Getting the most from ifconfig
The newer ip command does much the same thing, but you won’t find it on all varieties of Unix. Both commands will display a lot of settings and numbers associated with your network connection. Let’s look into what all those numbers and settings mean.
For starters, ifconfig stands for “interface configuration”. The command provides options for viewing as well as changing your network settings.
By itself (no options), the ifconfig command shows active network interfaces (you may have others). This is generally the primary network interface – usually eth0 – and the loopback address as shown in the example below.
So what about all of those settings and packet counts Which should you look at and what do they tell you Let’s run through them.
Encap – this one tells you about the encapsulation that is in use. The encap:Ethernet entry above just tells you that the interface is connected to an Ethernet and packetizes its communications for that standard.
HWaddr – the address that is associated with the physical network adaptor. The first portion (first three octets) can also be used to identify the manufacturer of your network adaptor. The value 78:2B:CB identifies the manufacturer of this network interface as Dell. You should be able to find a number of sites online to identify the manufacturer from this information. One such site is http://www.askapache.com/online-tools/mac-lookup/.
You may encounter bonded interfaces --- an arrangement that allows a system to increase network throughput by using more than one physical interface to send traffic. In the example below, notice how the same hardware address appears to be used for three separate interfaces. The bonded interface is called bond0. That kind of gives it away. It's not a separate physical interface, but a bonding of the eth0 and eth1 interfaces.
inet & inet6 – the IPv4 and IPv6 addresses. Yes, those IPv6 addresses are still somewhat intimidating for those of us who have spent the bulk of our careers with IPv4, but you’re likely to see more and more of them.
The status indicators – UP, BROADCAST, RUNNING, MULTICAST, MTU – tell you a range of things. Note that UP and RUNNING are not the same thing.
RX and TX – Receive and transmit packet counts. These will probably be in the same general ballpark and larger if your system has been running a lot time or does a lot of communicating with other systems. Web servers will likely have much larger TX than RX counts. The RX and TX counts are cumulative. The RX and TX counts for loopback interfaces will likely be quite small. Try pinging the system with the “ping localhost” command and both numbers will go up.
RX and TX bytes – These show you very similar data, but as bytes rather than packets, so the numbers are considerably larger.
The errors, dropped, overruns, frame, and carrier counts will generally all be zeroes. You may be having problems with your network interface if you see numbers bigger than 0 – malformed frames or CRC (cyclical redundancy check) errors that might indicate a problem with the interface or a network cable.
Collisions should be 0 or at least a small number. Collisions indicate that the network is has so much traffic that packets are interfering with each other.
The ifconfig’s –a option allows you see all network interfaces. You can also look at a specific network interface so that you focus on that without having to scan data for other interfaces.
You can also bring an interface up or shut it down with variations of the ifconfig command or some convenient shortcuts.
Bring the interface up:
Shut the interface down:
Assigning a different IP address, netmask, and broadcast address can be done piece by piece or all together in a single command such as this one:
If you use unusual subnet sizes, you can work out the number yourself or find a nice IP calculator like http://jodies.de/ipcalc to do the thinking for you. By providing a single IP address, the number of bytes in the netmask (e.g., 24 if your netmask is 255.255.255.0), you can get your netmask, network, broadcast, first and last host IPs, and subnet size all calculated for you. Then you can be extra comfortable before running a command like this one:
The 240 in this netmask represents the first four bits (128 + 64 + 32 + 16) in the address while the 15 in the broadcast represents the last four (8 + 4 + 2 + 1) indicating the break between the network and host portions of each IP address. Then again, these addresses depend on the particular subnet you’re working with. If the host you’re working with is 10.20.30.129, you’ll see a different broadcast address.
The netmasks you’re likely to see for subnets include these:
You can use ifconfig to set an interface to promiscuous mode with a command such as this:
Promiscuous mode means the network interface will be able to capture all traffic on the network segment rather than just traffic intended for it. In general, this isn’t a good idea as it enables sniffing, though there are probably times when that is just what you need to do.
Rather than just a command to report on assigned IP addresses, ifconfig can tell you how busy your network interface is, if it permits sniffing, if your network is so busy that packets are colliding, and whether the interface is running into errors.