Promiscuous ports under Linux
Peter Pearson
pkpearson at nowhere.invalid
Wed May 3 19:57:49 EDT 2017
Cobbling together a minimalist ethernet-sniffing program, I was hoping
to use this simple mechanism for setting the socket to "promiscuous
mode" (to see all traffic going past, instead of just traffic addressed
to my machine):
s.ioctl(socket.SIO_RCVALL, socket.RCVALL_ON)
Unfortunately, it seems that that mechanism is available under Windows
but not under Linux. Googling around for Linux equivalents, I found
only very contorted solutions, and concluded that maybe this lacuna
persists because Linux users find it convenient to invoke promiscuous
mode from the command line, instead:
$ sudo ip link set eth0 promisc on
$ netstat -i # (Verify that the P flag is set.)
This somehow fails: my sniffer continues to see only broadcasts,
but if I run dumpcap at the same time, dumpcap captures lots of traffic.
So my question is now two questions:
. Is it true that going permiscuous under Linux must be somewhat ugly?
(It's OK if it is, I'll just copy the ugly code and get moving again.)
. Why doesn't the command-line "promisc on" work? (Granted, this is
maybe a Linux question.)
Thanks.
--
To email me, substitute nowhere->runbox, invalid->com.
More information about the Python-list
mailing list