Iptables in promiscuous mode
 

Hi all,
When I put my network interface into promiscuous mode by:
#ifconfig eth0 promisc
I expect that all packets in my hub-based Lan appear in some of iptables' chains(as in tcpdump appear),but only those packets which have my own MAC address or brodcast address are appeared in iptables chains(I used -j LOG to trace this).
No one could tell me how I can fix this? where other packets are droped(assuming I am in promiscuous mode)?before giving packet to iptables or later? in which kernel function I could fix it?

Thank you in advance,
Barzan

I'm not sure this is broken. Those packets will never be handed off to any programs that don't use raw sockets, so it's not like normal services will be handling them. What is your goal here?

It was meant to be this way.

The kernel gets packets which may destined to your host or to another hosts. If your machine is not routing (there are no routing tables for other networks/hosts) or IP forwarding is turned off, then netfilter won't see those packets. If it did otherwise, then suddendly netfilter would have to process each one :s

Raw sockets don't listen to any port, they just tell the kernel that they would like to see all traffic, nothing more. Note that raw sockets will see packets dropped by netfilter too.

If you'd want to "fix" it, setup your machine as a router on your LAN.
Anyway, those packets would never reach any service on your machine and, if you're not routing, they won't reach other hosts either. The only security breach is the fact that these sniffers run as root, and there have been many overflows on the protocols handlers which they use. I never use ethereal for this fact, and tcpdump too has its dangers


Anyway, if you wanna try something with these packets, you could setup some bpf rules as used by libpcap that could filter some traffic. What you're trying to do anyway? :)

I am also interested in this.
I found patch for netfilter, that adds PROMISC chain into iptables, but it is only for 2.4 kernels :(

Zet