Promiscuous mode

Promiscuous mode

In computing, promiscuous mode or "promisc mode" is a configuration of a network card that makes the card pass all traffic it receives to the central processing unit rather than just packets addressed to it — a feature normally used for packet sniffing.

Each packet includes the hardware (Media Access Control) address. When a network card receives a packet, it checks if the address is its own. If not, the card normally drops the packet. But in promiscuous mode, the card doesn't drop the packet, thus allowing the computer to read all packets.

Many operating systems require superuser privileges to enable promiscuous mode. A non-routing node in promiscuous mode can generally only monitor traffic to and from other nodes within the same collision domain (for Ethernet and Wireless LAN) or ring (for Token ring or FDDI). Computers attached to the same network hub satisfy this requirement, which is why network switches are used to combat malicious use of promiscuous mode. A router may monitor all traffic that it routes.

Promiscuous mode is often used to diagnose network connectivity issues. There are programs that make use of this feature to show the user all the data being transferred over the network. Some protocols like FTP and Telnet transfer data and passwords in clear text, without encryption, and network scanners can see this data. Therefore, computer users are encouraged to stay away from insecure protocols like telnet and use more secure ones such as SSH.

Detection

As promiscuous mode can be used in a malicious way to "sniff" on a network, one might be interested in detecting network devices that are in promiscuous mode. There are basically two methods to do this:

# If a network device is in promiscuous mode, the kernel will receive all network traffic, i. e. the CPU load will increase. Then the latency of network responses will also increase, which can be detected.
# In promiscuous mode, some software might send responses to packets even though they were addressed to another machine. If you see such responses, you can be sure that the originating device is in promiscuous mode. However, experienced sniffers can prevent this (e. g. using carefully designed firewall settings). An example is sending a ping (ICMP echo request) with the wrong MAC address but the right IP address. If your firewall blocks all ICMP traffic, this will be prevented.Promiscuous mode is heavily used by malicious applications which initially do the root compromise and then start doing ARP spoofing along with IP spoofing.To do ARP spoofing , NIC must be kept in promiscuous mode. Hence detecting machines in promiscuous mode with no valid reason is an important issue in order to deal with ARP spoofing.

Applications that use promiscuous mode

* Aircrack-ng
* KisMAC (used for WLAN)
* AirSnort (used for WLAN)
* Wireshark (formerly "Ethereal")
* tcpdump
* IPTraf
* PRTG
* Kismet
* VMware's VMnet Bridging (networking)
* Cain
* Driftnet_Software
* Microsoft Windows Network Bridge
* XLink Kai
* ntop

ee also

* Packet sniffer
* Monitor mode


Wikimedia Foundation. 2010.

Игры ⚽ Нужно сделать НИР?

Look at other dictionaries:

  • Promiscuous mode — (traduit de temps en temps en « mode promiscuité »), en informatique, se réfère à une configuration de la carte réseau, qui permet à celle ci d accepter tous les paquets qu elle reçoit, même si ceux ci ne lui sont pas adressés. Ce mode… …   Wikipédia en Français

  • Promiscuous mode — или promisc mode так называемый «неразборчивый» режим, в котором сетевая плата позволяет принимать все пакеты независимо от того, кому они адресованы. Эта возможность обычно используется в сетевых анализаторах трафика. В нормальном состоянии на… …   Википедия

  • Promiscuous Mode — Der promiscuous mode (engl. etwa „freizügiger Modus“) bezeichnet einen bestimmten Empfangsmodus für netzwerktechnische Geräte. In diesem Modus liest das Gerät den gesamten ankommenden Datenverkehr an die in diesen Modus geschaltete… …   Deutsch Wikipedia

  • promiscuous mode —    A mode in which a network device or interface card captures all the packets on the network, not just those addressed to it specifically. Network analyzers work in promiscuous mode to monitor network traffic and to perform statistical analyses… …   Dictionary of networking

  • Promiscuous Mode — Gemischtmodus …   Acronyms

  • Promiscuous Mode — Gemischtmodus …   Acronyms von A bis Z

  • Mode promiscuous — Promiscuous mode Promiscuous mode (traduit de temps en temps en « mode promiscuité »), en informatique, se réfère à une configuration de la carte réseau, qui permet à celle ci d accepter tous les paquets qu elle reçoit, même si ceux ci… …   Wikipédia en Français

  • Mode promiscuité — Promiscuous mode Promiscuous mode (traduit de temps en temps en « mode promiscuité »), en informatique, se réfère à une configuration de la carte réseau, qui permet à celle ci d accepter tous les paquets qu elle reçoit, même si ceux ci… …   Wikipédia en Français

  • Promiscuous (disambiguation) — Promiscuous means making casual, indiscriminate choices. It can refer to: *Promiscuity, promiscuous sexual behaviour * Promiscuous (song), a 2006 song by Nelly Furtado featuring Timbaland. Also known as Promiscuous Girl *Promiscuous mode, a… …   Wikipedia

  • Mode moniteur — Pour les articles homonymes, voir Mode moniteur (homonymie). Le mode moniteur (aussi appelé Radio Frequency Monitoring, RF Monitor, rfmon, RFMON, Air Monitor, Network Monitor, NetMon, ou encore surveillance RF) permet à un ordinateur équipé d une …   Wikipédia en Français

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”