Which mode on a NIC allows capture of all traffic on the network, not just traffic addressed to it?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the Certified Ethical Hacker Version 11 Exam with a comprehensive test featuring flashcards and multiple choice questions, each accompanied by hints and explanations to ensure a thorough understanding. Ace your ethical hacking exam with confidence!

Multiple Choice

Which mode on a NIC allows capture of all traffic on the network, not just traffic addressed to it?

Explanation:
Promiscuous mode is the NIC setting that disables the hardware filter which normally drops frames not addressed to this device. When enabled, the network interface hands every frame it sees up to the operating system, allowing packet capture tools to inspect traffic across the network segment. This is why sniffing and packet analysis applications rely on promiscuous mode—to observe traffic beyond only what’s destined for the host. In regular operation, a NIC processes only frames addressed to its MAC (plus broadcasts or multicast if configured). Promiscuous mode removes that restriction, so the capture tool can receive and examine all frames on the segment it can access. Keep in mind that whether you can actually see all network traffic depends on the network topology. On a hub, traffic is shared, so a promiscuous NIC can often observe most activity. On a switch, traffic is isolated to the destination port, so you’ll need port mirroring or a network tap to see traffic from other devices. The mode described here is specifically the one that enables broad capture, unlike the other modes which do not provide that level of traffic visibility.

Promiscuous mode is the NIC setting that disables the hardware filter which normally drops frames not addressed to this device. When enabled, the network interface hands every frame it sees up to the operating system, allowing packet capture tools to inspect traffic across the network segment. This is why sniffing and packet analysis applications rely on promiscuous mode—to observe traffic beyond only what’s destined for the host.

In regular operation, a NIC processes only frames addressed to its MAC (plus broadcasts or multicast if configured). Promiscuous mode removes that restriction, so the capture tool can receive and examine all frames on the segment it can access.

Keep in mind that whether you can actually see all network traffic depends on the network topology. On a hub, traffic is shared, so a promiscuous NIC can often observe most activity. On a switch, traffic is isolated to the destination port, so you’ll need port mirroring or a network tap to see traffic from other devices. The mode described here is specifically the one that enables broad capture, unlike the other modes which do not provide that level of traffic visibility.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy