What's new
  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

promiscuous mode?

Super Bee

Occasional Visitor
Noticed this in the on my RT-N66U router log. Is this anything to be concerned about? :confused:


Dec 5 16:23:15 unknown user.info kernel: device vlan1 left promiscuous mode
Dec 5 16:23:15 unknown user.info kernel: br0: port 1(vlan1) entering disabled state
Dec 5 16:23:15 unknown user.info kernel: device eth1 left promiscuous mode
Dec 5 16:23:15 unknown user.info kernel: br0: port 2(eth1) entering disabled state
Dec 5 16:23:15 unknown user.info kernel: device eth2 left promiscuous mode
Dec 5 16:23:15 unknown user.info kernel: br0: port 3(eth2) entering disabled state
Dec 5 16:23:16 unknown user.notice kernel: klogd: exiting
Dec 5 16:23:16 unknown syslog.info syslogd exiting
Dec 5 16:23:16 unknown syslog.info syslogd started: BusyBox v1.21.1
Dec 5 16:23:16 unknown user.notice kernel: klogd started: BusyBox v1.21.1 (2013-11-19 20:39:02 CET)
Dec 5 16:23:16 unknown user.err syslog: module usbcore not found in modules.dep
Dec 5 16:23:16 unknown user.debug kernel: vlan1: add 33:33:00:00:00:01 mcast address to master interface
Dec 5 16:23:16 unknown user.debug kernel: vlan1: add 01:00:5e:00:00:01 mcast address to master interface
Dec 5 16:23:16 unknown user.info kernel: device eth1 entered promiscuous mode
Dec 5 16:23:16 unknown user.info kernel: device eth2 entered promiscuous mode​
 
No, this is normal.
 
Happens to all routers as they get older and start testing their boundaries and trying to find themselves ...

Sorry, couldn't resist!


Sent from my iPhone using Tapatalk
 
Why is it normal for devices to enter promiscuous mode?

From what I understand, this is required since the interfaces (LAN, 2.4 and 5 GHz) are bridged together under br0.

I also saw a recent DD-WRT commit where, after testing out with promiscuous mode disabled for a while, Brainslayer re-enabled it, as otherwise some packets would fail to get forwarded between the interfaces on the bridge.

This is different from having, for example, a single computer's NIC in promisc mode, which is usually only needed when doing traffic sniffing.
 
Good to know.

I was concerned over the previous mention from the log about a possible DNS-rebind attack.

So what is promiscuous mode?

Thanks.

promiscuous mode means that a given network interface will accept all frames it gets sent, not just those it was specifically expecting to see.
 
So it's not some outside source that is doing the sniffing? Reading the log, it seemed to me that something using BusyBox was capturing all of the outgoing packets. Guess I shouldn't read too much into the router's log! :o
 
You'll notice it normally only does it when the radio goes up/down or makes a config change. As per Merlins' note, its primarily so it receives input over that virtual bridge from the kernel itself before it moves into 'operational' mode.
 
So it's not some outside source that is doing the sniffing? Reading the log, it seemed to me that something using BusyBox was capturing all of the outgoing packets. Guess I shouldn't read too much into the router's log! :o

The log entries are unrelated. The entry related to Busybox merely reports the fact that Busybox's log daemon has been started. Busybox is a multipurpose binary that allows to combine a lot of basic Linux functionalities into one single binary, to save on space in embedded devices.
 

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Back
Top