Prerequisites for learning about ifconfig...

If you don't know what I mean when I say "run ifconfig from the command line", this guide might not be for you...

However, to learn a little bit about command line basics, check out this great introductory tutorial:

Introduction to the Mac OS X Command Line

This information below is presented in an ipython notebook so you can run some of this code on your own computer. To find out what an ipython notebook is and how to install it, check out these links:

What is an ipython notebook?

How do I install it?

If you have ipython notebook installed, you can now download this notebook and run the examples on your computer.

...and now that you are an expert from the command line...

What does the ifconfig tool tell me about my network interfaces?

ifconfig is a program used by unix-like operating systems (including Mac OSX) to configure network interfaces on a system.

This ipython notebook is an exploration of ifconfig's output with executable examples.

When I run ifconfig from the terminal using Mac OS X (Yosemite) I get this output:

lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
    options=3<RXCSUM,TXCSUM>
    inet6 ::1 prefixlen 128 
    inet 127.0.0.1 netmask 0xff000000 
    inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1 
    nd6 options=1<PERFORMNUD>
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
    options=10b<RXCSUM,TXCSUM,VLAN_HWTAGGING,AV>
    ether 3c:07:54:4e:0f:f8 
    nd6 options=1<PERFORMNUD>
    media: autoselect (none)
    status: inactive
en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
    ether 68:a8:6d:24:58:cc 
    inet6 fe80::6aa8:6dff:fe24:58cc%en1 prefixlen 64 scopeid 0x5 
    inet 10.0.1.3 netmask 0xffffff00 broadcast 10.0.1.255
    nd6 options=1<PERFORMNUD>
    media: autoselect
    status: active
fw0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 4078
    lladdr a4:b1:97:ff:fe:8c:ac:5a 
    nd6 options=1<PERFORMNUD>
    media: autoselect <full-duplex>
    status: inactive
en2: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
    options=60<TSO4,TSO6>
    ether d2:00:18:ca:c5:a0 
    media: autoselect <full-duplex>
    status: inactive
p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304
    ether 0a:a8:6d:24:58:cc 
    media: autoselect
    status: inactive
bridge0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
    options=63<RXCSUM,TXCSUM,TSO4,TSO6>
    ether 3e:07:54:e4:08:00 
    Configuration:
        id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0
        maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200
        root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0
        ipfilter disabled flags 0x2
    member: en2 flags=3<LEARNING,DISCOVER>
            ifmaxaddr 0 port 7 priority 0 path cost 0
    nd6 options=1<PERFORMNUD>
    media: <unknown type>
    status: inactive

What does all that output mean? What are the'lo0' and 'gif0'devices? What...Huh?

If you have downloaded this ipython notebook locally, run the next cell to see your own system's network interface configuration.

The %%bash header in an ipython notebook tells the notebook to run code using a bash shell.

Anytime in this report that you see the %%bash header in a cell, run that baby!

To run a cell in an ipython notebook, press [CTRL+return]

In [1]:
%%bash
ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
	options=3<RXCSUM,TXCSUM>
	inet6 ::1 prefixlen 128 
	inet 127.0.0.1 netmask 0xff000000 
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1 
	nd6 options=1<PERFORMNUD>
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	options=10b<RXCSUM,TXCSUM,VLAN_HWTAGGING,AV>
	ether 3c:07:54:4e:0f:f8 
	nd6 options=1<PERFORMNUD>
	media: autoselect (none)
	status: inactive
fw0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 4078
	lladdr a4:b1:97:ff:fe:8c:ac:5a 
	nd6 options=1<PERFORMNUD>
	media: autoselect <full-duplex>
	status: inactive
en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	ether 68:a8:6d:24:58:cc 
	inet6 fe80::6aa8:6dff:fe24:58cc%en1 prefixlen 64 scopeid 0x6 
	inet 10.0.1.3 netmask 0xffffff00 broadcast 10.0.1.255
	nd6 options=1<PERFORMNUD>
	media: autoselect
	status: active
en2: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
	options=60<TSO4,TSO6>
	ether d2:00:18:ca:c5:a0 
	media: autoselect <full-duplex>
	status: inactive
p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304
	ether 0a:a8:6d:24:58:cc 
	media: autoselect
	status: inactive
bridge0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	options=63<RXCSUM,TXCSUM,TSO4,TSO6>
	ether 3e:07:54:e4:08:00 
	Configuration:
		id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0
		maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200
		root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0
		ipfilter disabled flags 0x2
	member: en2 flags=3<LEARNING,DISCOVER>
	        ifmaxaddr 0 port 7 priority 0 path cost 0
	nd6 options=1<PERFORMNUD>
	media: <unknown type>
	status: inactive
In [8]:
from IPython.display import Image
Image('http://itwebtrap.com/wp-content/uploads/2014/09/hardware1-300x285.jpeg')
Out[8]:

In order to see which of these devices are hardware and which are software, I took a look at networksetup...

(networksetup is a command line tool for configuring network settings in system preferences on a Mac.)

In [2]:
%%bash
networksetup -listallhardwareports
Hardware Port: Bluetooth DUN
Device: Bluetooth-Modem
Ethernet Address: N/A

Hardware Port: Ethernet
Device: en0
Ethernet Address: 3c:07:54:4e:0f:f8

Hardware Port: FireWire
Device: fw0
Ethernet Address: a4:b1:97:ff:fe:8c:ac:5a

Hardware Port: Wi-Fi
Device: en1
Ethernet Address: 68:a8:6d:24:58:cc

Hardware Port: Bluetooth PAN
Device: en3
Ethernet Address: 68:a8:6d:24:58:cd

Hardware Port: Thunderbolt 1
Device: en2
Ethernet Address: d2:00:18:ca:c5:a0

Hardware Port: Thunderbolt Bridge
Device: bridge0
Ethernet Address: N/A

VLAN Configurations
===================

Here is the output that I get when I run networksetup -listallhardwareports.

Hardware Port: Bluetooth DUN
Device: Bluetooth-Modem
Ethernet Address: N/A

Hardware Port: Ethernet
Device: en0
Ethernet Address: 3c:07:54:4e:0f:f8

Hardware Port: FireWire
Device: fw0
Ethernet Address: a4:b1:97:ff:fe:8c:ac:5a

Hardware Port: Wi-Fi
Device: en1
Ethernet Address: 68:a8:6d:24:58:cc

Hardware Port: Bluetooth PAN
Device: en3
Ethernet Address: 68:a8:6d:24:58:cd

Hardware Port: Thunderbolt 1
Device: en2
Ethernet Address: d2:00:18:ca:c5:a0

Hardware Port: Thunderbolt Bridge
Device: bridge0
Ethernet Address: N/A

VLAN Configurations
===================

So my hardware devices from ifconfig are the following:

en0: Ethernet Network Interface Controller
fw0: Firewire
en1: Wi-Fi Network Interface Controller (Airport)
en2: Thunderbolt 1
bridge0: Thunderbolt Bridge

Which means that the software devices from ifconfig are:

lo0: loopback interface
gif0: generic tunnel interface
stf0: six-to-four interface 
p2p0: point-to-point interface (Airdrop)

Let's look at each of the software interfaces in a little more detail:

  • lo0: The loopback interface is used to route packets back to itself without ever interacting with a NIC (network interface controller). In this way, the loopback interface can test both transmission and receiving capabilities of the network setup, and act as a "virtual network interface through which network applications can communicate when executing on the same machine. Any traffic that a computer program sends to a loopback IP address is simply and immediately passed back up the network software stack as if it had been received from another device." [1] Notice that the inet 127.0.0.1 netmask 0xff000000 line from the loopback device shows the IPv4 address usually associated with the 'localhost'.

  • gif0: The generic tunneling interface (pseudo-device) is used to tunnel traffic in four different configurations. (IP[46] over IP[46])

  • stf0: This is a six-to-four tunneling interface (pseudo-device), which means that it can tunnel IPv6 packets in IPv4 encapsulation.

  • p2p0: This is a point-to-point (or peer-to-peer) interface. It creates one connection between two devices, as opposed to a protocol like a broadcast, where one device might communicate a message to several other devices. The Airdrop service allows two Mac users to exchange files over bluetooth when in close proximity to each other.

  • bridge0: The Thunderbolt Bridge allows you to connect Macs together to transfer files and data back and forth directly using a Thunderbolt cable, without the need for using traditional file sharing methods like AFP, AirDrop, or wi-fi and ethernet networking.[4]

A couple of definitions:

  • IPv4 or IPv6: These are Internet Protocol Version 4 and 6. The new IPv6 uses 128-bit addresses compared with the 32-bit addresses of IPv4. From Wikipedia "On the Internet, data is transmitted in the form of network packets. IPv6 specifies a new packet format, designed to minimize packet header processing by routers.[1][9] Because the headers of IPv4 packets and IPv6 packets are significantly different, the two protocols are not interoperable. However, in most respects, IPv6 is an extension of IPv4." [1]

  • Generic Tunneling Interface: Firstly, "Tunnels are a mechanism used to send unsupported protocols across diverse networks." [2] In general, a tunnel can package up protocols and send or receive them, even if the protocols are not natively supported by the network. The generic tunneling interface mentioned above allows you to send IPv6 packets over IPv4, or vice-versa. It is considered generic because it can be configured in four different ways.

In [15]:
Image("http://www.nzmarine.com/media/directorylogos/MTU-logo.png")
Out[15]:

I noticed that the letters 'mtu' appear in every first line of ifconfig's output, so let's grep the output for 'mtu' and compare the devices.

grep is a command line utility which helps you search through text and match results. In our case, we are interested in the lines which contain the word 'mtu', so we use grep to filter the results.

In [10]:
%%bash
ifconfig | grep mtu
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
fw0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 4078
en2: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304
bridge0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
fw0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 4078
en2: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304
bridge0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500

'MTU' stands for maximum transmission units, which is the largest size packet (in bytes) that can be sent (or passed onwards by a layer) in a packet or frame-based network. The Internet's Transmission Control Protocol (TCP) uses the MTU to determine themaximum size of each packet in any transmission. (Definition from here)

Maybe a definition?

  • Frame-based Network: Frames are basically a way of organizing the data and packets that are being sent in a network. A frame is "the unit of transmission in a link layer protocol, and consists of a link layer header followed by a packet. [1] Essentially, frames organize the information being sent and received into manageable chunks for the network to handle.

Examining all of our different settings for mtu's gives us some clues as to the nature of the interfaces:

  • Several of the devices have mtu set at 1500. The standard mtu for ethernet is 1500 bytes.
  • The loopback can transmit big packets because it doesn't interact with any NIC (network interface controller) or have any interaction with ethernet.
  • The two tunneling interfaces are set to the same number, 1280... why?
  • Firewire and the Airdrop can both accomodate slightly larger packets.

Taking a closer look at each line...

en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500

...reveals some flags set for the device which tell you how the device is configured and the services it supports.

Let's look at the flags themselves:

  • UP - The interface is activated, ready to send or receive packets, and is accessible to the IP layer.
  • LOOPBACK - The device is a loopback device. See above for definition of loopback.
  • RUNNING - Resources have been allocated to the interface to allow it to send/receive packets. Drivers have been loaded.
  • MULTICAST - "A valid multicast address has been assigned to this interface. Listening on a multicast address is analogous to listening to a particular band of the radio dial. The packet is not addressed to a particular interface, instead, it is addressed to all interfaces listening on that multicast address." [2]
  • POINTOPOINT - The device is a point-to-point device.
  • SMART - This flag has now been deprecated and should be avoided.
  • SIMPLEX - The interface is configured for simplex operation. "In simplex operation, a network cable or communications channel can only send information in one direction; it's a “one-way street”. This may seem counter-intuitive: what's the point of communications that only travel in one direction? In fact, there are at least two different places where simplex operation is encountered in modern networking. The first is when two distinct channels are used for communication: one transmits from A to B and the other from B to A. This is surprisingly common, even though not always obvious. For example, most if not all fiber optic communication is simplex, using one strand to send data in each direction. But this may not be obvious if the pair of fiber strands are combined into one cable." [3]
  • BROADCAST - This interface has a vaild broadcast address set up. This is useful for a subnet where all nodes can see all traffic.
  • PROMISC - This stands for Promiscuous mode which receives and passes all packets through regardless of MAC address. In my case, the thunderbolt interface is set to promiscuous mode.
In [16]:
Image('http://mnmortgageman.com/wp-content/uploads/2014/02/Options.jpg')
Out[16]:

Now let's take a look at the options available for each interface:

In [11]:
%%bash
ifconfig | grep options
	options=3<RXCSUM,TXCSUM>
	nd6 options=1<PERFORMNUD>
	options=10b<RXCSUM,TXCSUM,VLAN_HWTAGGING,AV>
	nd6 options=1<PERFORMNUD>
	nd6 options=1<PERFORMNUD>
	nd6 options=1<PERFORMNUD>
	options=60<TSO4,TSO6>
	options=63<RXCSUM,TXCSUM,TSO4,TSO6>
	nd6 options=1<PERFORMNUD>
    options=3<RXCSUM,TXCSUM>
    nd6 options=1<PERFORMNUD>
    options=10b<RXCSUM,TXCSUM,VLAN_HWTAGGING,AV>
    nd6 options=1<PERFORMNUD>
    nd6 options=1<PERFORMNUD>
    nd6 options=1<PERFORMNUD>
    options=60<TSO4,TSO6>
    options=63<RXCSUM,TXCSUM,TSO4,TSO6>
    nd6 options=1<PERFORMNUD>

We see two different types of options: "options" and "nd6 options":

Options:

  • RXCSUM - A checksum is used to verify data and detect errors that may have been introduced into data from transmission or storage. Some drivers and interfaces can assume the checksum duties. RXCKSUM is an offloading of checksum duties on the receiving end
  • TXCSUM - The same as above, but for transmitting instead or recieving.
  • VLAN_HWTAGGING - (from the man pages) If the driver offers user-configurable VLAN support, enable reception of extended frames or tag processing in hardware, respectively. Note that this must be issued on a physical interface associated with vlan(4), not on a vlan(4) interface itself.
  • AV - If supported by the driver, enable 802.1 AVB on the interface. AVB stands for Audio Video Bridging and is a standard to allow for precise synchronization of audio and video.
  • TSO4 - TSO stands for TCP Segmentation Offloading, which basically allows the NIC to unburden the host computer's CPU by performing some of the segmentation necessary to push packets through the TCP/IP protocol. TSO4 here simply refers to the segmentation of IPv4 packets.
  • TSO6 - This is the same as TSO4, but used for IPv6 packets.

nd6 Options:

  • PERFORMNUD - nd6 is the neighbor discovery protocol used to find nodes, auto configure link layer addresses, and perform tests such as NUD, which stands for Network Unreachability Detection. It is a part of neighbor detection which determines that a neighbor is no longer reachable on the link.

Whew....Let's examine the remainder of the configuration on my Wi-Fi (en1) interface:

In [12]:
%%bash
ifconfig en1
en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	ether 68:a8:6d:24:58:cc 
	inet6 fe80::6aa8:6dff:fe24:58cc%en1 prefixlen 64 scopeid 0x5 
	inet 172.16.231.115 netmask 0xfffff800 broadcast 172.16.231.255
	nd6 options=1<PERFORMNUD>
	media: autoselect
	status: active
en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
    ether 68:a8:6d:24:58:cc 
    inet6 fe80::6aa8:6dff:fe24:58cc%en1 prefixlen 64 scopeid 0x5 
    inet 10.0.1.3 netmask 0xffffff00 broadcast 10.0.1.255
    nd6 options=1<PERFORMNUD>
    media: autoselect
    status: active

Here's what's left:

  • ether 68:a8:6d:24:58:cc - This is the MAC address for the Wi-Fi interface. The ether parameter is another name for lladdr or 'link local address'.
  • inet6 fe80::6aa8:6dff:fe24:58cc%en1 prefixlen 64 scopeid 0x5 - This is the IPv6 address configured for this interface. prefixlen 64 means 64 bits are reserved for subdividing networks into sub-networks. The scopeid 0x5 part of this (from Wikipedia) means "Link-local and site-local multicast scopes span the same topological regions as the corresponding unicast scopes." Yeah, I am gonna need to investigate that one further.
  • inet 10.0.1.3 netmask 0xffffff00 broadcast 10.0.1.255 - This is the IPv4 address including a netmask and a broadcast address.
  • media: autoselect - Some interfaces allow a manual configuration of a media type such as a 10baseT/UTP setting, which would indicate a twisted pair. Autoselect chooses the best fit automatically for the media used.
  • status: active - This interface is currently up, running and activated.

References: