Bug 6464 - tcpdump defaults to non promiscuous mode
tcpdump defaults to non promiscuous mode
Status: CLOSED RAWHIDE
Product: Red Hat Linux
Classification: Retired
Component: tcpdump (Show other bugs)
6.1
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Harald Hoyer
: Security
: 9945 (view as bug list)
Depends On: 10739
Blocks:
  Show dependency treegraph
 
Reported: 1999-10-28 10:43 EDT by Oleg Makarenko
Modified: 2008-05-01 11:37 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2000-07-11 14:37:06 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Oleg Makarenko 1999-10-28 10:43:47 EDT
Description:
tcpdump starts in non promiscuous mode by default and
changes to promiscuous mode with -p option while
documentation (man) still states that -p should be used to
start it in NON promiscuous mode.

It breaks a lot of my scripts :(

Conclusion:
Probably a typo in a code or documentation bug at least.
Comment 1 Alan Cox 2000-01-20 10:32:59 EST
There is an error in Alexey Kuznetsov's tcpdump enhancements for Linux that
causes this. Seems he decided that it would be fun to swap the default over.

This silently breaks some security tools. In addition the same patch contains
an ANK hack that breaks setuid use of tcpdump except for a hardcoded uid 2090.

(search for 2090 in the ANK patch in the source rpm, the promisc bug
introduction is right by it). Looks like that chunk of ANK stuff wants dropping
back to the old (NO_ANK_FIX) edition.

Alan
Comment 2 Jeff Johnson 2000-01-20 13:18:59 EST
The 2090 setuid problem is fixed in tcpdump-3.4-17 from Raw Hide.
Comment 3 Elliot Lee 2000-02-03 11:50:59 EST
Marked as fixed, so closing the bug.
Comment 4 Jeff Johnson 2000-02-09 15:36:59 EST
Only the 2090 problem has been fixed, the documentation needs to be updated
(the behavior is not going to change. A shell wrapper to diddle the -p flag
and supply -i eth0 is trivial, and will preserve the Good Ol' tcpdump behavior).
Comment 5 Jeff Johnson 2000-03-04 12:33:59 EST
*** Bug 9945 has been marked as a duplicate of this bug. ***
Comment 6 Jeff Johnson 2000-07-11 14:42:44 EDT
Fixed (by updating man page) in tcpdump-3.4-22.

Note You need to log in before you can comment on or make changes to this bug.