Link to home
Start Free TrialLog in
Avatar of Mark
Mark

asked on

What is promiscuous mode and why is eth1 entering it?

Slackware64 14.1, kernel 3.10.17

I had a problem with my eth1 getting "eth1: Reset adapter unexpectedly" messages. I supposedly fixed this with `ethtool -K eth1 tso off` (see https://www.experts-exchange.com/questions/28655340/Do-I-have-a-bad-NIC.html for more on that). However, now I am getting the following messages:
Apr 15 00:21:40 mail kernel: [383546.156569] device eth1 entered promiscuous mode
Apr 15 00:55:47 mail kernel: [385596.344128] device eth1 left promiscuous mode
Apr 15 13:21:55 mail kernel: [430436.382364] device eth1 entered promiscuous mode
Apr 15 13:26:27 mail kernel: [430709.031522] device eth1 left promiscuous mode
Apr 15 19:09:39 mail kernel: [451334.133223] device eth1 entered promiscuous mode
Apr 15 19:15:03 mail kernel: [451658.610595] device eth1 left promiscuous mode
Apr 15 19:15:10 mail kernel: [451665.564584] device eth1 entered promiscuous mode
Apr 15 19:17:08 mail kernel: [451783.851678] device eth1 left promiscuous mode
Apr 15 19:17:13 mail kernel: [451788.630887] device eth1 entered promiscuous mode
Apr 15 22:56:08 mail kernel: [464944.401261] device eth1 left promiscuous mode
Apr 16 00:53:38 mail kernel: [472006.574204] device eth1 entered promiscuous mode
Apr 16 00:54:22 mail kernel: [472049.842007] device eth1 left promiscuous mode

Open in new window

What is "promiscuous mode", why is eth1 entering and leaving it, and is this a bad thing?
ASKER CERTIFIED SOLUTION
Avatar of Steven Vona
Steven Vona
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Mark
Mark

ASKER

Typically the card enters promiscuous mode when a traffic sniffer (tcpdump, snort, etc...) is being used.
Ah ha! That's it! I've been doing tcpdumps on the ntp port to see which LAN clients are requesting ntp updates. Now that I look at the most recent entries, I see that the "promiscuous" logs do correspond with when I started tcpdump. In fact, I just killed and restarted the tcpdump and immediately got successive "left" and "entered" messages.

Thanks. I should have figure that one out myself!
Dont worry about being promiscuous mode putting any extra traffic into the box or allow you to see anything else on the network etc. as unless you are on a hub rather than switch you will only see your own traffic anyway unless the switch port is configured to allow.