WEBVTT 00:00.210 --> 00:09.810 In this video, we are going to learn what the promiscuous mode is, how it is different from the monitor 00:09.810 --> 00:13.110 mode and how to enable and disable it. 00:13.110 --> 00:21.540 The promiscuous mode is available in the capture options window, so go to the capture, click on options, 00:21.870 --> 00:28.110 capture options displays all the installed network interface cards. 00:28.500 --> 00:32.010 It is pretty much like you would welcome a window, right, as you can see. 00:32.190 --> 00:41.480 But the difference is that capture options gives you a much better control over your interfaces here. 00:41.490 --> 00:47.910 As you can see, we have promiscuous mode column and the monitor mode. 00:47.970 --> 00:48.390 Right. 00:48.510 --> 00:54.120 You can start a new session from Captured Options, a window as well. 00:54.150 --> 00:55.050 All you have to do. 00:55.440 --> 01:01.980 Select the network interface where you want to capture the packets on. 01:01.980 --> 01:04.670 And then down here, click on the start button. 01:04.680 --> 01:07.290 Then it will start a new session. 01:07.590 --> 01:09.870 Okay, back to the capture options. 01:12.730 --> 01:19.810 By default, promiscuous mode is enabled on all the network interface card. 01:19.990 --> 01:26.320 As you can see down here, if you click on this button, enable promiscuous mode, then it is going 01:26.320 --> 01:34.680 to disable, you know, the promiscuous mode on all the interfaces you can manually enable and disable 01:34.750 --> 01:37.480 promiscuous mode on each interface. 01:37.490 --> 01:38.380 Right, like this. 01:40.580 --> 01:46.040 So what is this promiscuous mode in computer networking? 01:46.130 --> 01:51.830 Promiscuous mode is a network of monitoring and administration technique. 01:52.160 --> 02:01.550 Promiscuous a mode allows us to sniff our captured traffic of other devices that are connected to your 02:01.910 --> 02:02.570 network. 02:02.960 --> 02:08.150 But the promiscuous mode works under one specific condition. 02:08.420 --> 02:15.080 It only works if devices are connected to the network through a hub. 02:15.410 --> 02:21.500 Then Wireshark can read and intercept each packet that the hub receives. 02:21.800 --> 02:25.790 Here, we need to understand how the hub works. 02:26.330 --> 02:28.610 Hub is a multiport device. 02:28.940 --> 02:35.390 It allows computers to connect to a network through an Ethernet cable. 02:35.510 --> 02:35.900 Right. 02:36.320 --> 02:45.890 When a hub receives a packet, then it basically signs that package to all the ports or devices that 02:45.890 --> 02:47.690 are connected to it. 02:48.200 --> 02:56.990 And this is what the promiscuous mode exploits by default, your computer or network card, to be specific 02:57.290 --> 03:06.290 only except the packets or frames that are specifically sent to your own MAC address. 03:06.380 --> 03:06.770 Right. 03:07.220 --> 03:16.220 Your computer ignores everything and only accepts packets that are sent to your Mac address. 03:16.460 --> 03:26.480 But when you enable the promiscuous mode, a network card accepts all the packets that it sees whether 03:26.480 --> 03:28.940 they are sent to it or not. 03:29.330 --> 03:31.220 We also have a monitor mode. 03:31.280 --> 03:31.630 Right. 03:31.640 --> 03:32.630 As you can see. 03:32.990 --> 03:38.690 So what is the difference between monitor mode and the promiscuous mode? 03:38.870 --> 03:44.780 Both modes allow us to capture traffic or packets. 03:44.780 --> 03:45.150 Right. 03:45.560 --> 03:51.260 But they operate differently to captured packets with promiscuous mode. 03:51.650 --> 03:59.600 You have to be connected to the network where you want to capture the packets on. 03:59.900 --> 04:06.020 If you are not connected to the network, then promiscuous mode does not work. 04:06.290 --> 04:13.940 But with monitor mode, you don't have to be connected to any network to capture 30 packets. 04:14.120 --> 04:23.780 Monitor Mode can easily capture traffic of all the networks within its range easily without connecting 04:24.020 --> 04:24.700 to them. 04:25.220 --> 04:31.850 Window does not allow or support the monitor mode for security reasons. 04:31.970 --> 04:38.810 As you can see under the Monitor Mode column, we have the check box for monitor mode. 04:39.320 --> 04:41.330 Now let me check it. 04:41.690 --> 04:45.290 As you can see it automatically uncheck immediately. 04:45.560 --> 04:54.200 Windows does not allow the wireless network card to operate in the monitor mode by default. 04:54.440 --> 05:02.840 But on Linux, you can easily put your card in monitor mode and start capturing packets.