Wireshark-users: Re: [Wireshark-users] Listening on Port mirrored interface
From: "William Murphy" <[email protected]>
Date: Sun, 18 Feb 2007 17:44:38 -0000
Hi ,
   Thanks for getting back to me....tcpdump does not capture either....i
have been reading up on this and here it is. 
The laptop I use is not as secure as Sun server and the nic card can be
turned into promiscuous mode easily by software,
But on the Sun server I don't think the software can turn it into
promiscuous mode and thus the Nic card will not show the sniffer(i.e.
snoop,tcpdump,tethereal,tshark) traffic from Mac address other than its
own mac address for security reasons.

So I think now my question is:

Is there a command I can run which will put the nic card on the SUN
server(i.e. Solaris 10) into promiscuous mode?

Agree with my thinking?


-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of Luis Ontanon
Sent: 18 February 2007 20:26
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] Listening on Port mirrored interface

What about tcpdump, does it capture?
What happen if you run it as root, can you capture?
is /dev/ifname readable by the user you are trying to capture with?

On 2/18/07, William Murphy <[email protected]> wrote:
> Hi All,
>    Don't know if this is the correct board to put this too but hear
goes anyway.
> I am having problems listening for packets on my Sun Machine.
> I have a F5 BIGIP switch on which I mirrored the traffic port(i.e.9)
to another port 16 for listening and tracing. In port 16 bi run a cable
to my Sun Solaris V440 machine. On this machine I simply plumb the
interface to where the cable is, give it a dummy ip address,netmask and
broadcast address and bring it up. Issue is when I run Tshark I see no
> Any ideas on what I have done wrong or even some tricks. When I
connect my laptop instead of Sun server and run wireshark , then I can
see packets that I want. I don't even give the laptop interface card a
ip address, netmask and broadcast address and it still works.
> William

This information is top security. When you have read it, destroy
-- Marshall McLuhan
Wireshark-users mailing list
[email protected]
This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify the system manager.
This footnote also confirms that this email message has been swept for the
presence of computer viruses.