# Networking

# Basic Terms

Before we start into a very (very) brief introduction to networking in Linux lets lay some groundwork by defining common terms. This might be boring so feel free to skip it if you already know this stuff.

Term Definition
Host A participant in the network. Basically a computer/phone/"smart"-device
Network A collection of two or more host that are able to communicate with each other
Internet A global network comprised of many smaller networks
Service A feature being provided by one host to another. An example would be a server providing a webpage to a client
Router A host that can connect multiple networks
TCP/IP The shortened name of the protocols used to make the Internet work
Packet A piece of data transmitted through a network
IP Address A numerical value assigned to a host used to identify it as source or destination of a packet. Think postal address
Network Mask Defines which part of the IP Address is the network identifier. Think ZIP Code. A router needs this to work
Hostname A human friendly name that can be given to a host
DHCP A protocol used to assign network related and potentially other information to a host at the time it connects to a network
DNS A system that resolves human friendly strings to IP Addresses. Basically what enables you to type google.com instead of 192.168.0.1 (not the real deal 😉)

# IP addresses and IPv4 vs IPv6

This topic is long and complex so I will write a separate course on it at some point in the future. For now lets just say there are two types of IP addresses that you need to be aware of IPv4 and IPv6. The reason behind the existence of IPv6 is that we basically ran out of IPv4 addresses.

IPv4 addresses are 32-bit long and look like this 10.0.0.1 where each number has a range from 0 to 255. This gives us about 4.3 billion addresses to work with modulo some reserved spaces. Well it was enough for some time but as stated we ran out. This led to something called NAT which stands for Network Address Translation, which is sort of ugly because it breaks the basic principal that connections in IP are direct and was misused as a "security" mechanism.

Enter IPv6 which was officially "standardized" in 1998. The addresses are 128-bit long giving us way more space. It also solves a bunch of other issues present in IPv4 but is a breaking change which means that IPv6 is not backward compatible with IPv4. The adoption is rather slow due to multiple factors which we will not explore now. Suffice it to say that IPv4 will be around for a long time but IPv6 is already relevant in the world of IT.

# Configuration Files

When configuring network devices start with two questions:

  • Is the connection wired or wireless?
  • Is the configuration static or dynamic?

Armed with this knowledge lets dive into the configuration files.

# DNS

In most distributions the current settings for domain name resolution can be found in /etc/resolv.conf. This file will usually contain one or more nameserver entries and a note on how it is auto-generated and where actual and persistent changes should be made.

# Additional Configuration

Here is a list of additional files that play a role in the overall network configuration. Like most of this tutorial the files listed are for Debian based distributions and your milage may vary.

File Content
/etc/hosts Contains host to IP mappings. Used to supplement the DNS server
/etc/hostname Defines the local hosts name
/etc/network/interfaces Contains the configuration for network interfaces
/etc/nsswitch.conf Used to define the order of DNS resolution. For example use local files first and a DNS server second

# Restarting the networking sub-system

After changing the configuration of the network it is almost always necessary to restart the networking sub-system. This can be done in multiple ways and is of course dependant on your distribution. On the latest Ubuntu for example the command would be systemctl restart networking.

# Tools

Linux comes with a wide range of network diagnostics and interaction tooling out of the box. Lets look at some examples.

# ping

The ping command can be used to determine if a remote machine is "reachable" from your host. Be aware that some administrators disable ping responses on machines under their control.

TIP

Figure out how you can limit the amount of pings you send without manually aborting.

# ip

ip is the command used to show or manipulate routing and networking devices. It is a replacement for the deprecated commands ifconfig, route and arp. It also covers parts of netstat which is mostly replaced by ss.

As with most modern style commands it comes with various sub-commands.

Sub-Command Meaning
addr Display IP addresses and their properties
link Manage network interfaces
route Display and alter the routing table
neigh Show neighboring object (Think arp for IPv4)
maddr Display and manage multicast addresses

As an example lets add an address to an interface (eth0) in the down state, set promiscuous mode and activate it.

ip addr add 192.168.1.1/24 dev eth0
ip link set eth0 promisc on
ip link set eth0 up
1
2
3

Given that all worked well we can now listen to all traffic that is received by the interface.

TIP

Caveat: Don't do this on a remote machine!
Use ip route to add a default route pointing to your loopback interface. Check that this worked and delete the route.
Hint: Once the route is set you will not be able to access the internet anymore.

# ss

Used to display socket statistics. Replaces netstat and is very useful for diagnosing network issues, finding out what is listening on your server, i.e. which services you expose to the world.

A classic call would be

ss -tulpen
1

TIP

Go and figure out what these flags do

# ethtool

Lets you query and control the network driver and hardware settings. For example ethtool -g eth0 displays the ring buffer for eth0.

# dig

dig is used to perform DNS queries. This is often useful when gathering information about domains. By default you will get the A record(s) but you can specify what it is you are looking for. With any you can get a lot of information. If all this sounds strange to you, do not worry. DNS is a big topic.

dig google.com NS
dig ns1.google.com AAAA
1
2

Would give you the name servers for google.com and the IPv6 address of one of them respectively.

dig can of course also do reverse queries and all other things DNS.

# host

host is very similar to dig but some prefer the output style of this command.

TIP

Use host to perform a reverse lookup for the IPv6 address of ns1.google.com

# ssh

ssh provides a method to remotely login to a machine through an encrypted channel. It can be used with username and password or with cryptographic keys. Most production servers however will only allow key based authentication.

You can also use ssh to bind remote ports to local ports in a process known as port forwarding. A sometimes very helpful technique.

TIP

On a remote machine install and start an http-server that listens only on that servers localhost address on port 80. Tunnel this connection to your localhost on port 8080.

# RSA Keys

The first time you connect via ssh to a remote machine, the tool will ask you to verify and trust that machines fingerprint. You can use this step to verify that the machine you are talking to is the one it claims to be. What is really interesting about this feature it that the connection between this machine and the key behind the fingerprint is stored. Should the fingerprint change at any point in the future, you will get a warning about it and ssh will refuse to connect until you have taken some extra steps. This is meant to stop an evil actor from tricking you into using their machine instead of the legitimate one.

One legitimate reason a fingerprint might change is if the server you are connecting to got reinstalled.

# openssl

openssl is a tool set that allows you to interact with TLS/SSL enabled servers.

It is very useful for debugging SSL issues but can also be used to generate keys and certificates, calculate digests, interact with S/MIME mails and a few other things.

TIP

Find the command you can use to connect to a website and print its certificate.

# Deprecated but still relevant

# ifconfig

ifconfig will display the configuration for all available interfaces. It can also be used to temporarily modify interface settings for experiments or to aid in debugging efforts.

# route

route is used to show where packets sent from your machine will go next depending on their destination address.

# netstat

netstat is used to display statistics about sockets and current connections.