Wireshark – Please turn off promiscuous mode for this device

Recently received the following error while trying to do a packet capture on windows.

There are two solutions to this problem

  1. Disable promiscuous mode for the adapter
  2. Update Npcap

Disable Promiscuous mode

“Please turn off promiscuous mode for this device”

You can turn on promiscuous mode by going to Capture -> Options

Uncheck promiscuous

And click Start

Update Npcap

If you need promiscuous mode on, then look at installing a newer version of Npcap

https://npcap.com/dist/

Restart Wireshark, and Start a capture.

https://ask.wireshark.org/question/30138/please-turn-off-promiscuous-mode-for-this-device/

Install NetworkMiner on Kali Linux

The Network Miner tool is a handy little utility that works great on Windows. It sorta works on Linux. Doesn’t appear to be able to read the traffic coming off the interface, but you can drag and drop a pcap file on it. You can export a pcap file from wireshark, but it needs to be a pcap, not the newer default pcap Wireshark defaults to. Can change it in the “Save as:”

Install Prerequisites

sudo apt install mono-devel

Download and Configure

wget https://www.netresec.com/?download=NetworkMiner -O /tmp/NetworkMiner.zip
sudo unzip /tmp/NetworkMiner.zip -d /opt/
cd /opt/NetworkMiner*
sudo chmod +x NetworkMiner.exe
sudo chmod -R go+w AssembledFiles/
sudo chmod -R go+w Captures/

Should be ready to launch.

Launch Network Miner

mono /opt/NetworkMiner*/NetworkMiner.exe
Network Miner on Kali Linux

Further Thoughts and Reading

You could potentially get a live view of what is going on by using the “Receive Pcap over IP”

Maybe use something like

tcpdump -i wlan0 | nc localhost 57014

The following links should help and provide more information.

https://www.netresec.com/?page=Blog&month=2014-02&post=HowTo-install-NetworkMiner-in-Ubuntu-Fedora-and-Arch-Linux

https://www.netresec.com/?page=Blog&month=2011-09&post=Pcap-over-IP-in-NetworkMiner