Argus in promiscuous mode running in a firewall

Gilson Soares gilson.soares at
Mon Feb 4 17:54:19 EST 2013

I'm quite confused with promiscuous mode in Argus.

Promiscuous mode is used to capture packets whose destination is not to
argus sensor interface.
I think this is fine when your are capturing from a bridge interface or in
a argus sensor with port mirroring (correct?)

But if want to use Argus in a firewall with two interfaces (eth0-public and
eth1-localnet) with masquerading enabled, the outgoing traffic from inside
to outside, the eth1 "is the target destination" to reach outside.

In this case, promiscuous should be Enabled or Disabled ?

Did I miss something  ?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the argus mailing list