Ask Your Question

Listen only NIC configuration on Linux

asked 2020-01-21 07:16:07 +0000

WoodyW gravatar image

I have several NICs I'm using for wireshark captures and I want them to listen only - no outbound traffic ever. I'm thinking the easiest way to do this is to not specify a gateway for the NIC, which may or may not have an IP address associated with the current LAN. Am I on the right track?

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2020-01-21 07:42:45 +0000

Jaap gravatar image

Partly. Bring up the interface without any IP(4/6) address assigned, nor start a DHCP or other network configuration client of course, to have an idle interface which is not likely to send out any frames.

edit flag offensive delete link more


Very interesting - I never even thought of that, I think my head just exploded. So basically put a NIC on the net with no IP address and open it in promiscuous mode and sniff away. Interesting, I hadn't considered they would still listen if not configured.

Suppose I had a NIC that needed to be on a certain IP address - say for output from the local cable router DMZ. What then, back to the no gateway scheme?

WoodyW gravatar imageWoodyW ( 2020-01-21 07:51:45 +0000 )edit

Actually no - again! Open in promiscuous mode and filter the the IP address I'm interested in from the router DMZ. Thanks for some good ideas.

WoodyW gravatar imageWoodyW ( 2020-01-21 07:57:40 +0000 )edit

OK, fantastic - but how does this impact the construction of the local ARP table - if there's no entry in the ARP table for the "quiet" NIC does the switch just flood the clients hoping someone is listening (which we would be) or reject the packet outright?

WoodyW gravatar imageWoodyW ( 2020-01-21 08:06:45 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools


Asked: 2020-01-21 07:16:07 +0000

Seen: 214 times

Last updated: Jan 21 '20