User profile for user: jahgov
jahgov Author
User level: Level 1
1 points

en1 interface in promiscuous mode

I enabled verbose boot mode on my 2013 MBA and noticed the word "promiscuous" fly by. I've done nothing to enable promiscuous mode, and I'm almost certain that it is free of spyware/rootkits/etc.


Going to About this Mac -> System Report -> Network does not list any interface with a BSD name of 'en1'. My guess is that this is 'by design', but I am curious about the design decision.


Snip of 'ifconfig' below.


lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384

options=3<RXCSUM,TXCSUM>

inet6 ::1 prefixlen 128

inet 127.0.0.1 netmask 0xff000000

inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1

nd6 options=1<PERFORMNUD>

gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280

stf0: flags=0<> mtu 1280

en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500

ether AA:BB:CC:DD:EE:FF

inet6 fe80::8638:35ff:fe4e:71b8%en0 prefixlen 64 scopeid 0x4

inet x.x.x.x netmask 0xffffff00 broadcast 192.168.1.255

nd6 options=1<PERFORMNUD>

media: autoselect

status: active

en1: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500

options=60<TSO4,TSO6>

ether 32:00:1a:bf:a0:00

media: autoselect <full-duplex>

status: inactive


Only hint in system.log ->

Aug 31 20:46:51 computer kernel[0]: en1: promiscuous mode enable succeeded

MacBook Air

Posted on Sep 6, 2014 1:58 PM

Reply
5 replies
User profile for user: jahgov
jahgov Author
User level: Level 1
1 points

Sep 6, 2014 2:43 PM in response to John Galt

Thank you.


I should've had a little more detail with my original post:

I know what promiscuous mode does but I'd like to understand why it is required @ boot for en1, or which process is forcing en1 (unidentified and unused interface) into this mode.


Nothing major - it just seems "odd" to have an interface in monitor/promiscuous mode for no reason at all. I'm not running Wireshark, KisMac, etc...

Reply
User profile for user: John Galt
John Galt
User level: Level 10
155,294 points

Sep 6, 2014 2:52 PM in response to jahgov

Apple isn't going to provide specific reasons, but I surmise it is related to the Mac's relentless and continual search for network connections using any available interface. To establish a network connection it first has to listen for all network activity, filtering nothing. That's what promiscuous mode does.


It may also be required for Bonjour networking, Back To My Mac, AirPort Base Stations, and other services they aren't talking about. In any event it's something I see periodically on all Macs and I'm reasonably certain they're all as secure as it gets.

Reply
User profile for user: jahgov
jahgov Author
User level: Level 1
1 points

Sep 6, 2014 3:15 PM in response to John Galt

Ah ha.

Output of ''network setup -listallhardwareports'' tells the tale ... Thunderbolt port.



Hardware Port: Bluetooth DUN

Device: Bluetooth-Modem

Ethernet Address: N/A


Hardware Port: Wi-Fi

Device: en0

Ethernet Address: 84:38:35:4e:71:b8


Hardware Port: Bluetooth PAN

Device: en2

Ethernet Address: 84:38:35:4e:71:b9


Hardware Port: Thunderbolt 1

Device: en1

Ethernet Address: 32:00:1a:bf:a0:00


Hardware Port: Thunderbolt Bridge

Device: bridge0

Ethernet Address: N/A

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

en1 interface in promiscuous mode

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up