Security risk associated with a NIC's promiscuous mode?

Chuck Swiger cswiger at
Fri Oct 7 06:45:53 PDT 2005

John Conover wrote:
> Is there any security risk associated with a NIC's promiscuous mode
> while running tcpdump and/or arpwatch?

A mild one.  For example, I believe there was recently a security bug in 
tcpdump's string handling which could be exploited by tcpdump seeing a 
maliciously-crafted packet.  Running the NIC in promisc mode means that packet 
just has to go by, rather than being sent specificly to the machine running the 

In other words, it's not a great idea to run a sniffer on your most important 
fileserver or whatever, rather than an isolated laptop or other test system.


More information about the freebsd-questions mailing list