[OLUG] Promiscuous eth0

Vincent vraffensberger at home.com
Sat Apr 15 19:33:18 UTC 2000 

Mark Lichtenberg wrote:
> 
> Hi. I was digging around in my syslogs today trying to diagnose a
> network problem, and found that my ethernet card was entering
> promiscuous mode, and then leaving it immediately.
> 
> Apr 15 12:20:54 dizzy kernel: eth0: Setting promiscuous mode.
> Apr 15 12:20:54 dizzy kernel: device eth0 entered promiscuous mode
> Apr 15 12:22:50 dizzy kernel: eth0: Setting promiscuous mode.
> Apr 15 12:22:50 dizzy kernel: device eth0 left promiscuous mode
> Apr 15 12:22:57 dizzy kernel: eth0: Setting promiscuous mode.
> Apr 15 12:22:57 dizzy kernel: device eth0 entered promiscuous mode
> Apr 15 12:23:55 dizzy kernel: eth0: Setting promiscuous mode.
> Apr 15 12:23:55 dizzy kernel: device eth0 left promiscuous mode
> Apr 15 12:24:17 dizzy kernel: eth0: Setting promiscuous mode.
> Apr 15 12:24:17 dizzy kernel: device eth0 entered promiscuous mode
> Apr 15 12:24:53 dizzy kernel: eth0: Setting promiscuous mode.
> Apr 15 12:24:53 dizzy kernel: device eth0 left promiscuous mode
> 
> Why would it be flipping on and off like this? Is this just a nuance of
> ethernet? Thanks.
> 
> Mark Lichtenberg
> 
> -------------------------------------------------------------------------

Promiscuous mode is usually initiated by a network sniffer of some sort.  Like
Ethereal or dsniff.  You may want to check your running processes and verify
you're not running something like that or even a trojaned version or something
normal.  If I saw that in my logs, I would be concerned.

You can see promiscuous mode by running /sbin/ifconfig -a

normal:
look-->   UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:7153852 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6107958 errors:0 dropped:0 overruns:0 carrier:14

Promiscuous:
look-->   UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:7153858 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6107962 errors:0 dropped:0 overruns:0 carrier:14

-------------------------------------------------------------------------
Sent by OLUG Mailing list Manager, run by ezmlm.  http://olug.bstc.net/ 
To unsubscribe: `echo unsubsribe | mail olug-unsubscribe at bstc.net`

More information about the OLUG mailing list