Promiscuous mode, in computing, refers to a configuration of a network card wherein a setting is enabled so that the card passes all traffic it receives to the CPU rather than just packets addressed to it, a feature normally used for packet sniffing. A network card, network adapter or NIC (network interface controller) is a piece of computer hardware designed to allow computers to communicate over a computer network. ... Packet sniffers (also known as Network Analyzers or Ethernet Sniffers) are usually software programs (but sometimes implemented in hardware) which can intercept and log traffic passing over a network or part of a network. ...

Inside each packet is a hardware (MAC) address. When a computer receives a particular packet, it checks the hardware address in it to see if the packet is addressed to it. If not, then the network card normally drops the packet. When in promiscuous mode, the network card doesn't drop the packet, thereby enabling it to read all packets. The Media Access Control (MAC) data communication protocol sub-layer, also known as the Medium Access Control, is a part of the data link layer specified in the seven-layer OSI model (layer 2). ...

Many operating systems require superuser privileges to enable promiscuous mode. A non-routing node in promiscuous mode can generally only monitor traffic to and from other nodes within the same collision domain (for Ethernet and Wireless LAN) or ring (for Token ring or FDDI). Computers which are attached to the same Ethernet hub satisfy this requirement, which is why network switches are used to combat malicious use of promiscuous mode. A router may monitor all traffic that it routes. Promiscuous mode is commonly used to diagnose network connectivity issues. There are programs that make use of this feature to show the user all the data being transferred over the network. Some protocols like FTP and Telnet transfer data and passwords in clear text, without encryption, and network scanners can see this data. Therefore, computer users are encouraged to stay away from insecure protocols like telnet and use more secure ones such as SSH. An operating system (OS) is the software that manages the sharing of the resources of a computer and provides programmers with an interface used to access those resources. ... On many computer operating systems, superuser, or root, is the term used for the special user account that is controlled by the system administrator. ... Node(Latin nodus ‘knot’) is critical element of any computer network. ... A collision domain is a logical network segment where data packets can collide with one another for being sent on a shared medium, in particular in the Ethernet networking protocol. ... Ethernet is a large, diverse family of frame-based computer networking technologies that operate at many speeds for local area networks (LANs). ... The notebook is connected to the wireless access point using a PC card wireless card. ... Token-Ring local area network (LAN) technology was developed and promoted by IBM in the early 1980s and standardised as IEEE 802. ... In computer networking, fiber-distributed data interface (FDDI) is a standard for data transmission in a local area network that can extend in range up to 200 km (124 miles). ... Bold text 4 port ethernet hub An Ethernet hub or concentrator is a device for connecting multiple twisted pair or fiber optic Ethernet devices together, making them act as a single segment. ... A network switch is a computer networking device that connects network segments. ... This article is about a computer networking device. ... This article is about the File Transfer Protocol standardised by the IETF. For other file transfer protocols, see File transfer protocol (disambiguation). ... For the packet switched network, see Telenet. ... Secure Shell or SSH is a network protocol that allows data to be exchanged over a secure channel between two computers. ...

Detection

As promiscuous mode can be used in a malicious way to sniff on a network, one might be interested in detecting network devices that are in promiscuous mode. There are basically two methods to do this:

1. If a network device is in promiscuous mode, the kernel will receive all network traffic, i. e. the CPU load will increase. Then the latency of network responses will also increase, which can be detected.
2. In promiscuous mode, some software might send responses to packets even though they were addressed to another machine. If you see such responses, you can be sure that the originating device is in promiscuous mode. However, experienced sniffers can prevent this (e. g. using carefully designed firewall settings). An example is sending a ping (ICMP echo request) with the wrong MAC address but the right IP address. If your firewall blocks all ICMP traffic, this will be prevented.

A kernel connects the application software to the hardware of a computer. ...

Applications that use promiscuous mode

• KisMAC (used for WLAN)
• AirSnort (used for WLAN)
• Wireshark (formerly Ethereal)
• tcpdump
• IPTraf
• PRTG
• Kismet
• VMware's VMnet Bridging (networking)
• Cain
• Driftnet
• Microsoft Windows Network Bridge
• XLink Kai

KisMAC is a wireless network discovery tool for Mac OS X. It has a wide range of features, far surpassing that of NetStumbler, its closest equivalent on Windows, and Kismet, its Linux/BSD namesake. ... Wikipedia does not yet have an article with this exact name. ... AirSnort is a Linux utility (using GTK+) for decrypting WEP encryption. ... Wikipedia does not yet have an article with this exact name. ... In computing, Wireshark (formerly known as Ethereal) is a free software protocol analyzer, or packet sniffer application, used for network troubleshooting, analysis, software and protocol development, and education. ... tcpdump is a common computer network debugging tool that runs under the command line. ... Paessler Router Traffic Grapher (PRTG) is a network monitoring and bandwidth use software for Microsoft Windows by Paessler AG. Overview With PRTG bandwidth usage of a network can be monitored and classified using the three most common bandwidth data acquisition methods: SNMP: Reads traffic counters of network devices like switches... Kismet is a network detector, packet sniffer, and intrusion detection system for 802. ... VMware Inc. ... Bridging is a forwarding technique used in packet-switched computer networks. ... Cain and Abel is a Windows password recovery tool. ... XLink Kai is a method (developed by Team-XLink) of online-gaming whereby system-link enabled Xbox (variants also exist for the Xbox 360, PlayStation 2, PlayStation Portable and other devices) games can be tricked into being played across the internet instead of a normal LAN (Local Area Network). ...

See also

• Packet sniffer
• Monitor mode