Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Strange Promiscuous Mode Disabled…then Enabled...

    Scheduled Pinned Locked Moved
    General pfSense Questions
    3
    4
    8.3k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      ryansalazar
      last edited by

      Hello,

      We have PFSense 1.2. In the system diagnostics tab, I see the following. This appears to be random, but not sure. I see that promiscuous mode always disables first and then enables. By the way, I am not running any tools that would be causing this. We are connected via IPSec VPN to another location. That location is serving up DHCP to this location. I don't see why that would cause this? I just started seeing this popup lately (unless I didn't notice it before). Is this pfsense itself or definitely another machine requesting? If it is another machine, how would I identify it? I want to make sure that there isn't a compromised machine on the network. I'm trying to look for patterns, but not seeing any so far…

      Dec 29 23:56:16 kernel: pflog0: promiscuous mode enabled
      Dec 29 23:56:16 kernel: pflog0: promiscuous mode disabled

      Dec 29 22:37:21 kernel: pflog0: promiscuous mode enabled
      Dec 29 22:37:21 kernel: pflog0: promiscuous mode disabled

      I'm also seeing this fairly frequently...

      Dec 29 23:36:46 syslogd: kernel boot file is /boot/kernel/kernel
      Dec 29 23:36:46 syslogd: exiting on signal 15

      I see this link (But I'm not using tcpdump or any other utilities that should cause this)...
      http://doc.pfsense.org/index.php/What_are_%22promiscuous_mode_enabled%22_log_messages%3F

      I also just discovered something really interesting - When I click on "System" and then "General Setup"...I don't even need to make changes to anything. Then, I immediately click on "Status" and then "System Logs", every time it generates:

      Dec 30 02:23:56 kernel: pflog0: promiscuous mode enabled
      Dec 30 02:23:56 kernel: pflog0: promiscuous mode disabled

      Thanks!

      1 Reply Last reply Reply Quote 0
      • C
        cmb
        last edited by

        That's 1.2, not 1.2.3? Upgrade.

        Something is causing logging to be restarted, that's what causes both of those logs. Not sure what, but could be any number of 1.2 issues that have long since been fixed.

        1 Reply Last reply Reply Quote 0
        • S
          sot010174
          last edited by

          I've had the same issue. In my case this happens whenever I'm on the Traffic Graph (with rate package on wan) page. Closing the tool stops the messages. :)

          1 Reply Last reply Reply Quote 0
          • C
            cmb
            last edited by

            @sot010174:

            I've had the same issue. In my case this happens whenever I'm on the Traffic Graph (with rate package on wan) page. Closing the tool stops the messages. :)

            that's normal expected behavior with the rate package. rate in 2.0 has been patched to not go into promiscuous mode (doesn't need to in a firewall scenario) so you don't see that there.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post