How to set hardware filter to promiscuous mode?

How do I force promiscuous mode in Wireshark?

The following is an excerpt from a thread in the Windows thread on the Wireshark discussion forum.

From the thread:Wireshark has a nice feature, called the promiscuous mode, which will grab all packets and display them. We've used it to identify all systems behind the corporate network we work on. The problem is, if someone else is capturing our traffic while Wireshark is also capturing theirs, our captures are corrupted and we can't open them until we exit wireshark and start again. We'd like to configure our sniffer so that no packets originating from any outside system's IP addresses come into its data log files. I can't seem to find the right setting in Wireshark. Thanks for any help you can give!

A user who asked for some guidance in the Wireshark thread provides their solution as follows: 1) Click on "Start" on the taskbar, and in the list of windows select "Wireshark" or "Wireshark - TShark".2) If Wireshark - TShark is selected, move your mouse over the button, and the mouse pointer changes to tell you that "TShark" is running. If Wireshark is selected, move your mouse over the button and the mouse pointer changes to tell you that "Wireshark" is running.3) Double click the icon in the list of processes.

4) Choose Processes > Select Processes and search for 'tcpdump'.5) Choose TCPdump > Kill tcpdump > OK, then move on to next process.

I tried the above steps. At step #4, I tried searching for tcpdump, found nothing and decided to reboot. When I was back in Wireshark, all three windows were up and waiting for input. I had no idea where to start looking. I couldn't even figure out how to select one among the three. How do I pick just one window to focus on? How can I select from among the three windows to focus on?

I then went through every menu item I could find in Wireshark. Some I did not understand and others I was confused about.

How to set hardware filter to promiscuous mode?

Currently I have a USB card set to hardware filtering mode on which has all kinds of "USB devices detected", among them two "USB Flash drive"s that are not visible anywhere in the Device Manager, so I set the filter setting to "Promiscuous", but the USB Flash drive doesn't disappear, how can I set this and use a filter in a way that it really will filter out all the hardware attached?

In most cases hardware filtering is completely transparent to the application. So the best way to have a software filter is to have it run automatically and only when needed. By default it will turn on automatically after the system is up. On XP you would need to do this from the registry. You might need to put it in AutoStart and have it run first thing on boot then.

How to enable promiscuous mode?

I have a USB WAN Dongle.

When I plug it into the computer, it won't enable promiscuous mode, so it won't work. I think it's because of this:

What can I do to enable promiscuous mode? The easiest way is to use a tool like ndiswrapper to create a wrapper for your device driver. It would likely be a copy of the Windows driver that you can modify to include some custom commands, such as SET HOSTMODE and SET ALLOWUNASSIGNEDDEVICES. This will allow the device to function properly.

You'll need the source of the Windows driver, and the name of the .sys file that contains the driver. I'm not sure if the .sys file for your device is included in Windows. If you find the .sys file, try to search for "allowunassigneddevices" in the file. This should allow the device to function properly in promiscuous mode.

What is the promiscuous mode in Windows?

I have been using Windows for a few years now and I have never needed to use the promiscuous mode.

As far as I know, the promiscuous mode is a debugging mode that allows one to communicate with other machines on the local network without knowing the IP addresses. It seems pretty useful in some situations when you are communicating with other computers on your network. However, I do not know what it really does, how it works, or what it does not do. Can anyone help me understand it better?

Well, "promiscuous" means "allowing traffic between systems". The point of that mode is to allow you to debug the OS and see what goes over the network connection (like "ping 192.168.3" or "telnet localhost 3000") - but when you're in it you're allowing traffic in both directions.

If you need to go into promiscuous mode to debug some network problem, for example, the problem may be that either the destination or source IP address is not in your LAN (ie, they are on the Internet). In this case you need to open up that port in the router/firewall so that you can connect to it from your workstation.

Another example would be if there's a problem with DHCP on the network; then your IP address may be out of the range assigned to your machine (for whatever reason), and the packet would hit the router and try to return to the computer that just got an IP address. So it tries to ping the gateway.