When running in promiscuous mode, all traffic the network card receives can be read. This configuration is useful for us to do network monitoring, like for a network intrusion detection system.
How can I config my network card in promiscuous mode?
You can do this easily by one command. It works on both RedHat and Debian based distributions. Below is an example:
root@db1:~# ifconfig eth1 promisc [2685638.719679] device eth1 entered promiscuous mode root@db1:~# ifconfig eth1 -promisc root@db1:~# dmesg | tail -1 [2685655.668037] device eth1 left promiscuous mode
Then, how can we setup the promiscuous mode in configuration files, so that it takes effect when system boots? As the configuration varies by distribution, here we raise two examples.
Setup promiscuous mode on Redhat / CentOS
To configure a network card in promiscuous mode, you need to put the line PROMISC=yes in its configuration file /etc/sysconfig/network-scripts/ifcfg-ethX.
BOOTPROTO=static DEVICE=ethX ONBOOT=yes TYPE=Ethernet PROMISC=yes USERCTL=no
Don’t forget to replace ethX to the right device you are using.
Setup promiscuous mode on Ubuntu / Debian
Below is part of an example file of /etc/network/interface:
auto eth0 iface eth0 inet manual up ifconfig $IFACE 192.168.1.100 up up ip link set $IFACE promisc on down ip link set $IFACE promisc off down ifconfig $IFACE down
Again, for any issues, please leave us a comment, or raise a thread at the support forum.