Subscribe Now

Trending News

Blog Post

What is Promiscuous Mode? Definition, NIC to Promiscuous and More

What is Promiscuous Mode? Definition, NIC to Promiscuous and More

Promiscuous mode Definition

Promiscuous mode is one of the operation modes of the network card of the computer network. It has a meaning of “indiscriminate,” and indicates that a signal that is not a data packet addressed to the device is captured and processed.

How to change your NIC to Promiscuous mode on Windows 2008 R2 Manually?

When a network card receives a packet, by default, it checks whether the package belongs to it. If not, then the interface card normally drops the packet. But in promiscuous mode, the card does not drop the box. Instead, it will accept all the packages which flow through the network card.

After you create a Network Bridge, some Network Interface Cards (NICs) may not allow network traffic. It is due to the inability of NIC to enable [Promiscuous Mode] when creating a Network Bridge automatically. The following is the process to enable it manually.


1. First, in the Start Menu search for bar type cmd and then press SHIFT + CTRL + ENTER to launch with Elevated Privileges.
2. To know the ID of your NIC enter the following command
3. Add the relevant NIC ID and then enter the following command to enable the Promiscuous Mode.
4. The above step will allow the Promiscuous Mode. And then, Enter the command we used in Step 2, Now the Force Compatibility Mode (Promiscuous Mode) will display enabled.

Also Read: What is First Come First Served (FCFS)? Definition, Scheduling and More

What are the Differences between promiscuous mode and Monitor mode?

Promiscuous mode

Promiscuous mode is not a packet capture mode. It’s an option of Ethernet packet capture.
Using Wireshark, the capture interface options shows that you could capture Ethernet packets with or without [promiscuous mode].

In non-promiscuous mode, you’ll capture

  • Packets destined to your network interface
  • Broadcasts
  • Multicasts

So, you won’t see packets sent to another MAC address on your network if you sniff with a hub or a tap

In promiscuous mode

  • All packets of non-promiscuous mode.
  • Packets destined to another layer two network interface.

Typically, Debookee NA module must put the interface in [promiscuous mode] to see intercepted packets from other devices like an iPhone because the destination MAC address is the iPhone’s one, not our own MAC address.

With or without promiscuous mode, Ethernet packet capture works with

  • Available media: Wired / Wireless
  • Connection state: Wire: cable plugged (!) / Wireless: associated with an Access Point or ad-hoc network
  • Lowest protocol seen: Ethernet (IEEE 802.3)
  • OSI model level: Data Link Layer (Mac)
  • Packets seen: depends on the [promiscuous mode]
  • Packets not seen: Bad FCS packets: dropped by the network interface before the capture library can be aware of them

Monitoring mode

Monitoring mode works specifically for Wi-Fi, allowing to capture packets at the 802.11 radio level, not at the Ethernet level anymore.

In monitoring mode

  • Available media: Wireless
  • Connection state: Must be disassociated of any network, but configured with a specific channel & channel width (20 – 160MHz)
  • Lowest protocol seen: IEEE 802.11
  • OSI model level: Physical (PHY) Layer + Data Link Layer (Mac)

Packets seen in monitoring mode

  • All valid 802.11 packets heard by the radio on the frequency, encrypted or not
  • All bad FCS 802.11 packets are seen, as long as the 802.11 preamble is valid
    Packets of an adjacent channel can be heard.

Example: a packet sent on channel ten can be captured by monitor mode in channel 11

Packets not seen

Malformed packets at the 802.11 preamble level (due to interference, low signal or wrong antenna position)
Packets sent on multiple streams, but one or more streams can’t be decoded.

Packets sent on multiple streams if your wireless monitoring interface has a lower number of radio.

Example: An 802.11n data packet sent on three streams at 450Mb/s won’t be seen if your 802.11n monitoring interface has only 2 Rx radios (very common with Windows machine or Airpcap dongles. Pro tip!)
Packets sent by an 802.11 protocol your interface doesn’t support.

Example: Your 802.11n monitoring interface won’t see an 802.11ac packet.

Also Read: What is Communications Security (COMSEC)? Definition, Types and More

Related posts

1 Comment

  1. DanielMax


Leave a Reply

Required fields are marked *