Drivers

promiscuous mode

BeafSalad
Posts: 5
Joined: Tue Jun 14, 2011 4:13 am

promiscuous mode

Postby BeafSalad » Tue Jun 14, 2011 4:23 am

I have a Realtek PCIe GBE Family Controller RTL8167. It captures packets ok but it seems the driver will not go into promiscuous mode.
Which would be the best driver for this?
Please not this is a lan card.
I have not tested the netbook yet that has a atheros chipset lan card.

DJWP
Posts: 687
Joined: Tue Oct 30, 2007 11:42 am

RE: promiscuous mode

Postby DJWP » Tue Jun 14, 2011 8:08 am

Realtek chipsets are not supported for wireless capture by OmniPeek at present. All searches indicate this is an ethernet, not wireless adapter as well.

BeafSalad
Posts: 5
Joined: Tue Jun 14, 2011 4:13 am

Re: RE: promiscuous mode

Postby BeafSalad » Tue Jun 14, 2011 10:14 am

It seems that everybody here is obsessed about wlan cards. I know the the wlan card will not work that is why i asked about promiscuous mode and not monitor mode and I did state that it was a lan card.

DJWP
Posts: 687
Joined: Tue Oct 30, 2007 11:42 am

RE: Re: RE: promiscuous mode

Postby DJWP » Tue Jun 14, 2011 11:05 am

If it is a LAN card, then as long as it is NDIS 3 compatible is should work with OmniPeek. There is no need for promiscuous or monitor mode with EN adapters because they and always send and receive traffic.

BeafSalad
Posts: 5
Joined: Tue Jun 14, 2011 4:13 am

RE: RE: Re: RE: promiscuous mode

Postby BeafSalad » Tue Jun 14, 2011 11:29 am

The reason I want promiscous mode is so I can read all packets off the network. I have done some testing and the problem is a little wierd. I have omipeek on a laptop with the realtek lan card and have setup the iptable of the d-link router to mirror packets to the ip address of the laptop. What I am seeing is only have the conversation - outgoing packets and not the response. I initially thought it was a problem with the card not being in promiscuous mode as I tried with wireshark and disabled the option for promiscuous mode and saw the same thing. I have just tested it with the netbook that has a atheros lan card and that one does not see any packets at all so that card will not go into promiscuous mode at all. The problem may be how the iptables are set up. Some more investigation is in order.

DJWP
Posts: 687
Joined: Tue Oct 30, 2007 11:42 am

RE: RE: RE: Re: RE: promiscuous mode

Postby DJWP » Tue Jun 14, 2011 11:46 am

This is probably due to the placement of the OmniPeek machine. If you are connected to a switch port, you will only see your own traffic. In order to see network traffic, you need to be on a SPAN or Mirror port set up on a managed switch, or on a hub where all traffic is broadcast to all ports. OmniPeek has been able to capture from Ethernet adapters without any type of promiscuous mode which is necessary for WLAN adapters only.

BeafSalad
Posts: 5
Joined: Tue Jun 14, 2011 4:13 am

RE: RE: RE: RE: Re: RE: promiscuous mode

Postby BeafSalad » Tue Jun 14, 2011 11:59 am

Yes you right about switches. But as stated I have set the iptable up to mirror packets.

iptables -A PREROUTING -t mangle -s 192.168.1.71 -j ROUTE --gw 192.168.1.100 --tee

iptables -A POSTROUTING -t mangle -d 192.168.1.71 -j ROUTE --gw 192.168.0.100 --tee

It is my understanding that if a lan card is not in promiscuous mode then it will not see packets that are not addressed to itsself even if you are connected to a monitor port.

DJWP
Posts: 687
Joined: Tue Oct 30, 2007 11:42 am

RE: RE: RE: RE: RE: Re: RE: promiscuous mode

Postby DJWP » Tue Jun 14, 2011 12:08 pm

I am unclear as to what you are trying to accomplish here, but there have never been any specialized drivers for Ethernet adapters for use with any Peek product. The only custom drivers are for WLAN adapters. Which version of OmniPeek are you using?

BeafSalad
Posts: 5
Joined: Tue Jun 14, 2011 4:13 am

RE: RE: RE: RE: RE: RE: Re: RE: promiscuous mode

Postby BeafSalad » Wed Jun 15, 2011 9:48 am

Problem is sorted now. It wasn't anything to do with promiscuous mode or omnipeek not that I said it was. It was a simple typo in the iptables.

iptables -A PREROUTING -t mangle -s 192.168.1.71 -j ROUTE --gw 192.168.1.100 --tee

iptables -A POSTROUTING -t mangle -d 192.168.1.71 -j ROUTE --gw 192.168.0.100 --tee

as you can see postrouting is being routed to a different ip. Took me 3 days to notice what a fool I am.


Return to “Drivers”

Who is online

Users browsing this forum: No registered users and 2 guests