Categories
Tech Tips

How to check if promiscuous mode is enabled on network interface in Linux

$ netstat -i

Look under the last column “Flg” for value “P”. If it’s there, it means promiscuous mode is enabled for that network interface. Is the flag really P and not M? Here’s a quick test. Check existing active flags:

[root@localhost ~]# netstat -i
Kernel Interface table
Iface       MTU Met    RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0       1500   0     2075      0      0      0     1366      0      0      0 BMRU
lo        16436   0     1985      0      0      0     1985      0      0      0 LRU

Turn multicast off on eth0:

[root@localhost ~]# ip link set eth0 multicast off

Notice that the ‘M’ flag is gone? So, M is for multicast:

[root@localhost ~]# netstat -i
Kernel Interface table
Iface       MTU Met    RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0       1500   0     2075      0      0      0     1369      0      0      0 BRU
lo        16436   0     1985      0      0      0     1985      0      0      0 LRU

Turn promiscuous mode on:

[root@localhost ~]# ip link set eth0 promisc on

Notice that the ‘P’ flag is now shown:

[root@localhost ~]# netstat -i
Kernel Interface table
Iface       MTU Met    RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0       1500   0     2075      0      0      0     1370      0      0      0 BPRU
lo        16436   0     1985      0      0      0     1985      0      0      0 LRU

UPDATE 20130531: This post wrongly indicated that the “M” flag indicates promiscuous mode. Sorry for the confusion. I got that from other incorrect sources as well. It seems quite many online sources got that wrong. Thanks to the helpful commenters for correcting this mistake.

9 replies on “How to check if promiscuous mode is enabled on network interface in Linux”

Hi All,
I want to disable promiscuous mode in IMAC ,could help on this .
i have done above mentioned command not happened ..

[mvutcovi@os2 ~]$ ip -d link show em1
2: em1: mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
link/ether 14:fe:b5:d5:51:9e brd ff:ff:ff:ff:ff:ff promiscuity 0 addrgenmode eui64 numtxqueues 8 numrxqueues 8 gso_max_size 65536 gso_max_segs 65535

“promiscuity 0” means that the interface is not in promiscuous mode

On debian at least :

ifconfig eth0.541 promisc

Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0 1500 0 203458118 0 0 0 631203897 0 0 0 BMRU
eth0.541 1500 0 566366707 0 0 0 78280176 0 0 0 BMPRU <====
eth0.542 1500 0 551973276 0 0 0 70974203 0 0 0 BMRU
eth0.543 1500 0 627248152 0 0 0 74440932 0 0 0 BMRU
eth0.544 1500 0 483996277 0 0 0 72101218 0 0 0 BMRU
eth0.545 1500 0 549361379 0 0 0 73274902 0 0 0 BMRU
eth0.546 1500 0 602936753 0 0 0 75004989 0 0 0 BMRU
eth0.547 1500 0 556488280 0 0 0 74670797 0 0 0 BMRU
lo 16436 0 12467112 0 0 0 12467112 0 0 0 LRU

B flag is for broadcast
M flag is for multicast
P flag is for promisc mode
R is for running
U is for up

This is on Ubuntu 12.04
Before setting promiscous mode
=============================
# ifconfig ethc7-0
ethc7-0 Link encap:Ethernet HWaddr 00:e0:ed:24:27:08
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

#netstat -i |grep ethc7-0
ethc7-0 1500 0 3629544935 0 0 5 42 0 0 0 BMRU

# ip link show |grep ethc7-0
6: ethc7-0: mtu 1500 qdisc mq master mb-ethc7-0 state UP mode DEFAULT qlen 1000

After setting promiscous mode
=============================

# ifconfig ethc7-0 promisc

# ifconfig ethc7-0
ethc7-0 Link encap:Ethernet HWaddr 00:e0:ed:24:27:08
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1

# netstat -i |grep ‘ethc7-0 ‘
ethc7-0 1500 0 3630312765 0 0 5 42 0 0 0 BMPRU

# ip link show |grep ethc7-0
6: ethc7-0: mtu 1500 qdisc mq master mb-ethc7-0 state UP mode DEFAULT qlen 1000

Leave a Reply

Your email address will not be published. Required fields are marked *