# Networking
# Basic Terms
Before we start into a very (very) brief introduction to networking in Linux lets lay some groundwork by defining common terms. This might be boring so feel free to skip it if you already know this stuff.
| Term | Definition |
|---|---|
| Host | A participant in the network. Basically a computer/phone/"smart"-device |
| Network | A collection of two or more host that are able to communicate with each other |
| Internet | A global network comprised of many smaller networks |
| Service | A feature being provided by one host to another. An example would be a server providing a webpage to a client |
| Router | A host that can connect multiple networks |
| TCP/IP | The shortened name of the protocols used to make the Internet work |
| Packet | A piece of data transmitted through a network |
| IP Address | A numerical value assigned to a host used to identify it as source or destination of a packet. Think postal address |
| Network Mask | Defines which part of the IP Address is the network identifier. Think ZIP Code. A router needs this to work |
| Hostname | A human friendly name that can be given to a host |
| DHCP | A protocol used to assign network related and potentially other information to a host at the time it connects to a network |
| DNS | A system that resolves human friendly strings to IP Addresses. Basically what enables you to type google.com instead of 192.168.0.1 (not the real deal 😉) |
# IP addresses and IPv4 vs IPv6
This topic is long and complex so I will write a separate course on it at some point in the future. For now lets just say there are two types of IP addresses that you need to be aware of IPv4 and IPv6. The reason behind the existence of IPv6 is that we basically ran out of IPv4 addresses.
IPv4 addresses are 32-bit long and look like this 10.0.0.1 where each number
has a range from 0 to 255. This gives us about 4.3 billion addresses to work
with modulo some reserved spaces. Well it was enough for some time but as stated
we ran out. This led to something called NAT which stands for Network Address
Translation, which is sort of ugly because it breaks the basic principal that
connections in IP are direct and was misused as a "security" mechanism.
Enter IPv6 which was officially "standardized" in 1998. The addresses are 128-bit long giving us way more space. It also solves a bunch of other issues present in IPv4 but is a breaking change which means that IPv6 is not backward compatible with IPv4. The adoption is rather slow due to multiple factors which we will not explore now. Suffice it to say that IPv4 will be around for a long time but IPv6 is already relevant in the world of IT.
# Configuration Files
When configuring network devices start with two questions:
- Is the connection wired or wireless?
- Is the configuration static or dynamic?
Armed with this knowledge lets dive into the configuration files.
# DNS
In most distributions the current settings for domain name resolution can be
found in /etc/resolv.conf. This file will usually contain one or more
nameserver entries and a note on how it is auto-generated and where actual and
persistent changes should be made.
# Additional Configuration
Here is a list of additional files that play a role in the overall network configuration. Like most of this tutorial the files listed are for Debian based distributions and your milage may vary.
| File | Content |
|---|---|
/etc/hosts | Contains host to IP mappings. Used to supplement the DNS server |
/etc/hostname | Defines the local hosts name |
/etc/network/interfaces | Contains the configuration for network interfaces |
/etc/nsswitch.conf | Used to define the order of DNS resolution. For example use local files first and a DNS server second |
# Restarting the networking sub-system
After changing the configuration of the network it is almost always necessary to
restart the networking sub-system. This can be done in multiple ways and is of
course dependant on your distribution. On the latest Ubuntu for example the
command would be systemctl restart networking.
# Tools
Linux comes with a wide range of network diagnostics and interaction tooling out of the box. Lets look at some examples.
# ping
The ping command can be used to determine if a remote machine is "reachable"
from your host. Be aware that some administrators disable ping responses on
machines under their control.
TIP
Figure out how you can limit the amount of pings you send without manually aborting.
# ip
ip is the command used to show or manipulate routing and networking devices.
It is a replacement for the deprecated commands ifconfig, route and arp.
It also covers parts of netstat which is mostly replaced by ss.
As with most modern style commands it comes with various sub-commands.
| Sub-Command | Meaning |
|---|---|
| addr | Display IP addresses and their properties |
| link | Manage network interfaces |
| route | Display and alter the routing table |
| neigh | Show neighboring object (Think arp for IPv4) |
| maddr | Display and manage multicast addresses |
As an example lets add an address to an interface (eth0) in the down state, set promiscuous mode and activate it.
ip addr add 192.168.1.1/24 dev eth0
ip link set eth0 promisc on
ip link set eth0 up
2
3
Given that all worked well we can now listen to all traffic that is received by the interface.
TIP
Caveat: Don't do this on a remote machine!
Use ip route to add a default route pointing to your loopback interface.
Check that this worked and delete the route.
Hint: Once the route is set you will not be able to access the internet anymore.
# ss
Used to display socket statistics. Replaces netstat and is very useful for
diagnosing network issues, finding out what is listening on your server, i.e.
which services you expose to the world.
A classic call would be
ss -tulpen
TIP
Go and figure out what these flags do
# ethtool
Lets you query and control the network driver and hardware settings.
For example ethtool -g eth0 displays the ring buffer for eth0.
# dig
dig is used to perform DNS queries. This is often useful when gathering
information about domains. By default you will get the A record(s) but you
can specify what it is you are looking for. With any you can get a lot
of information. If all this sounds strange to you, do not worry. DNS is a
big topic.
dig google.com NS
dig ns1.google.com AAAA
2
Would give you the name servers for google.com and the IPv6 address of one of
them respectively.
dig can of course also do reverse queries and all other things DNS.
# host
host is very similar to dig but some prefer the output style of this
command.
TIP
Use host to perform a reverse lookup for the IPv6 address of ns1.google.com
# ssh
ssh provides a method to remotely login to a machine through an encrypted
channel. It can be used with username and password or with cryptographic keys.
Most production servers however will only allow key based authentication.
You can also use ssh to bind remote ports to local ports in a process known as port forwarding. A sometimes very helpful technique.
TIP
On a remote machine install and start an http-server that listens only on that servers localhost address on port 80. Tunnel this connection to your localhost on port 8080.
# RSA Keys
The first time you connect via ssh to a remote machine, the tool will ask you to verify and trust that machines fingerprint. You can use this step to verify that the machine you are talking to is the one it claims to be. What is really interesting about this feature it that the connection between this machine and the key behind the fingerprint is stored. Should the fingerprint change at any point in the future, you will get a warning about it and ssh will refuse to connect until you have taken some extra steps. This is meant to stop an evil actor from tricking you into using their machine instead of the legitimate one.
One legitimate reason a fingerprint might change is if the server you are connecting to got reinstalled.
# openssl
openssl is a tool set that allows you to interact with TLS/SSL enabled
servers.
It is very useful for debugging SSL issues but can also be used to generate keys and certificates, calculate digests, interact with S/MIME mails and a few other things.
TIP
Find the command you can use to connect to a website and print its certificate.
# Deprecated but still relevant
# ifconfig
ifconfig will display the configuration for all available interfaces. It can
also be used to temporarily modify interface settings for experiments or to aid
in debugging efforts.
# route
route is used to show where packets sent from your machine will go next
depending on their destination address.
# netstat
netstat is used to display statistics about sockets and current connections.