IP link

The watch ip command, is very very useful command. Sometimes this command helps us to understand whats going on “behind the scene” of our traffic.


Open terminal & type:
assault@kalivm:~$ sudo watch ip -s link
*The -s flag mean – socket*

*And we will get this output*


*OK, lets understand whats going on here*


As we can see, there are 2 sections

  • lo  – loopback
  • eth0 – our Ethernet device


The lo (loopback) device is actually the local host of our machine.
What does it mean? for example, if our linux machine runs a files server, we will be able to access this file though the browser from our LAN.

*For example*



The eth0 is actually our Ethernet device.
eth – Ethernet, that means that we are connected via cable (RJ45).
0 – The # of our device, it can be eth1, eth2…and so on…and so on. (it’s all depends, on how many network connections we have on the same machine).


*OK, lets focus on what we have under eth0*


link/ether 00:15:5d:32:04:2e – The physical address of our machine.
RX: bytes – The amount of data that received
TX: bytes – The amount of data that transferred
packets – How many network packets were sent \ received
errors – Show us if there are any errors during the process
dropped – The # of the network packets that failed during the process (packet loss).
carrier – The network infrastructure
overruns – It’s actually if there is a FIFO (firstin/firstout) overruns and the buffer is not empty yet.
collsns – It’s actually shown us if there are any collisions on the network.




Here is an example by Gamer Forever