ifchk: network interface promiscuous mode detection tool

ifchk (Interface Check)

ifchk (Interface Check) is a network interface promiscuous mode detection tool written with both security and system administration applications in mind. The program will:

  1. ifchk will report on the state (normal, *down*PROMISC, PROMISC [*]) of each interface attached to the system.
    (a) The state normal refers to an interface that is up. It is reading from and writing data to the network and is not in promiscuous mode.
    (b) The state
    *down* refers to an interface that is down. The system will not attempt to transmit data over an interface in this state.
    (c) The state
    PROMISC refers to an interface that is up. It is reading from and writing data to the network and IS in promiscuous mode.
    (d) The state
    PROMISC [*] refers to an interface that has been shut down because ifchk was told, by the user invoking the program, to shut down any interfaces found in promiscuous mode. The interface then enters into the *down* state described above.
  2. ifchk will shut down all interfaces running in promiscuous mode if told to do so.
  3. ifchk will report per-interface traffic metrics to help identify spikes in network traffic flow that may warrant further investigation. This is similar to output generated by the netstat command. netstat, like ifconfig, is standard on UNIX and Linux systems and displays network status information such as the contents of the inkernel routing table, integer counters describing both ingress and egress packet counts and per-protocol (TCP, UDP, ICMP, etc) statistics.
  4. ifchk logs everything that it finds via syslogd (the Unix/Linux system event logging daemon).

Download

Copyright (C) 2002 – 2018 Joshua Birnbaum <engineer@noorg.org>.