computer networking A computer network is a set of computers sharing resources located on or provided by network nodes. The computers use common communication protocols over digital interconnections to communicate with each other. These interconnections are ma ...

, promiscuous mode is a mode for a wired

network interface controller A network interface controller (NIC, also known as a network interface card, network adapter, LAN adapter or physical network interface, and by similar terms) is a computer hardware component that connects a computer to a computer network. Ear ...

(NIC) or

wireless network interface controller A wireless network interface controller (WNIC) is a network interface controller which connects to a wireless network, such as Wi-Fi or Bluetooth, rather than a wired network, such as a Token Ring or Ethernet. A WNIC, just like other NICs, wor ...

(WNIC) that causes the controller to pass all traffic it receives to the

central processing unit A central processing unit (CPU), also called a central processor, main processor or just processor, is the electronic circuitry that executes instructions comprising a computer program. The CPU performs basic arithmetic, logic, controlling, an ...

(CPU) rather than passing only the frames that the controller is specifically programmed to receive. This mode is normally used for

packet sniffing A packet analyzer, also known as packet sniffer, protocol analyzer, or network analyzer, is a computer program or computer hardware such as a packet capture appliance, that can intercept and log traffic that passes over a computer network or p ...

that takes place on a router or on a computer connected to a wired network or one being part of a

wireless LAN A wireless LAN (WLAN) is a wireless computer network A wireless network is a computer network that uses wireless data connections between network nodes. Wireless networking is a method by which homes, telecommunications networks and bus ...

. Interfaces are placed into promiscuous mode by software bridges often used with

hardware virtualization Hardware virtualization is the virtualization of computers as complete hardware platforms, certain logical abstractions of their componentry, or only the functionality required to run various operating systems. Virtualization hides the physica ...

. In

IEEE 802 IEEE 802 is a family of Institute of Electrical and Electronics Engineers (IEEE) standards for local area networks (LAN), personal area network (PAN), and metropolitan area networks (MAN). The IEEE 802 LAN/MAN Standards Committee (LMSC) maintains ...

networks such as

Ethernet Ethernet () is a family of wired computer networking technologies commonly used in local area networks (LAN), metropolitan area networks (MAN) and wide area networks (WAN). It was commercially introduced in 1980 and first standardized in 198 ...

IEEE 802.11 IEEE 802.11 is part of the IEEE 802 set of local area network (LAN) technical standards, and specifies the set of media access control (MAC) and physical layer (PHY) protocols for implementing wireless local area network (WLAN) computer commun ...

, each frame includes a destination

MAC address A media access control address (MAC address) is a unique identifier assigned to a network interface controller (NIC) for use as a network address in communications within a network segment. This use is common in most IEEE 802 networking techno ...

. In non-promiscuous mode, when a NIC receives a frame, it drops it unless the frame is addressed to that NIC's MAC address or is a

broadcast Broadcasting is the distribution of audio or video content to a dispersed audience via any electronic mass communications medium, but typically one using the electromagnetic spectrum ( radio waves), in a one-to-many model. Broadcasting began ...

multicast address A multicast address is a logical identifier for a group of hosts in a computer network that are available to process datagrams or frames intended to be multicast for a designated network service. Multicast addressing can be used in the link laye ...

ed frame. In promiscuous mode, however, the NIC allows all frames through, thus allowing the computer to read frames intended for other machines or network devices. Many

operating system An operating system (OS) is system software that manages computer hardware, software resources, and provides common services for computer programs. Time-sharing operating systems schedule tasks for efficient use of the system and may also in ...

s require

superuser In computing, the superuser is a special user account used for system administration. Depending on the operating system (OS), the actual name of this account might be root, administrator, admin or supervisor. In some cases, the actual name of t ...

privileges to enable promiscuous mode. A non-routing

node In general, a node is a localized swelling (a "knot") or a point of intersection (a vertex). Node may refer to: In mathematics * Vertex (graph theory), a vertex in a mathematical graph *Vertex (geometry), a point where two or more curves, lines ...

in promiscuous mode can generally only monitor traffic to and from other nodes within the same

broadcast domain A broadcast domain is a logical division of a computer network, in which all nodes can reach each other by broadcast at the data link layer. A broadcast domain can be within the same LAN segment or it can be bridged to other LAN segments. In ...

(for Ethernet and IEEE 802.11) or ring (for

Token Ring Token Ring network IBM hermaphroditic connector with locking clip. Screen contacts are prominently visible, gold-plated signal contacts less so. Token Ring is a computer networking technology used to build local area networks. It was introduc ...

). Computers attached to the same

Ethernet hub An Ethernet hub, active hub, network hub, repeater hub, multiport repeater, or simply hub is a network hardware device for connecting multiple Ethernet devices together and making them act as a single network segment. It has multiple input/out ...

satisfy this requirement, which is why

network switch A network switch (also called switching hub, bridging hub, and, by the IEEE, MAC bridge) is networking hardware that connects devices on a computer network by using packet switching to receive and forward data to the destination device. A netw ...

es are used to combat malicious use of promiscuous mode. A router may monitor all traffic that it routes. Promiscuous mode is often used to diagnose network connectivity issues. There are programs that make use of this feature to show the user all the data being transferred over the network. Some protocols like

FTP The File Transfer Protocol (FTP) is a standard communication protocol used for the transfer of computer files from a server to a client on a computer network. FTP is built on a client–server model architecture using separate control and data ...

and

Telnet Telnet is an application protocol used on the Internet or local area network to provide a bidirectional interactive text-oriented communication facility using a virtual terminal connection. User data is interspersed in-band with Telnet control i ...

transfer data and passwords in clear text, without encryption, and network scanners can see this data. Therefore, computer users are encouraged to stay away from insecure protocols like telnet and use more secure ones such as

SSH The Secure Shell Protocol (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network. Its most notable applications are remote login and command-line execution. SSH applications are based on ...

Detection

As promiscuous mode can be used in a malicious way to capture private

data in transit Data in transit, also referred to as data in motion and data in flight, is data en route between source and destination, typically on a computer network. Data in transit can be separated into two categories: information that flows over the publi ...

on a network,

computer security Computer security, cybersecurity (cyber security), or information technology security (IT security) is the protection of computer systems and networks from attack by malicious actors that may result in unauthorized information disclosure, the ...

professionals might be interested in detecting network devices that are in promiscuous mode. In promiscuous mode, some software might send responses to frames even though they were addressed to another machine. However, experienced sniffers can prevent this (e.g., using carefully designed firewall settings). An example is sending a ping (ICMP echo request) with the wrong MAC address but the right IP address. If an adapter is operating in normal mode, it will drop this frame, and the IP stack never sees or responds to it. If the adapter is in promiscuous mode, the frame will be passed on, and the IP stack on the machine (to which a MAC address has no meaning) will respond as it would to any other ping. The sniffer can prevent this by configuring a firewall to block ICMP traffic.

Some applications that use promiscuous mode

The following applications and applications classes use promiscuous mode. ;Packet Analyzer *

NetScout NetScout Systems, Inc. (stylized as NETSCOUT) is a provider of application performance management and network performance management products located in Westford, Massachusetts. In July 2015, NetScout acquired the communications business of Dan ...

Sniffer *

Wireshark Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education. Originally named Ethereal, the project was renamed Wireshark in May 2006 d ...

(formerly ''Ethereal'') *

tcpdump tcpdump is a data-network packet analyzer computer program that runs under a command line interface. It allows the user to display TCP/IP and other packets being transmitted or received over a network to which the computer is attached. Distribut ...

OmniPeek Omnipeek is a packet analyzer software tool from Savvius, a LiveAction company, for network troubleshooting and protocol analysis. It supports an application programming interface (API) for plugins. History Savvius (formerly WildPackets) was ...

Capsa Gafsa ( aeb, ڨفصة '; ar, قفصة qafṣah), originally called Capsa in Latin, is the capital of Gafsa Governorate of Tunisia. It lends its Latin name to the Mesolithic Capsian culture. With a population of 111,170, Gafsa is the ninth-la ...

ntop ntop is computer software that probes a computer network to show network use in a way similar to what the program top does for processes. Software In interactive mode, it displays the network status on the user's terminal. In Web mode, it act ...

Firesheep Firesheep was an extension for the Firefox web browser that used a packet sniffer to intercept unencrypted session cookies from websites such as Facebook and Twitter. The plugin eavesdropped on Wi-Fi communications, listening for session cookies. ...

;Virtual machine *

VMware VMware, Inc. is an American cloud computing and virtualization technology company with headquarters in Palo Alto, California. VMware was the first commercially successful company to virtualize the x86 architecture. VMware's desktop software ru ...

's VMnet bridging *

VirtualBox Oracle VM VirtualBox (formerly Sun VirtualBox, Sun xVM VirtualBox and Innotek VirtualBox) is a type-2 hypervisor for x86 virtualization developed by Oracle Corporation. VirtualBox was originally created by Innotek GmbH, which was acquired by S ...

bridging mode ;Containers * Docker with optional Macvlan driver on Linux ;

Cryptanalysis Cryptanalysis (from the Greek ''kryptós'', "hidden", and ''analýein'', "to analyze") refers to the process of analyzing information systems in order to understand hidden aspects of the systems. Cryptanalysis is used to breach cryptographic sec ...

Aircrack-ng Aircrack-ng is a network software suite consisting of a detector, packet sniffer, WEP and WPA/WPA2-PSK cracker and analysis tool for 802.11 wireless LANs. It works with any wireless network interface controller whose driver supports raw moni ...

* AirSnort * Cain and Abel ;Network monitoring *

KisMAC KisMAC is a wireless network discovery tool for Mac OS X. It has a wide range of features, similar to those of Kismet (its Linux/ BSD namesake). The program is geared toward network security professionals, and is not as novice-friendly as simi ...

(used for

WLAN A wireless LAN (WLAN) is a wireless computer network that links two or more devices using wireless communication to form a local area network (LAN) within a limited area such as a home, school, computer laboratory, campus, or office buildin ...

) * Kismet *

IPTraf IPTraf is a software - based console that provides network statistics. It works by collecting information from TCP connections, such as statistics and activity interfaces and drops TCP and UDP traffic. It is available in Linux operating sy ...

* Snort * CommView ;Gaming *

XLink Kai XLink Kai is a program developed by Team XLink allowing for online play of video games with support for LAN multiplayer modes. It enables players on the GameCube, Nintendo Switch, PlayStation 2, PlayStation 3, PlayStation 4, PlayStation Por ...

References

External links

SearchSecurity.com definition of promiscuous mode
{{DEFAULTSORT:Promiscuous Mode Network analyzers

Detection

Some applications that use promiscuous mode

See also

References

External links