Help - Search - Members - Calendar
Full Version: Promiscuous Or Not Promiscuous Mode?
Linuxhelp > Support > Technical Support
Robert83
Hi,

I just installed Bandwidthd , and it's working ok, I just wanted to ask one question,
if I want Bandwidthd to only monitor data that passes trough the proxy/nat server then I should dissable promiscuous mode right?
By the way, could someone give me a link about how this promiscuous stuff works?

Here is a small part of my bandwidthd.conf file
CODE
####################################################
# Bandwidthd.conf
#
# Commented out options are here to provide
# documentation and represent defaults

# Subnets to collect statistics on
subnet 192.168.0.0 255.255.255.0
subnet 192.168.1.0 255.255.255.0
subnet 192.168.2.0 255.255.255.0

# Device to listen on
dev "eth0"

###################################################

my guess would be if I set that promiscuous mode to false, then I need to have the following in the Device to listen on section :
dev "eth0" (192.168.0.x)
dev "eth1" (192.168.1.x)
dev "eth2" (192.168.2.x)

And it should work right? , I don't need to add dev"eth3" if I'm correct since it only connects the NAT/Proxy server to the gateway computer....

Sincerely
Robert B
Robert83
Sorry for posting this again, but please help me with this one,...


Sincerely
Robert B
hughesjr
What is promiscuous mode?

http://searchsecurity.techtarget.com/sDefi...i518283,00.html

http://www.itsecurity.com/dictionary/promiscuous.htm

http://linux.about.com/cs/linux101/g/promi...iscuous_mod.htm
----------------------------------------------------------------
Is promiscuous mode bad?

No ... but it is detectable. If you have a NIC in promiscuous mode, and if a hacker can gain access to that machine, they can see all the traffic for everything. Hackers would like to find a machine with an interface in promiscuous mode on your network, so they don't have to setup one on a mahcine that doesn't already have promiscuous mode set ... because you might detect that a card is in promiscuous mode that you didn't set and figure out they have gotten into your machine.

As a general rule, you would want to not have a promiscuous mode NIC on the outside interface of your router ... but a couple promiscuous mode interfaces on your internal network isn't that bad.
hughesjr
A hacker on a promiscuous mode machine can see unencrypted passwords for things like FTP, telnet, NIS, etc...which means they can know a username and password.

That is why I minimize use of FTP ... and never ever use NIS or telnet. I instead mostly use SSH and SFTP.
Robert83
Thank you for the info,

then If I understand this correctly in order to measure bandwidth [upload download] that goes trough the Proxy/Nat server, I must set eth0 eth1 eth2 to promiscuous mode in order to be able to view how much trafic does users from 192.168.0.x ; 192.168.1.x ; 192.168.2.x use. Right?


Sincerely
Robert B
hughesjr
You will need to set them for promiscuous mode if you want to see how much traffic 192.168.0.6 sends to 192.168.0.7 with eth0 (since that transfer will move on the network, but not pass through eth0 (because no routing is required since the machines are on the same network, in non-promiscuous mode eth0 will not see the packet) .... but even in promiscuous mode you might not see that packet, because most switches now block info to ports that are not directly involved in the transfer.

You will see all traffic (even in non-promiscuous mode) for all packets that go to another network (192.168.0.6 to 192.168.1.6 or 192.168.0.6 to the internet) since those interfaces (eth0, eth1, eth2) are the default gateways.

If your switch has the ability to set a monitor port, you can plug one of your eth cards into that port and put it in promiscuous mode ... then you should see all traffic on the switch including transfers between subnets ... but it might slowdown that interface (by using bandwidth for monitoring that it would normally not see).
Robert83
Thanks

So I guess If I don't want to count internal upload download, which I don't want to do, it will only confuse my boss and some other people who will be authorized to view that stuff.

I will then simply dissable promiscuous mode, and then it will only count data that actualy goes trough the interface that is being watched, the question is ....ummm , if not in promiscuous mode , will I still be able to see what IP adress goes trough that gateway I'm watching?

Sincerely
Robert B
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2017 Invision Power Services, Inc.