computer networking A computer network is a collection of communicating computers and other devices, such as printers and smart phones. In order to communicate, the computers and devices must be connected by wired media like copper cables, optical fibers, or b ...

, promiscuous mode is a mode for a wired

network interface controller A network interface controller (NIC, also known as a network interface card, network adapter, LAN adapter and physical network interface) is a computer hardware component that connects a computer to a computer network. Early network interface ...

(NIC) or

wireless network interface controller Wireless communication (or just wireless, when the context allows) is the transfer of information (''telecommunication'') between two or more points without the use of an electrical conductor, optical fiber or other continuous guided med ...

(WNIC) that causes the controller to pass all traffic it receives to the

central processing unit A central processing unit (CPU), also called a central processor, main processor, or just processor, is the primary Processor (computing), processor in a given computer. Its electronic circuitry executes Instruction (computing), instructions ...

(CPU) rather than passing only the frames that the controller is specifically programmed to receive. This mode is normally used for

packet sniffing A packet analyzer (also packet sniffer or network analyzer) is a computer program or computer hardware such as a packet capture appliance that can analyze and log traffic that passes over a computer network or part of a network. Packet capt ...

that takes place on a router or on a computer connected to a wired network or one being part of a

wireless LAN A wireless LAN (WLAN) is a wireless computer network that links two or more devices using wireless communication to form a local area network (LAN) within a limited area such as a home, school, computer laboratory, campus, or office building ...

. Interfaces are placed into promiscuous mode by software bridges often used with

hardware virtualization Hardware virtualization is the virtualization of computers as complete hardware platforms, certain logical abstractions of their componentry, or only the functionality required to run various operating systems. Virtualization emulates the hardw ...

. In

IEEE 802 IEEE 802 is a family of Institute of Electrical and Electronics Engineers (IEEE) standards for local area networks (LANs), personal area networks (PANs), and metropolitan area networks (MANs). The IEEE 802 LAN/MAN Standards Committee (LMSC) main ...

networks such as

Ethernet Ethernet ( ) is a family of wired computer networking technologies commonly used in local area networks (LAN), metropolitan area networks (MAN) and wide area networks (WAN). It was commercially introduced in 1980 and first standardized in 198 ...

IEEE 802.11 IEEE 802.11 is part of the IEEE 802 set of local area network (LAN) technical standards, and specifies the set of medium access control (MAC) and physical layer (PHY) protocols for implementing wireless local area network (WLAN) computer com ...

, each frame includes a destination

MAC address A MAC address (short for medium access control address or media access control address) is a unique identifier assigned to a network interface controller (NIC) for use as a network address in communications within a network segment. This use i ...

. In non-promiscuous mode, when a NIC receives a frame, it drops it unless the frame is addressed to that NIC's MAC address or is a

broadcast Broadcasting is the data distribution, distribution of sound, audio audiovisual content to dispersed audiences via a electronic medium (communication), mass communications medium, typically one using the electromagnetic spectrum (radio waves), ...

multicast address A multicast address is a logical identifier for a group of hosts in a computer network that are available to process datagrams or frames intended to be multicast for a designated network service. Multicast addressing can be used in the link la ...

ed frame. In promiscuous mode, however, the NIC allows all frames through, thus allowing the computer to read frames intended for other machines or network devices. Many

operating system An operating system (OS) is system software that manages computer hardware and software resources, and provides common daemon (computing), services for computer programs. Time-sharing operating systems scheduler (computing), schedule tasks for ...

s require

superuser In computing, the superuser is a special user account used for system administration. Depending on the operating system (OS), the actual name of this account might be root, administrator, admin or supervisor. In some cases, the actual name of the ...

privileges to enable promiscuous mode. A non-routing

node In general, a node is a localized swelling (a "knot") or a point of intersection (a vertex). Node may refer to: In mathematics * Vertex (graph theory), a vertex in a mathematical graph *Vertex (geometry), a point where two or more curves, lines ...

in promiscuous mode can generally only monitor traffic to and from other nodes within the same

collision domain A collision domain is a network segment (connected by a shared medium or through repeaters) where simultaneous data transmissions collide with one another as a result of more than one device attempting to send a packet on the network segment at t ...

(for Ethernet and IEEE 802.11) or ring (for

Token Ring Token Ring is a Physical layer, physical and data link layer computer networking technology used to build local area networks. It was introduced by IBM in 1984, and standardized in 1989 as IEEE Standards Association, IEEE 802.5. It uses a sp ...

). Computers attached to the same

Ethernet hub An Ethernet hub, active hub, network hub, repeater hub, multiport repeater, or simply hub is a network hardware device for connecting multiple Ethernet devices together and making them act as a single network segment. It has multiple input/out ...

satisfy this requirement, which is why

network switch A network switch (also called switching hub, bridging hub, Ethernet switch, and, by the IEEE, MAC bridge) is networking hardware that connects devices on a computer network by using packet switching to receive and forward data to the destinat ...

es are used to combat malicious use of promiscuous mode. A router may monitor all traffic that it routes. Promiscuous mode is often used to diagnose network connectivity issues. There are programs that make use of this feature to show the user all the data being transferred over the network. Some protocols like

FTP The File Transfer Protocol (FTP) is a standard communication protocol used for the transfer of computer files from a server to a client on a computer network. FTP is built on a client–server model architecture using separate control and dat ...

and

Telnet Telnet (sometimes stylized TELNET) is a client-server application protocol that provides access to virtual terminals of remote systems on local area networks or the Internet. It is a protocol for bidirectional 8-bit communications. Its main ...

transfer data and passwords in clear text, without encryption, and network scanners can see this data. Therefore, computer users are encouraged to stay away from insecure protocols like telnet and use more secure ones such as

SSH The Secure Shell Protocol (SSH Protocol) is a cryptographic network protocol for operating network services securely over an unsecured network. Its most notable applications are remote login and command-line execution. SSH was designed for Un ...

Detection

As promiscuous mode can be used in a malicious way to capture private

data in transit Data in transit, also referred to as data in motion and data in flight, is data en route between source and destination, typically on a computer network. Data in transit can be separated into two categories: information that flows over the publ ...

on a network,

computer security Computer security (also cybersecurity, digital security, or information technology (IT) security) is a subdiscipline within the field of information security. It consists of the protection of computer software, systems and computer network, n ...

professionals might be interested in detecting network devices that are in promiscuous mode. In promiscuous mode, some software might send responses to frames even though they were addressed to another machine. However, experienced sniffers can prevent this (e.g., using carefully designed firewall settings). An example is sending a ping (

ICMP echo request ping is a computer network administration software utility used to test the reachability of a host on an Internet Protocol (IP) network. It is available in a wide range of operating systems including most embedded network administration sof ...

) with the wrong MAC address but the right IP address. If an adapter is operating in normal mode, it will drop this frame, and the IP stack never sees or responds to it. If the adapter is in promiscuous mode, the frame will be passed on, and the IP stack on the machine (to which a MAC address has no meaning) will respond as it would to any other ping. The sniffer can prevent this by configuring a firewall to block ICMP traffic.

Some applications that use promiscuous mode

The following applications and applications classes use promiscuous mode. ;Packet Analyzer *

NetScout NetScout Systems, Inc. (stylized as NETSCOUT) is a provider of application performance management and network performance management products located in Westford, Massachusetts. In July 2015, NetScout acquired the communications business of Dana ...

Sniffer *

Wireshark Wireshark is a Free and open-source software, free and open-source packet analyzer. It is used for computer network, network troubleshooting, analysis, software and communications protocol development, and education. Originally named Ethereal, ...

(formerly ''Ethereal'') *

tcpdump tcpdump is a data-network packet analyzer computer program that runs under a command line interface. It allows the user to display TCP/IP and other packets being transmitted or received over a network to which the computer is attached. Distr ...

OmniPeek Omnipeek is a packet analyzer software tool from Savvius, a LiveAction company, for network troubleshooting and protocol analysis. It supports an application programming interface (API) for plugins. History Savvius (formerly WildPackets) was ...

Capsa Gafsa (; ; ') is the capital of Gafsa Governorate in Tunisia. With a population of 120,739, Gafsa is the ninth-largest Tunisian city and is 335 km from the country's capital, Tunis. Overview Gafsa is the capital of Gafsa Governorate, in ...

ntop ntop is computer software that probes a computer network to show network use in a way similar to what the program top does for processes. Not to be confused with the CAD/ CAE software nTop (formerly nTopology). Software In interactive mode, i ...

Firesheep Firesheep was an extension for the Firefox web browser to hijack sessions. It used a packet sniffer to intercept unencrypted session cookies from websites such as Facebook and Twitter. The plugin eavesdropped on Wi-Fi communications, listening ...

;Virtual machine * VMware's VMnet bridging *

VirtualBox Oracle VirtualBox (formerly Sun VirtualBox, Sun xVM VirtualBox and InnoTek VirtualBox) is a hosted hypervisor for x86 virtualization developed by Oracle Corporation. VirtualBox was originally created by InnoTek Systemberatung GmbH, which was ac ...

bridging mode ;Containers * Docker with optional Macvlan driver on Linux ;

Cryptanalysis Cryptanalysis (from the Greek ''kryptós'', "hidden", and ''analýein'', "to analyze") refers to the process of analyzing information systems in order to understand hidden aspects of the systems. Cryptanalysis is used to breach cryptographic se ...

Aircrack-ng Aircrack-ng is a network software suite consisting of a detector, packet sniffer, WEP and WPA/ WPA2-PSK cracker and analysis tool for 802.11 wireless LANs. It works with any wireless network interface controller whose driver supports raw mon ...

* AirSnort *

Cain and Abel In the biblical Book of Genesis, Cain and Abel are the first two sons of Adam and Eve. Cain, the firstborn, was a farmer, and his brother Abel was a shepherd. The brothers made sacrifices, each from his own fields, to God. God had regard for Ab ...

;Network monitoring *

KisMAC KisMAC is a wireless network discovery tool for Mac OS X. It has a wide range of features, similar to those of Kismet (its Linux/BSD namesake). The program is geared toward network security professionals, and is not as novice-friendly as simil ...

(used for

WLAN A wireless LAN (WLAN) is a wireless computer network that links two or more devices using wireless communication to form a local area network (LAN) within a limited area such as a home, school, computer laboratory, campus, or office buildin ...

) * Kismet * IPTraf * Snort *

CommView CommView is an application for network monitoring, packet analysis, and decoding. There are two editions of CommView: the standard edition for Ethernet networks and the wireless edition for 802.11 networks named CommView for WiFi. The applicati ...

;Gaming *

XLink Kai XLink Kai is a program developed by Team XLink allowing for online play of video games with support for LAN multiplayer modes. It enables players on the GameCube, Nintendo Switch, PlayStation 2, PlayStation 3, PlayStation 4, PlayStation Portabl ...

References

{{DEFAULTSORT:Promiscuous Mode Network analyzers

Detection

Some applications that use promiscuous mode

See also

References