Sniffing on SmartOS


  • Fri 04 March 2016
  • misc

Promiscuous mode "works" but isn't "supported" in SmartOS. The code is in there so as to support KVM stuff having multiple MAC addresses. The docs don't even say that it works with native zones. But it does, after a fashion.

I dedicated a server port to the mirror port on the switch in the basement like so:

{
   "nic_tag": "sniffnic",
   "ips": [ "192.168.250.1/24" ],
   "allow_unfiltered_promisc": "1",
   "vlan_id": 10
 }

Note that the mirror port mirrors a .1q tagged trunk, so I had to specify the vlan ID that I wanted to sniff. Things don't work right otherwise.

Started sniffing with tcpdump. Hmm, just getting broadcast and multicast traffic. No joy. Asked on the smartos-discuss mailing list. Turns out I had to do this in the global zone:

[root@f4-ce-46-b0-39-7a /zones/rs]# dladm set-linkprop -t -z 2dc24843-a10c-6e9d-a9d0-c69520ece6d9 -p promisc-filtered=off net1

Note the "-t". Nope, this isn't persistent. That means you have to redo it manually after every time the zone starts. Presumably this works better in KVM zones. But that's what I meant by "works after a fashion".

Somehow, I doubt that running snort or casually sniffing protocols in and out of one's home network is on the SmartOS team's critical list of required features, so I'm going to guess that this one is going to languish indefinitely until someone writes code.