Early on in my WiFi journey, I kept hearing about Promiscuous Mode and Monitor Mode. I didn’t really know what they were so I wanted to get something down on here to help people understand the difference. The way I see it is:

Monitor Mode:

Listening (sniffing) packets (frames) that are ‘in the air’. A bit like walking around and overhearing peoples conversations. Your not connected to the AP in the same way that you’re not in an active conversation with someone.

Promiscuous Mode

Listening to packets after you’ve connected and authenticated to an AP. So you only hear the packets to and from a specific AP or device associated with the same AP.

For me, the important thing is that my MacBook Pro (since 10.4) has the ability to use monitor mode for packet captures but not all Wireless cards can. In Wireshark, you can enable monitor mode by finding this setting.

Promiscuous mode is there too if you don’t have access to monitor mode.

You need Monitor Mode to be able to access the following features:

• 802.11 Management and Control frames

• Retrieve physical layer information such as rates, signal strength and channel number

• Scanning multiple channels quickly

• Retrieve 802.11 headers, obtaining information like sequence numbers and Retry flags

If you want some extra detail on Monitor Mode and Wireshark check out this link. For Apple-specific details check this out.