From the man page for tcpdump 4.1.1 (yes I know its old)
-i Listen on interface. If unspecified, tcpdump searches the
system interface list for the lowest numbered, configured up
interface (excluding loopback). Ties are broken by choosing > the earliest match.
On Linux systems with 2.2 or later kernels, an interface
argument of ``any'' can be used to capture packets from all
interfaces.
Note that captures on the ``any'' device will not be done in
promiscuous mode.
Can anyone shed light on what exactly is meant by the last statement. I'm working with an IDS server that has many interfaces and when I use tcpdump -i any, it clearly shows traffic not sourced/destined for the IDS server. However there is another service that already puts all the interfaces into promiscuous mode. Do they maybe just mean that if you use -i any that tcpdump won't put the interfaces into PROMISC mode?
Aucun commentaire:
Enregistrer un commentaire