diff options
| author | stilez <stilez@users.noreply.github.com> | 2017-07-17 06:11:03 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-07-17 06:11:03 +0100 |
| commit | b0fc769afdc81f2a960d4a57c43345ef3857d38f (patch) | |
| tree | 30e637188ae6560c0e086966fd68ca5f1ab38aa3 /src/usr/local/www/diag_packet_capture.php | |
| parent | 782453b4dbb77e5bc97a43f56b95a006c5434d65 (diff) | |
| download | pfsense-b0fc769afdc81f2a960d4a57c43345ef3857d38f.zip pfsense-b0fc769afdc81f2a960d4a57c43345ef3857d38f.tar.gz | |
Improve help text for promiscuous mode
"promiscuous mode" is often quoted but not always understood. Also its possible drawbacks (other than compatibility which will be clear upon failure) may be relevant in some cases, but there's no indication of any drawbacks existing. Update help text to be more useful here. The extra detail is in a hidden clickable infobox.
Diffstat (limited to 'src/usr/local/www/diag_packet_capture.php')
| -rwxr-xr-x | src/usr/local/www/diag_packet_capture.php | 23 |
1 files changed, 17 insertions, 6 deletions
diff --git a/src/usr/local/www/diag_packet_capture.php b/src/usr/local/www/diag_packet_capture.php index ac66a55..b4b095b 100755 --- a/src/usr/local/www/diag_packet_capture.php +++ b/src/usr/local/www/diag_packet_capture.php @@ -315,12 +315,23 @@ $section->addInput(new Form_Checkbox( 'Promiscuous', 'Enable promiscuous mode', $promiscuous -))->setHelp('The packet capture will be performed using promiscuous mode.%1$s' . - 'Note: Some network adapters do not support or work well in promiscuous mode.%1$s' . - 'More: %2$sPacket capture%3$s', - '<br />', - '<a target="_blank" href="http://www.freebsd.org/cgi/man.cgi?query=tcpdump&apropos=0&sektion=0&manpath=FreeBSD+11.0-stable&arch=default&format=html">', - '</a>'); +))->setHelp('%1$sNon-promiscuous mode captures only data directly relevant to the host (sent by it, sent or broadcast to it, or routed through it). ' . + '%2$s%3$sPromiscuous mode%4$s captures all data seen by the adapter, whether or not related to the host, ' . + 'but in some cases may have undesirable side effects. Click Info for details %5$s' . + 'Promiscuous mode requires more kernel processing of packets. This puts a slightly higher demand on system resources, especially ' . + 'on busy networks or low power processors. The change in packet processing may allow a hostile host to detect that an adapter is in promiscuous mode ' . + 'or to \'fingerprint\' the kernel (see %6$s). Some network adapters may not support or work well in promiscuous mode (see %7$s).%8$s', + + '<p style="margin-bottom:2px;padding-bottom:0px">', + '</p><p style="margin-top:0px;padding-top:0px">', + '<a href="https://en.wikipedia.org/wiki/Promiscuous_mode">', + '</a>', + '<span class="infoblock" style="font-size:90%"><br />', + ' <a target="_blank" href="https://security.stackexchange.com/questions/3630/how-to-find-out-that-a-nic-is-in-promiscuous-mode-on-a-lan">[1]</a>' . + ' <a href="https://nmap.org/nsedoc/scripts/sniffer-detect.html">[2]</a>', + ' <a target="_blank" href="http://www.freebsd.org/cgi/man.cgi?query=tcpdump&apropos=0&sektion=0&manpath=FreeBSD+11.0-stable&arch=default&format=html">[3]</a>', + '</span></p>' +); $section->addInput(new Form_Select( 'fam', |
