LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 08-22-2014, 01:57 PM   #1
shikauser
LQ Newbie
 
Registered: Aug 2014
Posts: 5

Rep: Reputation: Disabled
Is it a common practice to not assign IP address to sniffer machine? What is the reas


I have BackTrack version of linux and it is the sniffer machine. Is it just with backtrack that the IP address is not assigned automatically by DHCP or with any linux distribution it can be configured to not assign IP address automatically. What is the motive of not assigning IP address to sniffer machine?
 
Old 08-22-2014, 02:25 PM   #2
netnix99
Member
 
Registered: Jun 2011
Distribution: redhat, CentOS, OpenBSD
Posts: 298

Rep: Reputation: 98
BackTrack and any version of Linux can be set up to receive an IP via DHCP or the IP address can be statically assigned. It is common not to assign an IP address to a machine that is a dedicated sniffer, such as an IDS/IPS or WireShark. This is referred to as promiscuous mode.

On a machine like BackTrack, which has a lot of other functionality than sniffing traffic, you would either set the interface up for DHCP or statically assign an address. It mostly depends on what you are doing at the time/what your current uses for the PC are.

HTH
 
1 members found this post helpful.
Old 08-22-2014, 02:44 PM   #3
shikauser
LQ Newbie
 
Registered: Aug 2014
Posts: 5

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by netnix99 View Post
BackTrack and any version of Linux can be set up to receive an IP via DHCP or the IP address can be statically assigned. It is common not to assign an IP address to a machine that is a dedicated sniffer, such as an IDS/IPS or WireShark. This is referred to as promiscuous mode.

On a machine like BackTrack, which has a lot of other functionality than sniffing traffic, you would either set the interface up for DHCP or statically assign an address. It mostly depends on what you are doing at the time/what your current uses for the PC are.

HTH
Is promiscuous mode and not assigning IP address interrelated? I thought in promiscuous mode the machine accepts all packets that flow through that network unlike normal mode.
Is it possible to assign IP address and still run in promiscuous mode? The backtrack machine I am using is mainly used for sniffing.
 
Old 08-22-2014, 02:57 PM   #4
netnix99
Member
 
Registered: Jun 2011
Distribution: redhat, CentOS, OpenBSD
Posts: 298

Rep: Reputation: 98
Promiscuous mode actually deals more with masking the MAC address rather than the IP address, that way the NIC can accept all packets whether they are addressed to that specific NIC or not. At the point that you aren't sending traffic at the data-link layer, you won't be able to send traffic at the network layer, either; therefore, an IP address is not needed. That's not saying you HAVE to remove it, but you can. It would be more secure to NOT have an IP address assigned to the interface that you will be sniffing with.
 
2 members found this post helpful.
Old 08-22-2014, 03:02 PM   #5
shikauser
LQ Newbie
 
Registered: Aug 2014
Posts: 5

Original Poster
Rep: Reputation: Disabled
Smile

Quote:
Originally Posted by netnix99 View Post
Promiscuous mode actually deals more with masking the MAC address rather than the IP address, that way the NIC can accept all packets whether they are addressed to that specific NIC or not. At the point that you aren't sending traffic at the data-link layer, you won't be able to send traffic at the network layer, either; therefore, an IP address is not needed. That's not saying you HAVE to remove it, but you can. It would be more secure to NOT have an IP address assigned to the interface that you will be sniffing with.
Thank you
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Linux networking to assign a address to my ethernet address karthik3152 Linux - Networking 1 05-29-2011 10:37 AM
RHCE require to break a machine for practice nudenurd Linux - Certification 6 01-06-2011 10:04 PM
Program to assign globa lIPv6 address and bind() to the previously assigned address. mwnn Linux - Networking 2 10-07-2010 03:29 AM
reas signal strength via C yasserbn Linux - Networking 2 01-06-2009 07:49 AM
Can not assign IP address jtir Solaris / OpenSolaris 1 09-28-2005 04:37 AM


All times are GMT -5. The time now is 12:33 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration