Linux Networking Fundamentals

🎫 Content is validated at 2025-05-23 for

✅ Ubuntu 24.10

As a Linux system administrator or developer, you'll often find yourself working with network configurations. Let's explore the essential concepts and tools you'll need in your daily work.

Getting Started with Network Interfaces

When you first look at network configuration in Linux, you'll encounter network interfaces. Think of these as the connection points between your computer and the network - similar to how ports on a switch connect different devices. You'll typically see interfaces named like eth0 for your first Ethernet card, wlan0 for wireless connections, and lo for the loopback interface that your system uses to talk to itself.

When working with network interfaces, you'll frequently use commands.

The ip link Command

The ip link show command is your go-to tool for checking the status of all network interfaces on your system. It displays not just the interfaces, but also their operational state and physical/MAC addresses. You'll find this particularly useful when:

• Troubleshooting network connectivity issues
• Setting up new network interfaces
• Verifying if network cards are properly recognized
• Checking if interfaces are UP or DOWN

ip link show

When you run this command, you'll see output like this:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT
    link/ether 00:15:5d:01:ca:05 brd ff:ff:ff:ff:ff:ff

What do this output mean? Let's break it down:

The important parts to notice are the interface names (lo and eth0) and their states (UP or DOWN). If you need more detailed information about IP addresses assigned to these interfaces, you can use:

Checking IP Addresses

The ip addr show command is more comprehensive than ip link as it shows both the interfaces and their assigned IP addresses. This command is essential when you need to:

• Verify IP address assignments
• Check for duplicate IP addresses
• Debug DHCP-related issues
• Confirm subnet mask configurations

Once you've identified your interfaces, you'll want to know what IP addresses they have. The ip addr show command provides this information:

ip addr show

When you run this command, you'll see something like:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:15:5d:01:ca:05 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.100/24 brd 192.168.1.255 scope global dynamic eth0
    inet6 fe80::215:5dff:fe01:ca05/64 scope link

Let's decode this output:

• inet 127.0.0.1/8: The loopback address with its subnet mask
• inet 192.168.1.100/24: Your actual IP address and subnet
• scope global: Indicates this address is valid for use with the outside world
• dynamic: Shows this address was assigned by DHCP

You can also use ifconfig to get similar information, but it's deprecated in favor of ip:

Since ifconfig is deprecated, you may not find it installed by default on modern systems. If you need it, you can install the net-tools package.

ifconfig

When you run this command, you'll see output like this:

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet

You can also see the MAC address of the interface, IP, and other details.

Managing Network Connections

Static vs Dynamic IP Configuration

When setting up a server or workstation, one of the first decisions you'll face is whether to use static or dynamic IP addressing.

If you're setting up a server, you'll probably want a static IP. Here's how you can do it:

When setting up a static IP address, the ip addr add command gives you immediate control. The syntax follows the pattern ip addr add IP_ADDRESS/SUBNET_MASK dev INTERFACE. For example:

sudo ip addr add 192.168.1.100/24 dev eth0

This command is perfect for:

• Quick testing of network configurations
• Emergency network repairs
• Temporary IP assignment during troubleshooting
• Adding secondary IP addresses to an interface

Tips, to remove an IP address, use: sudo ip addr del IP_ADDRESS dev INTERFACE, you can use ip --help to see all available options.

But remember, this configuration won't survive a reboot. For a permanent setup on modern Ubuntu or Debian systems, you'll want to edit the netplan configuration, it often lives in /etc/netplan/01-netcfg.yaml or similar. Here's an example of a static configuration:

network:
  version: 2
  renderer: networkd
  ethernets:
    eth0:
      addresses: [192.168.1.100/24]
      gateway4: 192.168.1.1
      nameservers:
        addresses: [8.8.8.8, 1.1.1.1]

or use dhcp:

network:
  version: 2
  renderer: networkd
  ethernets:
    eth0:
      dhcp4: true

After editing the file, apply the changes with:

sudo netplan apply

Essential Network Troubleshooting Tools

When things go wrong (and they will), you'll need a solid understanding of these diagnostic tools:

Network Connectivity Testing

Let's start with the basics - the ping command. You might think it's simple, but it's incredibly powerful:

The ping command might seem basic, but it's incredibly versatile. The -c flag limits the number of packets sent, which is useful for scripting and quick tests:

ping -c 4 google.com  # Sends exactly 4 packets and stops

When you run the ping command, you'll see output like this:

PING google.com (142.250.189.78) 56(84) bytes of data.
64 bytes from lhr25s35-in-f14.1e100.net (142.250.189.78): icmp_seq=1 ttl=116 time=14.3 ms
64 bytes from lhr25s35-in-f14.1e100.net (142.250.189.78): icmp_seq=2 ttl=116 time=13.9 ms
64 bytes from lhr25s35-in-f14.1e100.net (142.250.189.78): icmp_seq=3 ttl=116 time=14.1 ms
64 bytes from lhr25s35-in-f14.1e100.net (142.250.189.78): icmp_seq=4 ttl=116 time=14.0 ms

--- google.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3005ms
rtt min/avg/max/mdev = 13.915/14.075/14.284/0.151 ms

This output tells you:

• The remote IP address (142.250.189.78)
• Round-trip time for each packet (e.g., 14.3 ms)
• Packet loss percentage (0% in this case)
• Statistics about timing variations

Use ping for:

• Basic connectivity testing
• Network latency measurement
• DNS resolution verification
• Host availability monitoring

Want to know why a connection is slow or failing? That's where traceroute comes in:

When you need to understand the path your traffic takes, traceroute becomes invaluable:

traceroute google.com

When using traceroute, you might see:

traceroute to google.com (142.250.189.78), 30 hops max, 60 byte packets
 1  _gateway (192.168.1.1)  0.344 ms  0.313 ms  0.307 ms
 2  isp-router.net (10.0.0.1)  12.132 ms  12.125 ms  12.119 ms
 3  core-router.isp.net (172.16.0.1)  13.225 ms  13.219 ms  13.213 ms
 4  google-peer.isp.net (192.0.2.1)  13.376 ms  13.370 ms  13.364 ms
 5  lhr25s35-in-f14.1e100.net (142.250.189.78)  14.090 ms  14.084 ms  14.078 ms

Each line represents a "hop" in your connection:

• The number at the start is the hop count
• The hostname and IP address of each router
• Three time measurements showing the latency to that hop

This tool helps you:

• Identify network bottlenecks
• Troubleshoot routing issues
• Verify network paths
• Detect network congestion points

DNS Resolution

When you need to check if a domain name resolves correctly, dig is your best friend. It's more powerful than nslookup and provides detailed information about DNS queries:

dig google.com

When you run this command, you'll see output like this:

; <<>> DiG 9.16.1-Ubuntu <<>> google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12345
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;google.com.			IN	A
;; ANSWER SECTION:
google.com.		299	IN		142.250.189.78
;; Query time: 14 msec
;; SERVER:  8.8.8.8#53
;; WHEN: Wed Oct 25 12:34:56 UTC 2023
;; MSG SIZE  rcvd: 55

This output provides:

• The DNS server used for the query (8.8.8.8)
• The time taken to get a response (14 msec)
• The size of the response message (55 bytes)

Connection Analysis

For more complex issues, you'll need to dive deeper with tools like ss and netstat:

The ss command is the modern replacement for netstat, providing detailed socket statistics:

ss -tuln  # Shows TCP(-t) and UDP(-u) listening(-l) numeric(-n) ports

When running the ss command:

Netid  State    Recv-Q  Send-Q   Local Address:Port    Peer Address:Port
tcp    LISTEN   0       128      0.0.0.0:22            0.0.0.0:*
tcp    LISTEN   0       128      0.0.0.0:80            0.0.0.0:*
tcp    ESTAB    0       0        192.168.1.100:22      192.168.1.10:52414

This output shows:

• LISTEN: Services waiting for connections
• ESTAB: Established connections
• Local and remote address:port pairs
• Queue lengths for incoming/outgoing data

This command is essential for:

• Security auditing
• Service debugging
• Port conflict resolution
• Connection state analysis

Conclusion

There are still many more topics and tools to explore in Linux networking, such as firewalls (iptables/nftables), VPNs, packet filtering, and network performance tuning. However, mastering the basics will give you a solid foundation to build upon.

Remember, mastering Linux networking is a journey, not a destination. Start with the basics, practice regularly, and gradually explore more advanced topics as your needs grow.