Re: NIC Having Multiple IP Addresses?


Chris Davies wrote:
Anonymous <call_ret@xxxxxxxxx> wrote:
When I do the following
# ifconfig eth0 down
the lights on the ethernet switch port to which the computer is
connected still keep blinking. Which means there is still traffic
flowing to and from the computer!

Actually that's quite correct and normal. Ifconfig does not interrupt
the physical network layer, so the switch knows there's something still
plugged in. So it continues to route broadcast traffic (ARP requests,
for example). For a short time after you've done the ifdown the switch
will also continue to route traffic for that interface as it will have
learned that the interface was accepting (and generating) traffic.

You can check the physical link status with a tool such as "mii-tool".
Here are three example outputs:

# mii-tool eth0
SIOCGMIIPHY on 'eth0' failed: Invalid argument

There's a physical link but the interface is not configured. This
should correspond to the situation you've described

# mii-tool eth1
eth1: negotiated 100baseTx-FD, link ok

There's a physical link and it's got IP configuration

# mii-tool eth2
eth2: no link

There's no cable plugged in


Is there such a possibility that the interface card is assigned two
IP addresses

Yes that's quite possible

the malicious one being not shown up in the ifconfig
output and the interface still keeps running despite I turned it off?

But this bit is very unlikely.


If so, then how do I find and confirm this happening?

Try "ifconfig" to see all the active interfaces. If it's not showing up
in the ifconfig output then you may have been rooted, and it probably
won't show anywhere else.

Chris

Interesting result in my situation:

#ifconfig eth0 down
#ifconfig
gives details of lo (loopback) interface. NO other interface or IP
shows up.

#mii-tool eth0
eth0: negotiated 100baseTx-FD, link ok

Which means that it still has an IP assigned.

What would that mean? Any advice on how should I proceed further?
How should I find the dubious IP assigned to the machine? I would then
probably use
a sniffer to watch the traffice flow from that IP?

Any help will be greatly appreciated. Many thanks in advance!

A.

.

Relevant Pages

  • Re: NIC Having Multiple IP Addresses?
    ... #ifconfig eth0 down ... gives details of lo interface. ... shows eth0 and lo ... a sniffer to watch the traffice flow from that IP? ...
    (comp.os.linux.networking)
  • Re: NIC Having Multiple IP Addresses?
    ... Ifconfig does not interrupt ... so the switch knows there's something still ... learned that the interface was accepting traffic. ... You can check the physical link status with a tool such as "mii-tool". ...
    (comp.os.linux.networking)
  • problems with networking on boot
    ... I am having problems getting networking to start up on boot. ... but it seems like there is an interface problem ... between ifup/down and ifconfig. ... pump -i eth0 ...
    (Debian-User)
  • Difficult networking problem
    ... mbit ethernet nics (eth0 and eth1). ... I can ping each interface but only one ... ifconfig eth0 down && ifconfig eth1 up ...
    (comp.os.linux.setup)
  • Re: Cant find eth0 - Why???
    ... > ifconfig -a ... So, if I try to activate eth0, I just get the ... > interface 'eth0' not found ... > ethernet card doens't seem to have any problem either. ...
    (Fedora)