LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Is it a common practice to not assign IP address to sniffer machine? What is the reas (https://www.linuxquestions.org/questions/linux-newbie-8/is-it-a-common-practice-to-not-assign-ip-address-to-sniffer-machine-what-is-the-reas-4175515964/)

shikauser 08-22-2014 12:57 PM
Is it a common practice to not assign IP address to sniffer machine? What is the reas
 
I have BackTrack version of linux and it is the sniffer machine. Is it just with backtrack that the IP address is not assigned automatically by DHCP or with any linux distribution it can be configured to not assign IP address automatically. What is the motive of not assigning IP address to sniffer machine?

netnix99 08-22-2014 01:25 PM
BackTrack and any version of Linux can be set up to receive an IP via DHCP or the IP address can be statically assigned. It is common not to assign an IP address to a machine that is a dedicated sniffer, such as an IDS/IPS or WireShark. This is referred to as promiscuous mode.

On a machine like BackTrack, which has a lot of other functionality than sniffing traffic, you would either set the interface up for DHCP or statically assign an address. It mostly depends on what you are doing at the time/what your current uses for the PC are.

HTH

shikauser 08-22-2014 01:44 PM
Quote:
Originally Posted by netnix99 (Post 5225527)
BackTrack and any version of Linux can be set up to receive an IP via DHCP or the IP address can be statically assigned. It is common not to assign an IP address to a machine that is a dedicated sniffer, such as an IDS/IPS or WireShark. This is referred to as promiscuous mode.

On a machine like BackTrack, which has a lot of other functionality than sniffing traffic, you would either set the interface up for DHCP or statically assign an address. It mostly depends on what you are doing at the time/what your current uses for the PC are.

HTH
Is promiscuous mode and not assigning IP address interrelated? I thought in promiscuous mode the machine accepts all packets that flow through that network unlike normal mode.
Is it possible to assign IP address and still run in promiscuous mode? The backtrack machine I am using is mainly used for sniffing.

netnix99 08-22-2014 01:57 PM
Promiscuous mode actually deals more with masking the MAC address rather than the IP address, that way the NIC can accept all packets whether they are addressed to that specific NIC or not. At the point that you aren't sending traffic at the data-link layer, you won't be able to send traffic at the network layer, either; therefore, an IP address is not needed. That's not saying you HAVE to remove it, but you can. It would be more secure to NOT have an IP address assigned to the interface that you will be sniffing with.

shikauser 08-22-2014 02:02 PM
Quote:
Originally Posted by netnix99 (Post 5225542)
Promiscuous mode actually deals more with masking the MAC address rather than the IP address, that way the NIC can accept all packets whether they are addressed to that specific NIC or not. At the point that you aren't sending traffic at the data-link layer, you won't be able to send traffic at the network layer, either; therefore, an IP address is not needed. That's not saying you HAVE to remove it, but you can. It would be more secure to NOT have an IP address assigned to the interface that you will be sniffing with.
Thank you


All times are GMT -5. The time now is 12:21 AM.