Re: What's This Log Entry Mean?
- From: Lew Pitcher <lpitcher@xxxxxxxxxxxx>
- Date: Sun, 29 Jan 2006 22:52:15 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dan N wrote:
> I'm seeing the following entry in /log/messages every day at about 6:30.
> Can someone tell me what it means? It's a debian sarge system, mail is
> postfix.
>
>
> Jan 30 06:30:16 mail kernel: device eth0 left promiscuous mode
Normally, ethernet devices only listen for traffic addressed to their own
ethernet address. However, it sometimes becomes necessary to ask the ethernet
device to listen to all the traffic on the network, for diagnostic or
configuration purposes. This abnormal state is called "promiscuous mode".
The first line here says that the system is removing the "promiscuous mode"
listening from eth0, presumably as a result of a timed request to the process
that is listening to the network traffic.
> Jan 30 06:30:16 mail kernel: eth0: Setting promiscuous mode.
This line says that the kernel is re-instituting "promiscuous mode" on eth0.
> Jan 30 06:30:16 mail kernel: device eth0 entered promiscuous mode
This line says that "promiscuous mode" has been instituted on eth0.
So, some process is again listening to /all/ the network traffic, not just to
traffic directed at eth0's NIC.
> Jan 30 06:30:25 mail syslogd 1.4.1#17: restart.
Your system log daemon has been restarted. Presumably, this is in response to
a scheduled event, likely one that rotates system logs.
As far as I can tell, all the above log lines are 'normal' and do not, on
their own, signify that there is any problem. However, the fact that eth0 is
being held in promiscuous mode continuiously /may/ be suspicious; it may be as
a result of your configuration, or it may be a network sniffer collecting (and
presumably analysing/recording) traffic on your LAN. You might want to
investigate this further.
- --
Lew Pitcher
Master Codewright & JOAT-in-training | GPG public key available on request
Registered Linux User #112576 (http://counter.li.org/)
Slackware - Because I know what I'm doing.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.7 (GNU/Linux)
iD8DBQFD3Y1uagVFX4UWr64RAqIAAKC+s9X1K6ed9OUQwNFIUmCUuJ6fLACguOJM
qwydvQq1UUmFvmFQlmtWgoU=
=WAaK
-----END PGP SIGNATURE-----
.
- Follow-Ups:
- Re: What's This Log Entry Mean?
- From: Dan N
- Re: What's This Log Entry Mean?
- References:
- What's This Log Entry Mean?
- From: Dan N
- What's This Log Entry Mean?
- Prev by Date: Wireless Samba networking - newbie
- Next by Date: Re: What's This Log Entry Mean?
- Previous by thread: What's This Log Entry Mean?
- Next by thread: Re: What's This Log Entry Mean?
- Index(es):
