Menu
Home
People
Places
Arts
History
Plants & Animals
Science
Life & Culture
Technology
Reference.org
Promiscuous mode
open-in-new
<h2 id="detection">Detection</h2> <p>As promiscuous mode can be used in a malicious way to capture private <a href="/facts/Data_in_transit/8f1ztg6C">data in transit</a> on a network, <a href="/facts/Computer_security/7E5dIy7G">computer security</a> professionals might be interested in detecting network devices that are in promiscuous mode. In promiscuous mode, some software might send responses to frames even though they were addressed to another machine. However, experienced sniffers can prevent this (e.g., using carefully designed firewall settings). An example is sending a ping (ICMP echo request) with the wrong MAC address but the right IP address. If an adapter is operating in normal mode, it will drop this frame, and the IP stack never sees or responds to it. If the adapter is in promiscuous mode, the frame will be passed on, and the IP stack on the machine (to which a MAC address has no meaning) will respond as it would to any other ping.<a class="footnote-ref" id="fnref:6" href="#fn:6"><sup>6</sup></a> The sniffer can prevent this by configuring a firewall to block ICMP traffic. </p> <h2 id="some-applications-that-use-promiscuous-mode">Some applications that use promiscuous mode</h2> <p>The following applications and applications classes use promiscuous mode. </p> Packet Analyzer <ul><li><a href="/facts/NetScout/Gh7llWaw">NetScout</a> Sniffer</li> <li><a href="/facts/Wireshark/tTRY1DJr">Wireshark</a> (formerly <i>Ethereal</i>)</li> <li><a href="/facts/Tcpdump/BrEsLNUC">tcpdump</a></li> <li><a href="/facts/OmniPeek/8BMwCJgz">OmniPeek</a></li> <li><a href="/facts/Capsa_(software)/eUgNznTW">Capsa</a></li> <li><a href="/facts/Ntop/LqA09K6L">ntop</a></li> <li><a href="/facts/Firesheep/tanjuDaF">Firesheep</a></li></ul> Virtual machine <ul><li><a href="/facts/VMware/lKHGULx3">VMware</a>'s VMnet <a href="/facts/Bridging_(networking)/5nyTQtNW">bridging</a></li> <li><a href="/facts/VirtualBox/8wordR1n">VirtualBox</a> bridging mode</li></ul> Containers <ul><li><a href="/facts/Docker_(software)/7IvvsMug">Docker</a> with optional Macvlan driver on Linux</li></ul> <a href="/facts/Cryptanalysis/7CPEQlJI">Cryptanalysis</a> <ul><li><a href="/facts/Aircrack-ng/EwCSTyvn">Aircrack-ng</a></li> <li>AirSnort</li> <li><a href="/facts/Cain_and_Abel_(software)/0YeEApNN">Cain and Abel</a></li></ul> Network monitoring <ul><li><a href="/facts/KisMAC/pkuo0spq">KisMAC</a> (used for <a href="/facts/WLAN/ooq0WA45">WLAN</a>)</li> <li><a href="/facts/Kismet_(software)/x2Jkpwyn">Kismet</a></li> <li><a href="/facts/IPTraf/ndKuecRm">IPTraf</a></li> <li><a href="/facts/Snort_(software)/TVf3Hfow">Snort</a></li> <li><a href="/facts/CommView/taqvYbmR">CommView</a></li></ul> Gaming <ul><li><a href="/facts/XLink_Kai/flxF4xLQ">XLink Kai</a></li></ul> <h2 id="see-also">See also</h2> <ul><li><a href="/facts/Packet_analyzer/mFQP7gWB">Packet analyzer</a></li> <li><a href="/facts/MAC_spoofing/RUz7RTrI">MAC spoofing</a></li> <li><a href="/facts/Monitor_mode/J3UMPnSs">Monitor mode</a></li></ul> <h2 id="references">References</h2> <ol> <li id="fn:1"><p>"Glossary - Promiscuous Mode". blumira.com. <a href="https://www.blumira.com/glossary/promiscuous-mode" target="_blank">https://www.blumira.com/glossary/promiscuous-mode</a> <a href="#fnref:1" class="footnote-back-ref">↩</a></p></li> <li id="fn:2"><p>Zouheir Trabelsi; Hamza Rahmani (2004). INSTICC (ed.). Promiscuous Mode Detection Platform (PDF). Proceedings of the 2nd International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2004). SciTePress. pp. 279–292. doi:10.5220/0002682902790292. ISBN 972-8865-07-4. <a href="972-8865-07-4" target="_blank">972-8865-07-4</a> <a href="#fnref:2" class="footnote-back-ref">↩</a></p></li> <li id="fn:3"><p>"Promiscuous Monitoring in Ethernet and Wi-Fi Networks" (PDF). TamoSoft. 2005. <a href="https://www.tamos.com/docs/monitoring.pdf" target="_blank">https://www.tamos.com/docs/monitoring.pdf</a> <a href="#fnref:3" class="footnote-back-ref">↩</a></p></li> <li id="fn:4"><p>Lee D. VanGundy (July 2014). An analysis of network interface card promiscuous mode detection methods in virtual network (PDF) (MSc thesis). University of Idaho. <a href="https://objects.lib.uidaho.edu/etd/pdf/VanGundy_idaho_0089M_10382.pdf" target="_blank">https://objects.lib.uidaho.edu/etd/pdf/VanGundy_idaho_0089M_10382.pdf</a> <a href="#fnref:4" class="footnote-back-ref">↩</a></p></li> <li id="fn:5"><p>SearchSecurity.com definition of promiscuous mode <a href="http://searchsecurity.techtarget.com/definition/promiscuous-mode" target="_blank">http://searchsecurity.techtarget.com/definition/promiscuous-mode</a> <a href="#fnref:5" class="footnote-back-ref">↩</a></p></li> <li id="fn:6"><p>Sumit Dhar, Sniffers: Basics and Detection (PDF), Version 1.0-1, Information Security Management Team, Reliance Infocomm, retrieved 2024-12-01 <a href="http://www.just.edu.jo/~tawalbeh/nyit/incs745/presentations/Sniffers.pdf" target="_blank">http://www.just.edu.jo/~tawalbeh/nyit/incs745/presentations/Sniffers.pdf</a> <a href="#fnref:6" class="footnote-back-ref">↩</a></p></li> </ol>