Configure network card in promiscuous mode

network

When running in promiscuous mode, all traffic the network card receives can be read. This configuration is useful for us to do network monitoring, like for a network intrusion detection system.

How can I config my network card in promiscuous mode?

You can do this easily by one command. It works on both RedHat and Debian based distributions. Below is an example:

root@db1:~# ifconfig eth1 promisc
[2685638.719679] device eth1 entered promiscuous mode
root@db1:~# ifconfig eth1 -promisc
root@db1:~# dmesg | tail -1
[2685655.668037] device eth1 left promiscuous mode

Then, how can we setup the promiscuous mode in configuration files, so that it takes effect when system boots? As the configuration varies by distribution, here we raise two examples.

Setup promiscuous mode on Redhat / CentOS

To configure a network card in promiscuous mode, you need to put the line PROMISC=yes in its configuration file /etc/sysconfig/network-scripts/ifcfg-ethX.

BOOTPROTO=static
DEVICE=ethX
ONBOOT=yes
TYPE=Ethernet
PROMISC=yes
USERCTL=no

Don’t forget to replace ethX to the right device you are using.

Setup promiscuous mode on Ubuntu / Debian

Below is part of an example file of /etc/network/interface:

auto eth0
iface eth0 inet manual
up ifconfig $IFACE 192.168.1.100 up
up ip link set $IFACE promisc on
down ip link set $IFACE promisc off
down ifconfig $IFACE down

Again, for any issues, please leave us a comment, or raise a thread at the support forum.

Leave a comment

Your email address will not be published. Required fields are marked *