In this mode, the device reads the entire incoming data traffic to the network interface switched to this mode (instead of just the data traffic intended for the device) and forwards the data to the operating system for processing . This can be necessary, for example, to operate virtual machines that are given their own network interface.
In the case of wireless LANs (WLANs), packets that are not directed to you are also forwarded in promiscuous mode , but only the packets from the network (access point) to which the client is currently connected are forwarded. Since establishing a connection to the network usually goes hand in hand with authentication , promiscuous mode is not suitable for intercepting packets from a network to which one has no direct access. If you want to receive all packets of all accessible WLAN networks, you need monitor mode .
The opposite of this mode is the non-promiscuous mode . In this mode, the device only processes the packets addressed to itself, which is done, for example, in Ethernet networks by evaluating the MAC address , plus broadcast and multicast packets.
In networks that are formed by switches (as opposed to hubs ), the promiscuous mode is useless for espionage, since normally only the packets intended for it are sent to each device. VMs are not affected by this, as they actively communicate with their address in the network and are therefore recognized by the switch as an independent device.
- Patrick Schnabel: WLAN Hacking: Monitor Mode. In: Electronics Compendium. Elektronik-Kompendium.de, August 11, 2019, accessed on September 11, 2019 : “But if you want to analyze or even record the data traffic of all WLANs, then you want to receive all data packets. To do this, you have to switch the respective WLAN adapter to monitor mode. "