network>ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
options=1203<RXCSUM,TXCSUM,TXSTATUS,SW_TIMESTAMP>
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 xxx prefixlen 64 scopeid 0x1
nd6 options=201<PERFORMNUD,DAD>
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
EHC29: flags=0<> mtu 0
EHC26: flags=0<> mtu 0
XHC20: flags=0<> mtu 0
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=10b<RXCSUM,TXCSUM,VLAN_HWTAGGING,AV>
ether xxx
nd6 options=201<PERFORMNUD,DAD>
media: autoselect (none)
status: inactive
en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether xxx
inet6 xxx prefixlen 64 secured scopeid 0x8
inet xxx netmask 0xffffff00 broadcast 192.168.2.255
nd6 options=201<PERFORMNUD,DAD>
media: autoselect
status: active
en2: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
options=60<TSO4,TSO6>
ether xxx
media: autoselect <full-duplex>
status: inactive
fw0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 4078
lladdr xxx
nd6 options=201<PERFORMNUD,DAD>
media: autoselect <full-duplex>
status: inactive
p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304
ether xxx
media: autoselect
status: inactive
awdl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1484
ether xxx
inet6 xxx%awdl0 prefixlen 64 scopeid 0xc
nd6 options=201<PERFORMNUD,DAD>
media: autoselect
status: active
bridge0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=63<RXCSUM,TXCSUM,TSO4,TSO6>
ether xxx
Configuration:
id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0
maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200
root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0
ipfilter disabled flags 0x2
member: en2 flags=3<LEARNING,DISCOVER>
ifmaxaddr 0 port 9 priority 0 path cost 0
nd6 options=201<PERFORMNUD,DAD>
media: <unknown type>
status: inactive
utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 2000
inet6 xxx%utun0 prefixlen 64 scopeid 0xe
nd6 options=201<PERFORMNUD,DAD>
network>
The following are the explanations about these interfaces:
lo0 is the loopback device, which is used for entirely internal communication such as between two applications running on localhost.
gif0 The gif interface is a generic tunnelling device for IPv4 and IPv6. It can tunnel IPv[46] traffic over IPv[46]. Therefore, there can be four possible configurations. The behavior of gif is mainly based on RFC2893 IPv6-over-IPv4 configured tunnel. It is the mac os X default interface, not a security concern.
stf0 is SixToFour interface. 6to4 is an Internet transition mechanism for migrating from Internet Protocol version 4 (IPv4) to version 6 (IPv6), a system that allows IPv6 packets to be transmitted over an IPv4 network (generally the IPv4 Internet) without the need to configure explicit tunnels. Special relay servers are also in place that allow 6to4 networks to communicate with native IPv6 networks. It is a default interface, not a security concern.
EHC29
EHC26
XHC20
With macOS High Sierra you can use Wireshark to capture USB traffic. The interface needs to be manually brought up/down to enable/disable packet capture for the specific controller via ifconfig. The capture interfaces are named based on the underlying controller type followed by the bus number:
$ ifconfig
EHC26: flags=0<> mtu 0
XHC20: flags=0<> mtu 0
EHC29: flags=0<> mtu 0
$ ioreg -w0 -rc AppleUSBHostController
+-o XHC1@1400
+-o EHC2@1a00
+-o EHC1@1d00
The format above is @ where the most significant byte of the location is the bus number. For example, if the device your interested in is connected to the XHCI controller XHC1@1400 then you would enable packet capture via "sudo ifconfig XHC20 up” and disable via “sudo ifconfig XHC20
down”. Once the interface is up then Wireshark will be able to capture/decode/filter USB traffic for that controller.
These interfaces are MacOs High Sierra default, not security concern.
en0
en1
en2
physical network interfaces. Typically, one of them is the Ethernet interface, one of them is the Airport wifi interface, one of them is the bluetooth interface.
fw0 is networking over firewire. You can connect a Firewire cable between two Macs, and OS X can use that cable as a network connection.
bridge0 is thunderbolt bridge. You can connect two Thunderbolt-equipped Mac computers using a Thunderbolt cable, then use internet protocol to communicate between the computers.
p2p0 peer to peer serial connection interfaces. If your MacOs have been connected to arduino through USB port, you will have this entry.
awdl0 AWDL (Apple Wireless Direct Link) is a low latency/high speed WiFi peer-to peer-connection Apple uses for everywhere you’d expect: AirDrop, GameKit (which also uses Bluetooth), AirPlay, and perhaps elsewhere. It works using its own dedicated network interface, typically “awdl0". By having multiple interfaces, Apple is able to have your standard WiFi connection on en*, while still broadcasting, browsing, and resolving peer to peer connections on awdl0.
utun0 it is the tunnel interface. If you have VirtualBox installed, guest operation system in virtualBox will use this interface to communicate with host operation system. TUN (namely network TUNnel) simulates a network layer device and it operates with layer 3 packets like IP packets. TUN is used with routing. Packets sent by an operating system via a TUN device are delivered to a user-space program which attaches itself to the device. A user-space program may also pass packets into a TUN device. In this case the TUN device delivers (or "injects") these packets to the operating-system network stack thus emulating their reception from an external source.
vment* - is used by VMWare Fusion to provide networking to your virtual machines, and there's likely to be one per VM you have set up.
lo0 is the loopback device, which is used for entirely internal communication such as between two applications running on localhost.
gif0 The gif interface is a generic tunnelling device for IPv4 and IPv6. It can tunnel IPv[46] traffic over IPv[46]. Therefore, there can be four possible configurations. The behavior of gif is mainly based on RFC2893 IPv6-over-IPv4 configured tunnel. It is the mac os X default interface, not a security concern.
 |
| 6to4 interfaces |
stf0 is SixToFour interface. 6to4 is an Internet transition mechanism for migrating from Internet Protocol version 4 (IPv4) to version 6 (IPv6), a system that allows IPv6 packets to be transmitted over an IPv4 network (generally the IPv4 Internet) without the need to configure explicit tunnels. Special relay servers are also in place that allow 6to4 networks to communicate with native IPv6 networks. It is a default interface, not a security concern.
EHC29
EHC26
XHC20
With macOS High Sierra you can use Wireshark to capture USB traffic. The interface needs to be manually brought up/down to enable/disable packet capture for the specific controller via ifconfig. The capture interfaces are named based on the underlying controller type followed by the bus number:
$ ifconfig
EHC26: flags=0<> mtu 0
XHC20: flags=0<> mtu 0
EHC29: flags=0<> mtu 0
$ ioreg -w0 -rc AppleUSBHostController
+-o XHC1@1400
+-o EHC2@1a00
+-o EHC1@1d00
The format above is @ where the most significant byte of the location is the bus number. For example, if the device your interested in is connected to the XHCI controller XHC1@1400 then you would enable packet capture via "sudo ifconfig XHC20 up” and disable via “sudo ifconfig XHC20
down”. Once the interface is up then Wireshark will be able to capture/decode/filter USB traffic for that controller.
These interfaces are MacOs High Sierra default, not security concern.
en0
en1
en2
physical network interfaces. Typically, one of them is the Ethernet interface, one of them is the Airport wifi interface, one of them is the bluetooth interface.
 |
| Firewire port |
fw0 is networking over firewire. You can connect a Firewire cable between two Macs, and OS X can use that cable as a network connection.
 |
| Mac thunderbolt port |
bridge0 is thunderbolt bridge. You can connect two Thunderbolt-equipped Mac computers using a Thunderbolt cable, then use internet protocol to communicate between the computers.
 |
PPP (PPPSerial)
|
p2p0 peer to peer serial connection interfaces. If your MacOs have been connected to arduino through USB port, you will have this entry.
awdl0 AWDL (Apple Wireless Direct Link) is a low latency/high speed WiFi peer-to peer-connection Apple uses for everywhere you’d expect: AirDrop, GameKit (which also uses Bluetooth), AirPlay, and perhaps elsewhere. It works using its own dedicated network interface, typically “awdl0". By having multiple interfaces, Apple is able to have your standard WiFi connection on en*, while still broadcasting, browsing, and resolving peer to peer connections on awdl0.
 |
| oracle VirtualBox |
utun0 it is the tunnel interface. If you have VirtualBox installed, guest operation system in virtualBox will use this interface to communicate with host operation system. TUN (namely network TUNnel) simulates a network layer device and it operates with layer 3 packets like IP packets. TUN is used with routing. Packets sent by an operating system via a TUN device are delivered to a user-space program which attaches itself to the device. A user-space program may also pass packets into a TUN device. In this case the TUN device delivers (or "injects") these packets to the operating-system network stack thus emulating their reception from an external source.
vment* - is used by VMWare Fusion to provide networking to your virtual machines, and there's likely to be one per VM you have set up.
Thanks for putting this all in one spot. I've been running into this information in several different places.
ReplyDeletethanks this is great!
ReplyDelete