On 7 Jun 2012, at 08:28, Johnny Billquist <bqt at softjar.se> wrote: Dangerous in which way? Promiscuous mode is considered a security risk because it can be used to expose other packets not intended for viewing, which is why it's restricted to root. BUT I, at least, am intending to use such a service on a dedicated single purpose box, so that's not a big issue for me. It will create a larger load on the system, but that's about it. And todays machines are fast enough that you really need a lot of traffic before it will become a serious problem from that point of view. I run both my Linux boxes with SimH running 24/7 and the interface in promiscuous mode as a result. They are behind a gigabit switch Netgear switch. The resulting extra network traffic as a result is... well non existant. My network isn't exactly busy but there are other machines on the switch that have constant traffic. The main reason in the past for changing the MAC address has been that you want to control the source MAC address. However, most systems now allows you to spoof the source MAC when outputting packets on the ethernet, so that problem is solved. This also occured to me. MAC address spoofing is pretty easy in most UNIX variants unless it is strictly disallowed. Load is the one remaining reason to even worry, and that is a rather small worry for most people. It's a risk anyone using DECnet via libpcap already accepts, anyway. -- Mark Benson http://markbenson.org/blog http://twitter.com/MDBenson