This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Promiscuous mode?

0

If I am looking to capture traffic that is flowing in and out of my node, do I take wireshark off of promiscuous mode?

asked 24 Jul '14, 07:11

jwilliams1987's gravatar image

jwilliams1987
11112
accept rate: 0%

One Answer:

0

You could do that to limit what you capture, but in most cases it is not necessary. The results are pretty much the same if you're aiming at only capturing traffic of your own node, and not capturing at a TAP or SPAN port (which would give you much more data than just that of your node)

answered 24 Jul '14, 07:18

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

I am looking to see if some freeware ,that is only supposed to put on the screen your system info, might open a backdoor or send info to a remote node elsewhere. So I am really only interested in traffic in and out of my node.

(24 Jul '14, 07:23) jwilliams1987

Go ahead and capture with promiscuous mode on or off. You can filter on your node IP afterwards to see what it did.

(24 Jul '14, 07:25) Jasper ♦♦

True. Thank you.

(24 Jul '14, 07:28) jwilliams1987