Bug 6464 - tcpdump defaults to non promiscuous mode
Summary: tcpdump defaults to non promiscuous mode
Status: CLOSED RAWHIDE
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: tcpdump   
(Show other bugs)
Version: 6.1
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Harald Hoyer
QA Contact:
URL:
Whiteboard:
Keywords: Security
: 9945 (view as bug list)
Depends On: 10739
Blocks:
TreeView+ depends on / blocked
 
Reported: 1999-10-28 14:43 UTC by Oleg Makarenko
Modified: 2008-05-01 15:37 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2000-07-11 18:37:06 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Oleg Makarenko 1999-10-28 14:43:47 UTC 
Description:
tcpdump starts in non promiscuous mode by default and
changes to promiscuous mode with -p option while
documentation (man) still states that -p should be used to
start it in NON promiscuous mode.

It breaks a lot of my scripts :(

Conclusion:
Probably a typo in a code or documentation bug at least.
Comment 1 Alan Cox 2000-01-20 15:32:59 UTC 
There is an error in Alexey Kuznetsov's tcpdump enhancements for Linux that
causes this. Seems he decided that it would be fun to swap the default over.

This silently breaks some security tools. In addition the same patch contains
an ANK hack that breaks setuid use of tcpdump except for a hardcoded uid 2090.

(search for 2090 in the ANK patch in the source rpm, the promisc bug
introduction is right by it). Looks like that chunk of ANK stuff wants dropping
back to the old (NO_ANK_FIX) edition.

Alan
Comment 2 Jeff Johnson 2000-01-20 18:18:59 UTC 
The 2090 setuid problem is fixed in tcpdump-3.4-17 from Raw Hide.
Comment 3 Elliot Lee 2000-02-03 16:50:59 UTC 
Marked as fixed, so closing the bug.
Comment 4 Jeff Johnson 2000-02-09 20:36:59 UTC 
Only the 2090 problem has been fixed, the documentation needs to be updated
(the behavior is not going to change. A shell wrapper to diddle the -p flag
and supply -i eth0 is trivial, and will preserve the Good Ol' tcpdump behavior).
Comment 5 Jeff Johnson 2000-03-04 17:33:59 UTC 
*** Bug 9945 has been marked as a duplicate of this bug. ***
Comment 6 Jeff Johnson 2000-07-11 18:42:44 UTC 
Fixed (by updating man page) in tcpdump-3.4-22.
Note You need to log in before you can comment on or make changes to this bug.