- Non-promiscuous. In non-promiscuous mode, the protocol analyzer can only capture traffic addressed to the system (including broadcasts), or coming from the system. In other words, it can't capture unicast traffic between two other hosts.
- Promiscuous. In pomiscuous mode, the protocol analyzer can capture any and all traffic that reaches it's NIC. Attackers would use a protocol analyzer in promiscuous mode.
As a side note, you should know that when a protocol analyzer is operating in promiscuous mode, it gives telltale signs on the network. Don't just start running it on a live network without permissions.
I remember teaching a Security+ class at a college once. One of the students was in the Army and had admnistrative privileges on his system. The next day he downloaded Wireshark, installed it, and began sniffing the network. Within about 15 minutes security administrators were at his desk looking over his shoulder asking what he was doing. Thankfully, you can't get fired from the Army very easily but the same may not be true at your job.
Good luck in your studies.
Darril Gibson
