuxhelp.net
--------------------
May the source be with us!
--------------------
AMD X2-3800 @ 2400Mhz
2048MB DDR 400Mhz
DFI Lanparty UT4 NF4 ULTRA-D
GeForce 7800GT
250GB+250GB
Pioneer DVD-RW
17inch Samsung Syncmaster 757NF
WinXP Pro (SP2)/ CentOS 4.3
--------------------
Go to the top of the page
 
+Quote Post
hughesjr
post May 5 2004, 04:56 AM
Post #3


Its GNU/Linuxhelp.net
*******

Group: Admin
Posts: 3,433
Joined: 25-July 03
From: Corpus Chrsiti, TX, USA
Member No.: 1,151



What is promiscuous mode?

http://searchsecurity.techtarget.com/sDefi...i518283,00.html

http://www.itsecurity.com/dictionary/promiscuous.htm

http://linux.about.com/cs/linux101/g/promi...iscuous_mod.htm
----------------------------------------------------------------
Is promiscuous mode bad?

No ... but it is detectable. If you have a NIC in promiscuous mode, and if a hacker can gain access to that machine, they can see all the traffic for everything. Hackers would like to find a machine with an interface in promiscuous mode on your network, so they don't have to setup one on a mahcine that doesn't already have promiscuous mode set ... because you might detect that a card is in promiscuous mode that you didn't set and figure out they have gotten into your machine.

As a general rule, you would want to not have a promiscuous mode NIC on the outside interface of your router ... but a couple promiscuous mode interfaces on your internal network isn't that bad.


--------------------
Johnny Hughes
hughesjr@linuxhelp.net
Enterprise Alternatives: CentOS, WhiteBoxEL
Favorite Workstation Distros (in order): CentOS, Gentoo, Debian Sarge, Ubuntu, Mandrake, FedoraCore, Slackware, SUSE
Favorite Server Distros (in order): CentOS, WhiteBoxEL, Debian Sarge, Slackware, Mandrake, FedoraCore, Gentoo, SUSE
Go to the top of the page
 
+Quote Post
hughesjr
post May 5 2004, 05:00 AM
Post #4


Its GNU/Linuxhelp.net
*******

Group: Admin
Posts: 3,433
Joined: 25-July 03
From: Corpus Chrsiti, TX, USA
Member No.: 1,151



A hacker on a promiscuous mode machine can see unencrypted passwords for things like FTP, telnet, NIS, etc...which means they can know a username and password.

That is why I minimize use of FTP ... and never ever use NIS or telnet. I instead mostly use SSH and SFTP.


--------------------
Johnny Hughes
hughesjr@linuxhelp.net
Enterprise Alternatives: CentOS, WhiteBoxEL
Favorite Workstation Distros (in order): CentOS, Gentoo, Debian Sarge, Ubuntu, Mandrake, FedoraCore, Slackware, SUSE
Favorite Server Distros (in order): CentOS, WhiteBoxEL, Debian Sarge, Slackware, Mandrake, FedoraCore, Gentoo, SUSE
Go to the top of the page
 
+Quote Post
Robert83
post May 5 2004, 06:04 AM
Post #5


Its GNU/Linuxhelp.net
*******

Group: Support Specialist
Posts: 1,439
Joined: 3-January 04
From: Germany
Member No.: 2,069



Thank you for the info,

then If I understand this correctly in order to measure bandwidth [upload download] that goes trough the Proxy/Nat server, I must set eth0 eth1 eth2 to promiscuous mode in order to be able to view how much trafic does users from 192.168.0.x ; 192.168.1.x ; 192.168.2.x use. Right?


Sincerely
Robert B


--------------------
Robert Becskei
robert83@linuxhelp.net
--------------------
May the source be with us!
--------------------
AMD X2-3800 @ 2400Mhz
2048MB DDR 400Mhz
DFI Lanparty UT4 NF4 ULTRA-D
GeForce 7800GT
250GB+250GB
Pioneer DVD-RW
17inch Samsung Syncmaster 757NF
WinXP Pro (SP2)/ CentOS 4.3
--------------------
Go to the top of the page
 
+Quote Post
hughesjr
post May 5 2004, 06:55 AM
Post #6


Its GNU/Linuxhelp.net
*******

Group: Admin
Posts: 3,433
Joined: 25-July 03
From: Corpus Chrsiti, TX, USA
Member No.: 1,151



You will need to set them for promiscuous mode if you want to see how much traffic 192.168.0.6 sends to 192.168.0.7 with eth0 (since that transfer will move on the network, but not pass through eth0 (because no routing is required since the machines are on the same network, in non-promiscuous mode eth0 will not see the packet) .... but even in promiscuous mode you might not see that packet, because most switches now block info to ports that are not directly involved in the transfer.

You will see all traffic (even in non-promiscuous mode) for all packets that go to another network (192.168.0.6 to 192.168.1.6 or 192.168.0.6 to the internet) since those interfaces (eth0, eth1, eth2) are the default gateways.

If your switch has the ability to set a monitor port, you can plug one of your eth cards into that port and put it in promiscuous mode ... then you should see all traffic on the switch including transfers between subnets ... but it might slowdown that interface (by using bandwidth for monitoring that it would normally not see).


--------------------
Johnny Hughes
hughesjr@linuxhelp.net
Enterprise Alternatives: CentOS, WhiteBoxEL
Favorite Workstation Distros (in order): CentOS, Gentoo, Debian Sarge, Ubuntu, Mandrake, FedoraCore, Slackware, SUSE
Favorite Server Distros (in order): CentOS, WhiteBoxEL, Debian Sarge, Slackware, Mandrake, FedoraCore, Gentoo, SUSE
Go to the top of the page
 
+Quote Post
Robert83
post May 5 2004, 06:58 AM
Post #7


Its GNU/Linuxhelp.net
*******

Group: Support Specialist
Posts: 1,439
Joined: 3-January 04
From: Germany
Member No.: 2,069



Thanks

So I guess If I don't want to count internal upload download, which I don't want to do, it will only confuse my boss and some other people who will be authorized to view that stuff.

I will then simply dissable promiscuous mode, and then it will only count data that actualy goes trough the interface that is being watched, the question is ....ummm , if not in promiscuous mode , will I still be able to see what IP adress goes trough that gateway I'm watching?

Sincerely
Robert B


--------------------
Robert Becskei
robert83@linuxhelp.net
--------------------
May the source be with us!
--------------------
AMD X2-3800 @ 2400Mhz
2048MB DDR 400Mhz
DFI Lanparty UT4 NF4 ULTRA-D
GeForce 7800GT
250GB+250GB
Pioneer DVD-RW
17inch Samsung Syncmaster 757NF
WinXP Pro (SP2)/ CentOS 4.3
--------------------
Go to the top of the page
 
+Quote Post

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 



RSS Lo-Fi Version Time is now: 20th October 2017 - 02:58 PM