How to configure interface in “Promiscuous Mode” in CentOS/RHEL?

Promiscuous mode or promisc mode is a feature that makes the ethernet card pass all traffic it received to the kernel. It is usually used by a packet sniffing program like Wireshark, and tcpdump. If there was such program intentionally running or bridged networking for hardware virtualization, the “promiscuous mode” message might be simply ignored. Otherwise, deep investigation on that system will be required due to a security issue.

 

When a network card is in promiscuous mode, it can read all traffic it received rather than just packages addressed to it. Suppose for eth1, promiscuous mode is basically used to pass all traffic that ‘eth1’ receives rather than just frames addressed to it. A network card usually is in promiscuous mode when:

 

  • If it was manually configured in that mode using ifconfig command.
  • If a Network monitor tool is used, like tcpdump etc.
  • In bridge network, the NIC is mostly required to operate in promiscuous mode.

 

Manually set a NIC in Promiscuous Mode

 

To set an interface to promiscuous mode you can use either of these commands, using the ‘ip’ command is the most current way.

# ifconfig [interface] promisc
# ip link set [interface] promisc on

 

To identify if the NIC has been set in Promiscuous Mode, use the ifconfig command.

# ifconfig eth1
eth1      Link encap:Ethernet  HWaddr 08:00:27:CD:20:16
          inet addr:192.168.200.56  Bcast:192.168.255.255  Mask:255.255.0.0
          inet6 addr: 2606:b400:c10:6044:a00:27ff:fecd:2016/64 Scope:Global
          inet6 addr: fe80::a00:27ff:fecd:2016/64 Scope:Link
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1                     
          RX packets:22685771 errors:0 dropped:83424 overruns:0 frame:0
          TX packets:13461 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1604651517 (1.4 GiB)  TX bytes:1475694 (1.4 MiB)

 

Alternatively, use the “ip” command and grep for the promisc flag:

# ip a show eth1 | grep -i promisc
3: eth1: [BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP] mtu 1500 qdisc pfifo_fast state UP qlen 1000

 

Persistent settings

 

To set the interface in promiscuous mode persistently; First, edit the ifcfg-ethX file and add “PROMISC=yes” to the end of the options.

# vim /etc/sysconfig/network-scripts/ifcfg-eth1 
PROMISC=yes   <== 

 

Was this answer helpful? 0 Users Found This Useful (0 Votes)