<P> As promiscuous mode can be used in a malicious way to sniff on a network, one might be interested in detecting network devices that are in promiscuous mode . In promiscuous mode, some software might send responses to frames even though they were addressed to another machine . However, experienced sniffers can prevent this (e.g., using carefully designed firewall settings). </P> <P> An example is sending a ping (ICMP echo request) with the wrong MAC address but the right IP address . If an adapter is operating in normal mode, it will drop this frame, and the IP stack never sees or responds to it . If the adapter is in promiscuous mode, the frame will be passed on, and the IP stack on the machine (to which a MAC address has no meaning) will respond as it would to any other ping . The sniffer can prevent this by configuring his or her firewall to block ICMP traffic . </P> <Dl> <Dt> Packet Analyzer </Dt> </Dl> <Ul> <Li> NetScout Sniffer </Li> <Li> Wireshark (formerly Ethereal) </Li> <Li> tcpdump </Li> <Li> OmniPeek </Li> <Li> Capsa </Li> <Li> ntop </Li> <Li> Firesheep </Li> </Ul>

How to put network card in promiscuous mode linux