x0<global> 0<global> on my ifconfig

enanito44

New Member
Joined
Jun 21, 2020
Messages
12
Reaction score
5
Credits
113
Hello, I have been learning the Linux OS for some time by now but still think I am a beginner even though I am pretty familiar with the usage of the terminal. I have Kali Linux installed on an old PC and works just fine but just yesterday while I was watching and learning the WireShark sniffing tool, by curiosity I went to my terminal and enter the ifconfig command and something very odd showed up along with the usual eth0, l0 wlan0 inet configs. There are a couple of connections I never saw before that got me really puzzled and those are: x0<global> and 0<global>. I am really concerned that maybe my ISP is trying or is actually tracking what I am doing online. Can anyone tell me what those two new items on my ifconfig command are?

I will really appreciate any comments or feedback. Thank you very much.
 


Disclaimer:

In case there is any confusion regarding my first message which says that I was learning the Wire Shark sniffing tool, I want to clarify that I am trying to learn "Ethical Hacking", meaning "Legal Hacking" or "White Hat Hacking", and my learning and research is within the legal bounds and I have no intention to break any law whatsoever. The tutorials I am learning from, are totally legal. So I just need some help on the issue of having 2 unknown "ifconfig" connections, but I guess I will just have to continue doing my research in other sites for now.
 
The first thing I will say is that ifconfig has been deprecated for a long time. It used to be the de-facto tool for viewing and setting the state of networking interfaces.
But it has been superseded by the ip command.
What is the output of the command
Code:
ip link show
Does that show these extra interfaces too?

Can you post the output that you're seeing for these extra interfaces? That might help to yield some clue?

Also I haven't ran Kali in a long time. I used to keep a copy of it on a USB thumbdrive for if I ever needed it.
Is it possible that something you're running in Kali is creating some dummy interfaces or something?

ifconfig and ip don't show any extra interfaces for me in Debian.
If you can post some additional information about these extra interfaces, we might be able to work out what they are.

Your ISP may well be monitoring your online activities - but they wouldn't need to set up an additional networking interface on your machine to do that! The networking interfaces listed by ifconfig will be physical devices connected to your PC, or virtual ones that will be using one of the physical devices. Whatever these extra interfaces are, they are NOT your ISP spying on you!

Typically ifconfig and ip will list the local loopback interface and any wifi, or wired LAN connections. If your PC has bluetooth capabilities - that can also appear as an extra interface in the output too, or if you have a dial-up modem etc.

So these extra network devices are either physical networking devices on your PC, or on other devices connected to your PC - or they are possibly virtual devices that are using one of your physical devices. And again, if it's a virtual one - it's more likely to be created by some program/command you've ran in Kali!

So first, I think we'll need some more detailed information about these additional interfaces you're seeing.
 
Thank you so much for your input. I really appreciate it. The truth is that I was very concerned about that ifconfig issue and at the same time felt very frustrated but I did not expect that my original post in which I requested to have my account deleted would attract so much attention. Actually I thought that my account would be deleted by the moderator without any fuss but I am very grateful for the result and I also want to apologize to all those I probably offended with my tandrums. Actually, it was a very interesting experience.

Now coming back to the issue of those strange network interfaces that suddenly popped up on my ifconfig command, the culprit listing looks like this:

"I'm deleting all the other text below each interface to save space (I know what the first three mean ) " :

eth0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
ether xx:xx:xx:xx txqueuelen 1000 (Ethernet) ...

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet xxx.xx.xx netmask 255.0.0.0 ........

wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet xx.xx.xx.xx netmask 255.255.255.0 broadcast xx.xx.xx.xxx

And at the end of the listing I get these two very weird configurations:

x0<global>
inet6 2601:1c0:5203:2300:20f:60ff:fe02:f719 prefixlen 64 scopeid 0x0<global>

inet6 fe80::20f:60ff:fe02:f719 prefixlen 64 scopeid 0x20<link>

0<global>
inet6 fe80::20f:60ff:fe02:f719 prefixlen 64 scopeid 0x20<link>"


And that's how I ended up on these forums.

If you have any idea what they could be, please by all means illuminate me.

I don't really work or make a living and don't pretend to have too much knowledge out of all these technical stuff and mostly, I do it to entertain myself and have something to talk about with my two kids when they become too annoying, but I sure am very curious and willing to keep learning just for the sake of it and, since I am already retired, what do I have to lose?

Thanks so much again and have a wonderful day!
 
keep asking questions but remember if anybody doesn't pick it up it could be not in the mood to reply , didn't see it due to time zone and this it got pushed to back of que since only relatively recent posts are displayed. Also maybe the one person that could answer didn't login for a day or two.
 
Those appear to be IPV6 IP addresses.
Looking up the IP's using ipinfo.io - I get the following information:

This is the X0<global>:
Code:
$ curl ipinfo.io/2601:1c0:5203:2300:20f:60ff:fe02:f719
{
  "ip": "2601:1c0:5203:2300:20f:60ff:fe02:f719",
  "city": "Portland",
  "region": "Oregon",
  "country": "US",
  "loc": "45.5234,-122.6762",
  "org": "AS7922 Comcast Cable Communications, LLC",
  "postal": "97207",
  "timezone": "America/Los_Angeles",
  "readme": "https://ipinfo.io/missingauth"
}

And this is the information for the address that appears in 0x0<global> and 0<global>:
Code:
$ curl ipinfo.io/fe80::20f:60ff:fe02:f719
{
  "ip": "fe80::20f:60ff:fe02:f719",
  "bogon": true
}

And a bogon is an invalid IP address.

So I think the first one is your external IP address - and the other two are fake IP's. So perhaps this is some kind of spoofing mechanism that has been set up by some tool you've used - in order to hide your true IP. I don't know for sure. If Comcast are your internet provider - then the first one is almost certainly your external IP.

Again, I haven't used Kali in many years, so I'm more than a little rusty with this side of things!

What other tools have you been using in Kali?
 
Last edited:
Okay, that makes a big difference. Now I guess I can assume that no one is monitoring my internet activity. Thank you for that information.

I am a beginner and I keep getting distracted by other things, so I have only been able to use, kind of like in the surface, the following tools: Nmap, Zenmap, and the sniffing tool Wireshark but Kali has lots of tools available that I am hoping I could get my hands on in the near future.

Again, your feedback is really appreciated.
 
keep asking questions but remember if anybody doesn't pick it up it could be not in the mood to reply , didn't see it due to time zone and this it got pushed to back of que since only relatively recent posts are displayed. Also maybe the one person that could answer didn't login for a day or two.
Thank you, now I have a better idea of how these forums are.
 

Staff online


Top