>>>>> "Andrew" == Andrew Brown <atatat@atatdot.net> writes:
    >> This goes back to something that mouse wanted awhile ago: a way to
    >> turn IPv4 off on a given interface so he could just use tcpdump. I
    >> suspect that we should have a per-interface vector of per-protocol
    >> flags that allows us to turn any protocol off.

    Andrew> for situations like that, i used to just ifconfig my lan-line to
    Andrew> 0.0.0.0 and then plug it in.  seemed to work fine for me.  it
    Andrew> didn't expresly inhibit traffic in and out (ipfw could do that i
    Andrew> guess, but there's no ipfw for ipv6 yet, right?) but i could
    Andrew> certainly tcpdump.

  This may be worse because an IP address of 0.0.0.0 will accept any
datagram that arrives at the machine, so if you have promiscuous mode on,
you may have problems.
  In particular, you may respond to a broadcast ping, which if you are
strictly in eavesdropping mode (something a netadmin wants to do if they
want an audit) then an attacker may notice you.

   :!mcr!:            |  Cow#1: Are you worried about getting Mad Cow Disease?
   Michael Richardson |  Cow#2: No. I'm a duck.
 Home: mcr@sandelman.ottawa.on.ca. PGP key available.