Argus in promiscuous mode running in a firewall

Carter Bullard carter at
Mon Feb 4 19:18:13 EST 2013

Hey Gilson,
Normally, within a switch / router / firewall, you would not use promiscuous mode,
as you want to process the packets that the device will / would actually process.


On Feb 4, 2013, at 5:54 PM, Gilson Soares <gilson.soares at> wrote:

> I'm quite confused with promiscuous mode in Argus.
> Promiscuous mode is used to capture packets whose destination is not to argus sensor interface.
> I think this is fine when your are capturing from a bridge interface or in a argus sensor with port mirroring (correct?)
> But if want to use Argus in a firewall with two interfaces (eth0-public and eth1-localnet) with masquerading enabled, the outgoing traffic from inside to outside, the eth1 "is the target destination" to reach outside.
> In this case, promiscuous should be Enabled or Disabled ?
> Did I miss something  ?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4367 bytes
Desc: not available
URL: <>

More information about the argus mailing list