(Disclaimer: May contain errors. Please fix if you know the networking stuff better.)
Promiscuous mode doesn't imply monitor mode, it's the opposite:
"Promiscuous mode" on both WiFi and Ethernet means having the card accept packets on the current network, even if they're sent to a different MAC address.
"Monitor mode" is WiFi-specific and means having the card accept packets for any network, without having to be associated to it.
Note that both modes only tell the card to accept packets – they don't tell the upstream network to send packets in your direction. Ethernet switches normally won't send packets through your port (or your WiFi AP's port) if they know that the recipient is actually connected to another port.
Finally, every network sniffer out there – including Wireshark – will enable promiscuous mode automatically. Monitor mode, however, needs to be enabled manually as it's often driver-specific, and yes, many cards don't support this mode. (I've had good luck with Atheros ath9k series.)
The airmon-ng script from aircrack-ng tries to detect the current driver, but for a start you can try:
iw <device> interface add mon0 type monitor
(where <device> is either the network interface like wlan0 or the physical device like phy0) to create a separate monitor-mode interface. Note that if you remain associated to an AP on wlan0, then you'll only see packets on the same frequency/channel even in monitor mode.
That's my question. Why should I put my interface in monitor mode if I just want it in promiscuous mode? The problem is that I run Wireshark in promiscuous mode and I only recieve broadcast and multicast packets from the other WLAN computers. – whitenoisedb – 2014-07-19T19:06:20.090
@redraw: Re-read what I wrote, please. Nobody said that you should put the interface in monitor mode. Monitor mode won't help: it deals with packets you receive that belong to other SSIDs; it won't do anything if the AP doesn't send you the packets in the first place. – user1686 – 2014-07-19T20:39:43.197
Sorry and thanks for answering. So, what should I do to recieve the packets from my WLAN? Meaning that I don't need to put my interface in monitor mode. When trying promiscuous mode in Wireshark I can only see broadcast packets. – whitenoisedb – 2014-07-19T21:34:06.260
1I could sniff packets using ettercap with ARP poisoning and MITM: I recieved the packets from the victim and fowarded them to the router. So, why promiscuous mode wouldn't see those packets just listening on my wifi network area (without arp spoofing/mitm)? – whitenoisedb – 2014-07-20T02:53:41.763
Because they're not even sent in your general direction; the AP/switch/router knows that they should be sent through another port (e.g. not via WiFi but through Ethernet port #2). Kind of the whole reason ettercap exists. – user1686 – 2014-07-20T03:19:18.407
1All PCs are connected via WiFi to the wireless router! When doing MITM I was recieving them actually, but I think should be able to see them only by setting my interface in promiscuous mode, right? – whitenoisedb – 2014-07-20T03:30:19.850
Then perhaps the wireless card's driver, or the card itself, ignores the promiscuous setting. See http://wiki.wireshark.org/Wi-Fi and http://wiki.wireshark.org/CaptureSetup/WLAN for what Wireshark has to say about it.
– user1686 – 2014-07-20T04:11:53.597Thanks, but my final question is, if my promiscuous mode setting worked well, I wouldn't need to make a MITM attack, right? – whitenoisedb – 2014-07-20T04:23:36.963
1@redraw MITM with Ettercap worked on my WPA2 protected network compared to promiscuous mode with Wireshark where I did not receive others traffic (not even encrypted with the need of Wireshark decryption wpa-pwd). Like you, I think we should see others traffic in promiscuous mode on the same WiFi network without MITM attack. From my experience, I know that my laptop card is compatible with monitor mode (don't know for promiscuous mode) because I was able to sniff HTTP requests of an open Wifi network without being connected. – baptx – 2015-01-18T00:25:35.800
@baptx, yeah, I'm still confused about it. My only guess is that some cards doesn't support this feature. – whitenoisedb – 2015-01-20T00:33:13.753