Hi all,

I checked my server using dmesg command and I found this message:
.
.
.
device eth0 entered promiscuous mode
device eth0 left promiscuous mode
device eth0 entered promiscuous mode
device eth0 left promiscuous mode
device eth0 entered promiscuous mode
device eth0 left promiscuous mode
device eth0 entered promiscuous mode
device eth0 left promiscuous mode
.
.
.

It is toggling all the time. It doesn't effect to network performance though. I tried to googled this problem and it was said that some sniffer program can caused this, such as tcpdump. But, I couldn't see any tcpdump running. I did using it before but not anymore.

Do you know how to find out which program that causing this eth0 toggling between entering and leaving promiscuous mode?

Thanks for your time and I'd appreciate your respond.

With kind regards,
Hardian
Jr. System Engineer

- make sure /var/log/messages is the log the messages arrive in, else choose other log,
- install latest Chkrootkit(.org), run chkrootkit to be on the safe side, find location of "ifpromisc" binary
then as root run:
It will die after the first hit and show a message "interface_name: PF_PACKET(/path/name)"
where "/path/name" is a binary who puts the interface in promisc mode.

I'm also plauged with this promisc mode on my eth0, I'll try the above mentioned. As I've ran chkrootkit scans and all come back negative, firewall is fine... device keeps going promisc, and I haven't used tcpdump on there :|