How to configure interface in “Promiscuous Mode” in CentOS/RHEL
Promiscuous mode or promisc mode is a feature that makes the ethernet card pass all traffic it received to the kernel. It is usually used by a packet sniffing program like Wireshark, and tcpdump. If there was such program intentionally running or bridged networking for hardware virtualization, the “promiscuous mode” message might be simply ignored. Otherwise, deep investigation on that system will be required due to a security issue.
When a network card is in promiscuous mode, it can read all traffic it received rather than just packages addressed to it. Suppose for eth1, promiscuous mode is basically used to pass all traffic that ‘eth1’ receives rather than just frames addressed to it. A network card usually is in promiscuous mode when:
- If it was manually configured in that mode using ifconfig command.
- If a Network monitor tool is used, like tcpdump etc.
- In bridge network, the NIC is mostly required to operate in promiscuous mode.
How to Manually set a NIC in Promiscuous Mode?
To set an interface to promiscuous mode you can use either of these commands, using the ‘ip’ command is the most current way.
# ifconfig [interface] promisc
# ip link set [interface] promisc on
To identify if the NIC has been set in Promiscuous Mode, use the ifconfig command.
# ifconfig eth1 eth1 Link encap:Ethernet HWaddr 08:00:27:CD:20:16 inet addr:192.168.200.56 Bcast:192.168.255.255 Mask:255.255.0.0 inet6 addr: 2606:b400:c10:6044:a00:27ff:fecd:2016/64 Scope:Global inet6 addr: fe80::a00:27ff:fecd:2016/64 Scope:Link UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1 RX packets:22685771 errors:0 dropped:83424 overruns:0 frame:0 TX packets:13461 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:1604651517 (1.4 GiB) TX bytes:1475694 (1.4 MiB) Alternatively, use the “ip” command and grep for the promisc flag:
# ip a show eth1 | grep -i promisc 3: eth1: [BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP] mtu 1500 qdisc pfifo_fast state UP qlen 1000 Persistent settings
To set the interface in promiscuous mode persistently; First, edit the ifcfg-ethX file and add “PROMISC=yes” to the end of the options.
# vim /etc/sysconfig/network-scripts/ifcfg-eth1 PROMISC=yesPromiscuous mode kali linux
Is it possible to get wlan0 running in promiscuous mode on Pi 4 with Ubuntu? Without having to write / modify drivers?
I saw a similar discussion on the Pi 3, viewtopic.php?f=36&t=284060, but I'm specifically asking about Pi 4 with Ubuntu. I think it should be possible, since I have heard about others having success with Kali linux (although that may have been monitor mode, not promiscuous mode).
I have installed Ubuntu 20.04 and can set promiscuous mode on with:
sudo ip link set wlan0 promisc onI then run tcdump, and do some web browsing from other devices on the same wireless network:
None of the web browsing packets turn up in the output. It only shows traffic that is inbound/outbound to/from the Pi.
I could settle for monitor mode if required, but would prefer promiscuous mode.
Re: WLAN Promiscuous Mode with Pi 4 and Ubuntu
Following on from the question above. is it possible that, even though netstat says promiscuous mode it enabled, it has not been implemented in the driver so will not work?
ifconfig also reports that promiscuous mode is on.
Re: WLAN Promiscuous Mode with Pi 4 and Ubuntu
I have now installed Kali linux on the device. The Kali version has the nexmon patches installed, and the Kali site says it works in full monitor mode. Despite this, I can not get any packets for devices other than the Kali device itself.
It seems to me that the device is faulty, or that I am consistently doing something wrong.
DougieLawson Posts: 42534 Joined: Sun Jun 16, 2013 11:19 pm Location: A small cave in deepest darkest Basingstoke, UK
Re: WLAN Promiscuous Mode with Pi 4 and Ubuntu
Languages using left-hand whitespace for syntax are ridiculous
DMs sent on https://twitter.com/DougieLawson or LinkedIn will be answered next month.
Fake doctors - are all on my foes list.The use of crystal balls and mind reading is prohibited.