Promiscuous ports under Linux
alister
alister.ware at ntlworld.com
Thu May 4 06:26:45 EDT 2017
On Wed, 03 May 2017 23:57:49 +0000, Peter Pearson wrote:
> Cobbling together a minimalist ethernet-sniffing program, I was hoping
> to use this simple mechanism for setting the socket to "promiscuous
> mode" (to see all traffic going past, instead of just traffic addressed
> to my machine):
>
> s.ioctl(socket.SIO_RCVALL, socket.RCVALL_ON)
>
> Unfortunately, it seems that that mechanism is available under Windows
> but not under Linux. Googling around for Linux equivalents, I found
> only very contorted solutions, and concluded that maybe this lacuna
> persists because Linux users find it convenient to invoke promiscuous
> mode from the command line, instead:
>
> $ sudo ip link set eth0 promisc on $ netstat -i # (Verify
> that the P flag is set.)
>
> This somehow fails: my sniffer continues to see only broadcasts,
> but if I run dumpcap at the same time, dumpcap captures lots of traffic.
>
> So my question is now two questions:
>
> . Is it true that going permiscuous under Linux must be somewhat ugly?
> (It's OK if it is, I'll just copy the ugly code and get moving
> again.)
>
> . Why doesn't the command-line "promisc on" work? (Granted, this is
> maybe a Linux question.)
>
> Thanks.
any particular reason why you wish to re-invent this particular wheel
when wireshark is freely available (& the de-facto tool of choice for
most network engineers)
--
Come quickly, I am tasting stars!
-- Dom Perignon, upon discovering champagne.
More information about the Python-list
mailing list