The two modes of a protocol analyzer are promiscuous and non-promiscuous: - Non-promiscuous. In non-promiscuous mode, the protocol analyzer can only capture traffic addressed to the system (including broadcasts), or coming from the system. In other words, it can't capture unicast traffic between two other hosts.
- Promiscuous. In pomiscuous mode, the protocol analyzer can capture any and all traffic that reaches it's NIC. Attackers would use a protocol analyzer in promiscuous mode.
Wireshark is a protocol analyzer that can be download for free and will work in both promiscuous mode and non-promiscuous mode. When a protocol analyzer is operating in promiscuous mode, it gives telltale signs on the network. Should not be run on a live network without permissions.
| 
