Network Configuration

Linux provides powerful tools for viewing and managing network resources. The modern standard is the ip command, which replaced the legacy ifconfig.

Viewing IP Addresses

`ip addr` — Network Interfaces

# Show all network interfaces and their IP addresses
$ ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
       valid_lft forever preferred_lft forever

# Short form
$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
    inet 127.0.0.1/8 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP
    inet 172.17.0.2/16 scope global eth0

Interface states:

State	Meaning
`UP`	Interface is active
`DOWN`	Interface is disabled
`UNKNOWN`	Interface is up but not connected

Managing Links

# Bring interface UP
$ sudo ip link set eth0 up
 
# Bring interface DOWN
$ sudo ip link set eth0 down
 
# Change MAC address (for testing)
$ sudo ip link set eth0 down
$ sudo ip link set eth0 address 02:42:ac:11:00:03
$ sudo ip link set eth0 up
 
# Enablepromiscuous mode (for packet sniffing)
$ sudo ip link set eth0 promisc on

Analyzing Connections — `ss`

The modern replacement for netstat. Shows socket statistics.

# List all listening TCP and UDP ports
$ ss -tuln
Netid  State   Recv-Q   Send-Q   Local Address:Port     Peer Address:Port  Process
udp    UNCONN  0        0              0.0.0.0:68          0.0.0.0:*
tcp    LISTEN  0        128            0.0.0.0:22          0.0.0.0:*
tcp    LISTEN  0        128            0.0.0.0:80          0.0.0.0:*
tcp    LISTEN  0        128                  *:443                 *:*
tcp    LISTEN  0        128            127.0.0.1:6379        0.0.0.0:*

Flags explained:

Flag	Meaning
`-t`	TCP sockets
`-u`	UDP sockets
`-l`	Listening sockets only
`-n`	Show numeric ports (don't resolve names)
`-p`	Show process using the socket

# Show with process names (requires root)
$ sudo ss -tulnp
tcp  LISTEN  0  128  0.0.0.0:22  0.0.0.0:*  users:(("sshd",pid=1234,fd=3))
 
# Show established connections
$ ss -tn state established
 
# Show connections to a specific port
$ ss -tnp | grep :80

Testing Connectivity

`ping` — ICMP Echo

# Test connectivity to a host
$ ping -c 4 google.com
PING google.com (142.250.185.174) 56(84) bytes of data.
64 bytes from 142.250.185.174: icmp_seq=1 ttl=115 time=14.2 ms
64 bytes from 142.250.185.174: icmp_seq=2 ttl=115 time=14.5 ms
64 bytes from 142.250.185.174: icmp_seq=3 ttl=115 time=14.3 ms
64 bytes from 142.250.185.174: icmp_seq=4 ttl=115 time=14.1 ms
 
--- google.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3005ms
rtt min/avg/max/mdev = 14.1/14.2/14.5/0.1 ms

`nc` / `telnet` — Port Testing

# Test if a specific port is open
$ nc -zv 192.168.1.100 22
Connection to 192.168.1.100 22 port [tcp/ssh] succeeded!
 
# Test HTTP port
$ nc -zv example.com 80
Connection to example.com 80 port [tcp/http] succeeded!
 
# Test multiple ports
$ nc -zv 192.168.1.100 22 80 443
 
# telnet (legacy but still useful)
$ telnet 192.168.1.100 22
Trying 192.168.1.100...
Connected to 192.168.1.100.
Escape character is '^]'.
SSH-2.0-OpenSSH_8.9

Making HTTP Requests

`curl` — HTTP Client

# Fetch a webpage
$ curl http://example.com
<!doctype html>
<html>
<head>
    <title>Example Domain</title>
...
 
# Show response headers only
$ curl -I http://example.com
HTTP/2 200
accept-ranges: bytes
age: 588960
cache-control: max-age=604800
content-type: text/html; charset=UTF-8
 
# Show request and response headers
$ curl -v http://example.com 2>&1 | head -30
 
# Download a file
$ curl -O http://example.com/file.zip
$ curl -o output.zip http://example.com/file.zip
 
# Send headers
$ curl -H "Authorization: Bearer TOKEN" https://api.example.com/data
 
# POST request
$ curl -X POST -d "name=test&value=123" http://example.com/api

`wget` — Download Tool

# Download a file
$ wget http://example.com/file.zip
 
# Download with custom filename
$ wget -O output.bin http://example.com/file.zip
 
# Download in background
$ wget -b http://example.com/large-file.iso
Continuing in background, pid 12345.
 
# Resume a partial download
$ wget -c http://example.com/large-file.iso

DNS Resolution

`/etc/resolv.conf` — DNS Configuration

$ cat /etc/resolv.conf
nameserver 8.8.8.8
nameserver 8.8.4.4
nameserver 1.1.1.1

`dig` — DNS Query

# Query A record (IP address)
$ dig google.com
google.com.             300     IN      A       142.250.185.174
 
# Query MX records (mail servers)
$ dig mx google.com +short
10 smtp.google.com.
 
# Query TXT records (SPF, DKIM, etc.)
$ dig txt google.com +short
"v=spf1 include:_spf.google.com ~all"
 
# Query NS records (nameservers)
$ dig ns example.com +short
 
# Specify DNS server
$ dig @8.8.8.8 google.com

`nslookup` — Legacy DNS Lookup

$ nslookup google.com
Server:  8.8.8.8
Address: 8.8.8.8#53
 
Non-authoritative answer:
Name: google.com
Address: 142.250.185.174

`host` — Simple DNS Lookup

$ host example.com
example.com has address 93.184.216.34
example.com mail is handled by 0 .

Routing

`ip route` — Routing Table

# View routing table
$ ip route show
default via 172.17.0.1 dev eth0
172.17.0.0/16 dev eth0 proto kernel scope link src 172.17.0.2
 
# Default route = gateway
# traffic to 172.17.0.0/16 goes directly via eth0

`traceroute` — Path to Destination

# Trace the route packets take to reach a host
$ traceroute google.com
traceroute to google.com (142.250.185.174), 30 hops max, 60 byte packets
 1  172.17.0.1 (172.17.0.1)  0.054 ms  0.034 ms  0.030 ms
 2  10.0.0.1 (10.0.0.1)  0.342 ms  0.345 ms  0.342 ms
 3  72.14.215.85 (72.14.215.85)  14.521 ms  14.289 ms  14.302 ms
 4  142.250.185.174 (142.250.185.174)  14.245 ms  14.201 ms  14.190 ms

Quick Reference

Task	Command
Show IP addresses	`ip addr show`
Show interfaces	`ip link show`
Show routing table	`ip route show`
List ports	`ss -tuln`
Test connectivity	`ping -c 4 host`
Test port open	`nc -zv host port`
HTTP request	`curl http://host`
Download file	`wget http://host/file`
DNS lookup	`dig host`
DNS lookup	`nslookup host`
Trace route	`traceroute host`

Practice Challenge

Run ip addr — how many network interfaces do you have?
Run ss -tuln — what services are listening for connections?
Ping 8.8.8.8 — is internet connectivity working?
Use dig to look up the IP address of a website
Run ip route show — what's your default gateway?
Use curl -I to check the HTTP headers of a website

Network Configuration

Network Configuration

Viewing IP Addresses

ip addr — Network Interfaces

Managing Links

Analyzing Connections — ss

Testing Connectivity

ping — ICMP Echo

nc / telnet — Port Testing

Making HTTP Requests

curl — HTTP Client

wget — Download Tool

DNS Resolution

/etc/resolv.conf — DNS Configuration

dig — DNS Query

nslookup — Legacy DNS Lookup

host — Simple DNS Lookup

Routing

ip route — Routing Table

traceroute — Path to Destination

Quick Reference

Practice Challenge

`ip addr` — Network Interfaces

Analyzing Connections — `ss`

`ping` — ICMP Echo

`nc` / `telnet` — Port Testing

`curl` — HTTP Client

`wget` — Download Tool

`/etc/resolv.conf` — DNS Configuration

`dig` — DNS Query

`nslookup` — Legacy DNS Lookup

`host` — Simple DNS Lookup

`ip route` — Routing Table

`traceroute` — Path to Destination