$ netstat -i
Look under the last column “Flg” for value “P”. If it’s there, it means promiscuous mode is enabled for that network interface. Is the flag really P and not M? Here’s a quick test. Check existing active flags:
[root@localhost ~]# netstat -i Kernel Interface table
Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0 1500 0 2075 0 0 0 1366 0 0 0 BMRU
lo 16436 0 1985 0 0 0 1985 0 0 0 LRU
Turn multicast off on eth0:
[root@localhost ~]# ip link set eth0 multicast off
Notice that the ‘M’ flag is gone? So, M is for multicast:
[root@localhost ~]# netstat -i Kernel Interface table
Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0 1500 0 2075 0 0 0 1369 0 0 0 BRU
lo 16436 0 1985 0 0 0 1985 0 0 0 LRU
Turn promiscuous mode on:
[root@localhost ~]# ip link set eth0 promisc on
Notice that the ‘P’ flag is now shown:
[root@localhost ~]# netstat -i Kernel Interface table
Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0 1500 0 2075 0 0 0 1370 0 0 0 BPRU
lo 16436 0 1985 0 0 0 1985 0 0 0 LRU
UPDATE 20130531: This post wrongly indicated that the “M” flag indicates promiscuous mode. Sorry for the confusion. I got that from other incorrect sources as well. It seems quite many online sources got that wrong. Thanks to the helpful commenters for correcting this mistake.