Rolling Thunder Security · Codex · Network Security 02

Three Terminals,
One Question

What is my IP address? Every operating system can answer it, but each speaks a slightly different dialect. Windows uses ipconfig in PowerShell. macOS uses ifconfig in Terminal. Linux uses ip a. Learn to read all three and you can sit at any machine and find out where you are on the network.

Windows · ipconfig /all macOS · ifconfig Linux · ip a
01
The Concept

Same information, three accents

Every host on a network has the same fundamental questions to answer: what is my address, what network am I on, who is my gateway, where do I look up names. Each operating system exposes the answers through a different command. The commands print different formats, use different field names, and sometimes split the work across multiple tools. The information underneath is the same.

On the next page you can see the same machine described three different ways. The hostname, IPv4 address, MAC, subnet mask, and IPv6 link-local address all match across the three terminals because they describe one host. The job is to learn how to read each format and to recognize the common fields as you move between systems.

Why this matters in a pen test

When you land on a foothold host you do not get to choose which operating system you arrive on. You will pivot through Linux servers, Windows endpoints, and the occasional macOS engineering laptop. The first command after every shell is the one that answers "where am I?", and you need the right tool ready for the OS in front of you.

02
Interactive

The three terminals, side by side

All three terminals below describe the same machine: a workstation with IPv4 address 192.168.1.100, MAC aa:bb:cc:dd:ee:ff, on the local network 192.168.1.0/24 with gateway 192.168.1.1. Click a concept in the legend to highlight every instance of it across all three terminals at once.

Highlight:
Windows PowerShell · learner@LAPTOP
PS C:\Users\learner> ipconfig /all Windows IP Configuration Host Name . . . . . . . . . . . . : AEOLUS Primary Dns Suffix . . . . . . . : zzz.local Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : zzz.local Ethernet adapter Ethernet: Connection-specific DNS Suffix . : zzz.local Description . . . . . . . . . . . : Intel(R) Ethernet Connection I219-V Physical Address. . . . . . . . . : AA-BB-CC-DD-EE-FF DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::a8bb:ccff:fedd:eeff%12(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.1.100(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : Tuesday, May 13, 2026 8:00:00 AM Lease Expires . . . . . . . . . . : Wednesday, May 14, 2026 8:00:00 AM Default Gateway . . . . . . . . . : 192.168.1.1 DHCP Server . . . . . . . . . . . : 192.168.1.1 DHCPv6 IAID . . . . . . . . . . . : 234881073 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-2A-3B-4C-5D-AA-BB-CC-DD-EE-FF DNS Servers . . . . . . . . . . . : 192.168.1.1 8.8.8.8 NetBIOS over Tcpip. . . . . . . . : Enabled Tunnel adapter Teredo Tunneling Pseudo-Interface: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : PS C:\Users\learner> _
brian — -zsh — 100×30
learner@MacBook-Pro ~ % ifconfig lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384 options=1203<RXCSUM,TXCSUM,TXSTATUS,SW_TIMESTAMP> inet 127.0.0.1 netmask 0xff000000 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1 nd6 options=201<PERFORMNUD,DAD> en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500 options=400<CHANNEL_IO> ether aa:bb:cc:dd:ee:ff inet6 fe80::a8bb:ccff:fedd:eeff%en0 prefixlen 64 secured scopeid 0x6 inet 192.168.1.100 netmask 0xffffff00 broadcast 192.168.1.255 nd6 options=201<PERFORMNUD,DAD> media: autoselect status: active en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500 options=460<TSO4,TSO6,CHANNEL_IO> ether 5a:cd:e2:11:22:33 media: autoselect <full-duplex> status: inactive utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380 inet6 fe80::abcd:1234:5678:9abc%utun0 prefixlen 64 scopeid 0xa nd6 options=201<PERFORMNUD,DAD> # macOS does not print the default gateway in ifconfig. # Use: netstat -nr | grep default # Or: route get default learner@MacBook-Pro ~ % netstat -nr | grep default default 192.168.1.1 UGScg en0 learner@MacBook-Pro ~ % scutil --dns | grep nameserver nameserver[0] : 192.168.1.1 nameserver[1] : 8.8.8.8 learner@MacBook-Pro ~ % _
learner@LAPTOP: ~ — 100×30
learner@LAPTOP:~$ ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether aa:bb:cc:dd:ee:ff brd ff:ff:ff:ff:ff:ff inet 192.168.1.100/24 brd 192.168.1.255 scope global dynamic eth0 valid_lft 86245sec preferred_lft 86245sec inet6 fe80::a8bb:ccff:fedd:eeff/64 scope link valid_lft forever preferred_lft forever 3: wlan0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000 link/ether 5a:cd:e2:11:22:33 brd ff:ff:ff:ff:ff:ff # ip a does not show the default gateway either. # Use: ip r show default # Or: resolvectl status for DNS learner@LAPTOP:~$ ip r show default default via 192.168.1.1 dev eth0 proto dhcp src 192.168.1.100 metric 100 learner@LAPTOP:~$ resolvectl status | grep "DNS Servers" Current DNS Server: 192.168.1.1 DNS Servers: 192.168.1.1 8.8.8.8 learner@LAPTOP:~$ _
Read the prompt first

The prompt tells you which OS you are on before you even type a command. Windows PowerShell shows a path like PS C:\Users\learner>. macOS zsh shows learner@MacBook-Pro ~ %. Linux bash shows learner@LAPTOP:~$. The trailing character is your fastest tell: > is PowerShell, % is zsh, $ is bash, # is root.

03
Translation Matrix

Same concept, three field names

The same value lives under different labels in each OS. Memorize this row by row and you can eyeball any output and pull the value you need.

What it is Windows (ipconfig /all) macOS (ifconfig) Linux (ip a)
Interface name Ethernet adapter Ethernet en0, en1, lo0 eth0, wlan0, lo
IPv4 address IPv4 Address inet inet
Subnet mask Subnet Mask (dotted decimal) netmask (hex, e.g. 0xffffff00) CIDR suffix after IP, e.g. /24
MAC address Physical Address (AA-BB-CC-DD-EE-FF) ether (aa:bb:cc:dd:ee:ff) link/ether (aa:bb:cc:dd:ee:ff)
IPv6 address Link-local IPv6 Address inet6 ... prefixlen inet6 ... /64
Default gateway Default Gateway (in the same output) Separate: netstat -nr | grep default Separate: ip r show default
DNS servers DNS Servers (in the same output) Separate: scutil --dns Separate: resolvectl status
DHCP lease info Lease Obtained / Expires Separate: ipconfig getpacket en0 Separate: cat /var/lib/dhcp/dhclient.leases
Hostname Host Name Separate: hostname Separate: hostname or hostnamectl
04
The Fields Explained

What each value tells you

Knowing the names is half the battle. Knowing what each value means is the other half.

IPv4 Address

e.g. 192.168.1.100

The host's address on its current IPv4 network. Combined with the subnet mask, this determines which other hosts the machine can talk to without going through a router.

192.168.1.100

Subnet Mask

e.g. 255.255.255.0 = /24 = 0xffffff00

Defines which bits of the IP are the network portion and which are the host portion. A /24 mask means the first 24 bits are the network, leaving 8 bits (256 addresses) for hosts on this LAN.

/24 · 255.255.255.0 · 0xffffff00

MAC Address

48 bits, hardware-level

The unique identifier of the network interface card. The first three bytes identify the manufacturer (the OUI); the last three are assigned by that manufacturer. See the next Codex page for the full anatomy.

aa:bb:cc:dd:ee:ff

Default Gateway

e.g. 192.168.1.1

The IP address of the router that handles every packet whose destination is not on this LAN. If you can ping the gateway, you can probably reach the wider Internet through it.

192.168.1.1

DNS Servers

Resolves names to addresses

The servers this host asks when it needs to translate example.com into an IP. Often the same as the gateway on a home network; on enterprise networks they are usually dedicated internal resolvers.

192.168.1.1 · 8.8.8.8

Link-local IPv6

fe80::/10 · never routed

An auto-assigned IPv6 address used only on the local link. It is derived from the MAC address (modified EUI-64) or randomized for privacy. Useful for neighbor discovery, never for reaching the Internet.

fe80::a8bb:ccff:fedd:eeff

Interface name

eth0 / en0 / Ethernet

The local label for one physical or virtual network adapter. Modern Linux often uses predictable names like enp3s0. macOS numbers them en0, en1, en2. Windows uses descriptive names.

eth0 · en0 · Ethernet

Loopback

127.0.0.1 · ::1

A virtual interface that always exists and always answers. Useful for testing whether the network stack on the host is functional even before any cable is plugged in. ping 127.0.0.1 tests your own stack, not the network.

lo · lo0 · 127.0.0.1
05
Practical Tasks

Common asks, three OS recipes

Beyond the basic "show me everything" commands, here are the targeted questions you will be asked most often and the fastest way to answer them on each OS.

What is my IP address?Just the IPv4 of the active interface
Windowsipconfig | findstr IPv4
macOSipconfig getifaddr en0
Linuxip -4 addr show eth0 | grep inet
What is my MAC address?Hardware identifier of the NIC
Windowsgetmac /v
macOSifconfig en0 | grep ether
Linuxip link show eth0 | grep ether
What is my default gateway?The router for traffic off this LAN
Windowsroute print | findstr 0.0.0.0
macOSroute get default
Linuxip route show default
Which DNS servers am I using?Where name lookups go
WindowsGet-DnsClientServerAddress
macOSscutil --dns | grep nameserver
Linuxresolvectl status
Renew my DHCP leaseAsk the server for a fresh address
Windowsipconfig /release && ipconfig /renew
macOSsudo ipconfig set en0 BOOTP && sudo ipconfig set en0 DHCP
Linuxsudo dhclient -r && sudo dhclient eth0
Flush the DNS cacheForce a fresh name lookup
Windowsipconfig /flushdns
macOSsudo dscacheutil -flushcache
Linuxsudo resolvectl flush-caches
Bring an interface up or downToggle a NIC without unplugging
Windowsnetsh interface set interface "Ethernet" admin=disable
macOSsudo ifconfig en0 down
Linuxsudo ip link set eth0 down
Show the ARP tableMAC-to-IP mappings on the LAN
Windowsarp -a
macOSarp -a
Linuxip neigh show
06
Key Takeaways

What to remember

i.

One command per OS

ipconfig on Windows, ifconfig on macOS, ip on Linux. The first thing you should be able to type without thinking on any of the three.

ii.

Read the prompt

The character at the end of the prompt tells you which shell you are in, which tells you which dialect of the command you need.

iii.

Field names differ

Physical Address, ether, link/ether. inet, IPv4 Address, inet. Same value, different label. Build the translation table in your head.

iv.

Gateway and DNS may be elsewhere

Windows packs everything into one output. macOS and Linux split it across several tools. Know the supplemental commands for each.

v.

Subnet masks have three notations

255.255.255.0 in dotted decimal, /24 in CIDR, 0xffffff00 in hex. All three describe the same 24-bit mask. Learn to convert mentally.

vi.

Loopback is always there

If a host has no Ethernet, no Wi-Fi, and no cable, it still has lo / lo0 / loopback at 127.0.0.1. Useful for testing the stack itself.