?
Solved

Promiscuous mode

Posted on 2004-09-13
9
Medium Priority
?
332 Views
Last Modified: 2006-11-17
Is there any solution for sniffing WITHOUT setting the promiscuous mode ?
0
Comment
Question by:DanLazar
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 22

Accepted Solution

by:
cookre earned 500 total points
ID: 12046070
No.  
Unless the NIC supports and is placeed in promiscuous mode, it will not report packets not intended for it.
0
 
LVL 5

Assisted Solution

by:danielsonchris
danielsonchris earned 500 total points
ID: 12046107
Promiscuous mode just means to not clear the buffer on the network card. The nature of a un-switched network is to relay packets throughout and the computer with the corresponding MAC address will accept the packet and digest it.  Turning on promiscuous mode basically tells the network card to not disregard the packet even though the MAC address does not match.  Unless you have a software application running to digest the packet it will soon be cleared out of the buffer (in the case of promiscuous mode).  Basically promiscuous mode means to put the packet into a volatile buffer such that an application such as Ethereal could digest it and display it's contents.

So the answer is no, you must have promiscuous mode turned on.  Otherwise the packet is never copied into the buffer.  Some cards have hacks that allow you to enable this if it's not enabled by default.
Regards,
Chris
0
 
LVL 41

Assisted Solution

by:graye
graye earned 500 total points
ID: 12050616
...and to make things more complicated.   The promiscuous mode has to be set both on the NIC and at the hub/switch.   Almost all hubs are now actually switches... so they too must be configured to pass all traffic to a particular port.   A low-cost hub might not even be configurable to become promiscuous.
0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 
LVL 6

Assisted Solution

by:DominicCronin
DominicCronin earned 500 total points
ID: 12093138
It all depends what you mean by a "solution for sniffing". If all you want to do is debug some network traffic, it's very common to put some sort of proxy in between the client and the server.
0
 
LVL 22

Expert Comment

by:cookre
ID: 12320589
All of us agreed that the answer is 'no'.
0
 
LVL 6

Expert Comment

by:DominicCronin
ID: 12326949
Actually cookre, although I *do* agree that if you want to "sniff" then promiscuous mode is necessary, my suggestion was that often the problems you can solve by "sniffing" can be solved by interposing a proxy. The trouble is that word "sniff", isn't it? There's no "official" definition. Maybe we should get together and submit an RFC defining the word :-)

If sniff means "listen to network traffic not intended for your network interface", and "promiscuous mode" means "don't ignore traffic not intended for this network interface", then it's pretty obvious that you can't sniff without promiscuous mode. That still doesn't get us to a "solution" for sniffing.

What I sometimes think would be helpful would be having the option to change the question title to make it more useful to future PAQ hunters. After all, there's some useful knowledge in this thread, so it would be good to have it as a PAQ, but my worry is that the title won't help anyone to find the answers they need here.

As always - the hard part is getting the questioner to state their problem for what it is, rather than jumping in half-way towards their own perception of where the solution lies. It's unlikely that the questioner really wants to "sniff". DanLazar - if you are there - what did you really want to do?
0

Featured Post

Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Whether you've completed a degree in computer sciences or you're a self-taught programmer, writing your first lines of code in the real world is always a challenge. Here are some of the most common pitfalls for new programmers.
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
An introduction to basic programming syntax in Java by creating a simple program. Viewers can follow the tutorial as they create their first class in Java. Definitions and explanations about each element are given to help prepare viewers for future …
In this fourth video of the Xpdf series, we discuss and demonstrate the PDFinfo utility, which retrieves the contents of a PDF's Info Dictionary, as well as some other information, including the page count. We show how to isolate the page count in a…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question