Networking in Linux¶
- There are several tools in Linux for network management
- In this section we go through the most essential network settings and tools that are required for managing network settings in desktop and server installation
Network settings¶
- Computer is connected to the network via network interface adapter
- The most important network information from computer's network interfaces can be retrieved with ip address command (similar to ipconfig command in Windows environments)
- Some essential network information from ip address command includes:
- MAC address of network interface (HWaddr)
- IPv4 and IPv6 addresses (inet addr and inet6 addr)
- Networks broadcast address (Bcast)
- Below is an example of ip address command output
testuser@ubuntu-PC:~$ ip address show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 08:00:27:88:bf:fa brd ff:ff:ff:ff:ff:ff
inet 10.0.2.15/24 brd 10.0.2.255 scope global dynamic noprefixroute enp0s3
valid_lft 86282sec preferred_lft 86282sec
inet6 fe80::aea6:99d1:a75f:c6b1/64 scope link noprefixroute
valid_lft forever preferred_lft forever
- This command retrieves the layer 2 (MAC address) and layer 3 (IP addresses) information
- To print layer 2 information only ip link show command should be used like in the example below
testuser@ubuntu-PC:~$ ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
link/ether 08:00:27:88:bf:fa brd ff:ff:ff:ff:ff:ff
- ip link command can also be used to shutdown and activate network interface
- This can be done by providing down parameter for the command
testuser@ubuntu-PC:~$ sudo ip link set enp0s3 down
testuser@ubuntu-PC:~$ ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s3: <BROADCAST,MULTICAST> mtu 1500 qdisc fq_codel state DOWN mode DEFAULT group default qlen 1000
link/ether 08:00:27:88:bf:fa brd ff:ff:ff:ff:ff:ff
- As can be seen from the example above, network interface enp0s3 was set in down state meaning that network connection cannot be used
- Interface can again be activated with up parameter
Static IP address¶
- Like shown with the ip address show command, IP address for the primary network interface enp0s3 was assigned automatically (dynamic) like in the example below
- inet 10.0.2.15/24 brd 10.0.2.255 scope global dynamic noprefixroute enp0s3
- This is the usual case when using a desktop computer where IP address information is retrieved during each system bootup from DHCP server (Dynamic Host Configuration Protocol) in network
- However when operating with server environment, IP address must stay the same (static)
- This is important since clients using the services running in server want to find server behind the same IP address or name
- Static network information is controlled with netplan utility in newer Ubuntu distributions
- Network configuration is stored in yaml file under the /etc/netplan directory
testuser@ubuntu-PC:~$ sudo nano /etc/netplan/*.yaml
# Let NetworkManager manage all devices on this system
network:
version: 2
renderer: NetworkManager
- Below is the example where static IP address information is set for the enp0s3 network interface
# Let NetworkManager manage all devices on this system
network:
version: 2
renderer: NetworkManager
ethernets:
enp0s3:
addresses: [10.0.2.20/24]
dhcp4: false
gateway4: 10.0.2.1
nameserver:
addresses: [10.0.2.1]
- This configuration must then be applied with the following command:
testuser@ubuntu-PC:~$ sudo netplan apply
Ping (Packet Internet Groper)¶
- ping command can be used to check connectivity between two computers
- Command takes IP address, URL or hostname as parameter (syntax → ping target)
- Data packets are sent to target and possible responses from target computer are then printed to the screen
- By default in Linux systems ping command will print responses until user interrupts the print with Ctrl + C keys
-
Below are two examples where there is connectivity between computers and one case where target host cannot be reached
-
Example 1: Try connectivity to host www.google.com with 5 packets.
testuser@ubuntu-PC:~$ ping -c 5 www.google.fi
PING www.google.fi (216.58.207.195) 56(84) bytes of data.
64 bytes from arn11s04-in-f3.1e100.net (216.58.207.195): icmp_seq=1 ttl=116 time=20.1 ms
64 bytes from arn11s04-in-f3.1e100.net (216.58.207.195): icmp_seq=2 ttl=116 time=21.0 ms
64 bytes from arn11s04-in-f3.1e100.net (216.58.207.195): icmp_seq=3 ttl=116 time=21.3 ms
64 bytes from arn11s04-in-f3.1e100.net (216.58.207.195): icmp_seq=4 ttl=116 time=20.4 ms
64 bytes from arn11s04-in-f3.1e100.net (216.58.207.195): icmp_seq=5 ttl=116 time=21.1 ms
--- www.google.fi ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4017ms
rtt min/avg/max/mdev = 20.096/20.777/21.280/0.454 ms
- Example 2: Try connectivity to host 10.2.0.40
testuser@ubuntu-PC:~$ ping 10.2.0.40
PING 10.2.0.40 (10.2.0.40) 56(84) bytes of data.
^C
--- 10.2.0.40 ping statistics ---
21 packets transmitted, 0 received, 100% packet loss, time 20754ms
- As can be seen from the second example above, host 10.2.0.40 cannot be reached and no responses was printed
Hosts file¶
- Hosts file is used to translate hostnames to IP addresses
- Hosts file is always checked first and if desired entry cannot be found from it, system will then pass the request to the configured DNS server
- In Linux distributions hosts information is located in /etc/hosts
- Hosts file can be edited with the following command:
testuser@ubuntu-PC:~$ sudo nano /etc/hosts
127.0.0.1 localhost
127.0.1.1 ubuntu-PC
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
- IPv4 addresses are presented at the top and IPv6 addresses at the bottom
- For example, if the following line is added to the file: 10.0.2.2 gw name gw can be used instead of the IP address 10.0.2.2
testuser@ubuntu-PC:~$ ping gw
PING gw (10.0.2.2) 56(84) bytes of data.
64 bytes from gw (10.0.2.2): icmp_seq=1 ttl=64 time=0.595 ms
64 bytes from gw (10.0.2.2): icmp_seq=2 ttl=64 time=0.410 ms
64 bytes from gw (10.0.2.2): icmp_seq=3 ttl=64 time=0.602 ms
64 bytes from gw (10.0.2.2): icmp_seq=4 ttl=64 time=0.575 ms
^C
--- gw ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3102ms
rtt min/avg/max/mdev = 0.410/0.545/0.602/0.078 ms
DNS¶
- DNS (Domain Name System) works same way as previously presented hosts file: Translate IP addresses to hostnames
- Your computer is primarily relying in hosts file content when any host name is used anywhere in the system
- Like mentioned earlier, configured DNS servers will be connected when desired content cannot be found from hosts file
- Currently used DNS server for the system can be checked with the following systemd command:
testuser@ubuntu-PC:~$ resolvectl --status | grep Current
Current Scopes: DNS
Current DNS Server: 192.168.1.1
- Usually this server is the network router in home networks or small office environments
- Separate DNS server is then used in bigger environments
- DNS server can be changed through netplan which was previously used in setting static IP address information in this section
- Example: Let's add Google's Public DNS server addresses for our static IP address configuration under enp0s3 interface
testuser@ubuntu-PC:~$ sudo nano /etc/netplan/*.yaml
# Let NetworkManager manage all devices on this system
network:
version: 2
renderer: NetworkManager
ethernets:
enp0s3:
addresses: [10.0.2.20/24]
dhcp4: false
gateway4: 10.0.2.1
nameservers:
addresses: [8.8.4.4,8.8.8.8]
- Then after checking the current DNS server information, first entry from the nameservers list will be used
testuser@ubuntu-PC:~$ systemd-resolve --status | grep Current
Current Scopes: DNS
Current DNS Server: 8.8.4.4
- The existing hostname or url has an IP address which is used to connect to the service
- This IP address can be retrieved by using the host command followed by desired hostname
- host command can also be used to find out the hostname of known IP address
- Below is an example where active IP addresses of www.debian.org website are retrieved
testuser@ubuntu-PC:~$ host www.debian.org
www.debian.org has address 130.89.148.77
www.debian.org has IPv6 address 2001:67c:2564:a119::77
Netstat (Network statistics)¶
- netstat command can be used to display active network connections on the computer
- This includes both incoming (traffic going from network towards to your computer) and outgoing (traffic going out from your computer towards the network) connections
- Output from netstat command can be customized like with many other tools utilizing grep command
- Important: Some retrievable information requires administrative privileges so it is suggested to run netstat either with root account or with sudo command!
- Tool is not installed on newest release of Ubuntu by default so use the following command to install netstat:
testuser@ubuntu-PC:~$ sudo apt install net-tools
-
Below are some examples on how to use netstat in different situations
-
Example 1: List all TCP connections your computer is listening. In this example, the command is issued with the following parameters:
- -a (--all) → display all sockets
- -n (--numeric) → don't resolve names (show addresses in numeric format)
testuser@ubuntu-PC:~$ sudo netstat -an | grep LISTEN
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp6 0 0 :::22 :::* LISTEN
unix 2 [ ACC ] SEQPACKET LISTENING 15643 /run/udev/control
unix 2 [ ACC ] STREAM LISTENING 24240 /run/user/1000/systemd/private
unix 2 [ ACC ] STREAM LISTENING 24249 /run/user/1000/bus
unix 2 [ ACC ] STREAM LISTENING 24250 /run/user/1000/gnupg/S.dirmngr
unix 2 [ ACC ] STREAM LISTENING 24251 /run/user/1000/gnupg/S.gpg-agent.browser
unix 2 [ ACC ] STREAM LISTENING 24252 /run/user/1000/gnupg/S.gpg-agent.extra
unix 2 [ ACC ] STREAM LISTENING 15627 @/org/kernel/linux/storage/multipathd
unix 2 [ ACC ] STREAM LISTENING 24253 /run/user/1000/gnupg/S.gpg-agent.ssh
unix 2 [ ACC ] STREAM LISTENING 24254 /run/user/1000/gnupg/S.gpg-agent
unix 2 [ ACC ] STREAM LISTENING 24255 /run/user/1000/pk-debconf-socket
unix 2 [ ACC ] STREAM LISTENING 24256 /run/user/1000/snapd-session-agent.socket
unix 2 [ ACC ] STREAM LISTENING 20274 /var/snap/lxd/common/lxd/unix.socket
unix 2 [ ACC ] STREAM LISTENING 15614 /run/systemd/private
unix 2 [ ACC ] STREAM LISTENING 15616 /run/systemd/userdb/io.systemd.DynamicUser
unix 2 [ ACC ] STREAM LISTENING 15625 /run/lvm/lvmpolld.socket
unix 2 [ ACC ] STREAM LISTENING 15638 /run/systemd/journal/stdout
unix 2 [ ACC ] STREAM LISTENING 16383 /run/systemd/journal/io.systemd.journal
unix 2 [ ACC ] STREAM LISTENING 20256 /run/dbus/system_bus_socket
unix 2 [ ACC ] STREAM LISTENING 20276 /run/snapd.socket
unix 2 [ ACC ] STREAM LISTENING 20278 /run/snapd-snap.socket
unix 2 [ ACC ] STREAM LISTENING 20280 /run/uuidd/request
unix 2 [ ACC ] STREAM LISTENING 20273 @ISCSIADM_ABSTRACT_NAMESPACE
-
As can be seen from the output above, computer is listening for the following ports:
- SSH daemon on port 22
- DNS cacher on port 53
-
Example 2: Display kernel routing table using -r (--route) parameter
testuser@ubuntu-PC:~$ sudo netstat -r
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
default _gateway 0.0.0.0 UG 0 0 0 enp0s3
10.0.2.0 0.0.0.0 255.255.255.0 U 0 0 0 enp0s3
_gateway 0.0.0.0 255.255.255.255 UH 0 0 0 enp0s3
- First column (Destination) indicates the destination network where packets should be transferred
- Second column (Gateway) displays the router through which packets should be forwarded
-
For example, in order to reach the network 10.0.2.0, packets will be routed through address 0.0.0.0 (basically this means any address)
-
Example 3: List all TCP connections your computer is listening so that process ID (PID) is also displayed for each entry. In this example, command will be issued with the following parameters:
- -a (--all) → display all sockets
- -n (--numeric) → don't resolve names (show addresses in numeric format)
- -l (--listening) → display listening server sockets
- -p (--programs) → display PID/Program name for sockets
-
Important: This command should be issued with administrative privileges in order to retrieve the process information!
testuser@ubuntu-PC:~$ sudo netstat -anlp | grep LISTEN
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 559/systemd-resolve
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 607/sshd: /usr/sbin
tcp6 0 0 :::22 :::* LISTEN 607/sshd: /usr/sbin
unix 2 [ ACC ] SEQPACKET LISTENING 15643 1/init /run/udev/control
unix 2 [ ACC ] STREAM LISTENING 24240 877/systemd /run/user/1000/systemd/private
unix 2 [ ACC ] STREAM LISTENING 24249 877/systemd /run/user/1000/bus
unix 2 [ ACC ] STREAM LISTENING 24250 877/systemd /run/user/1000/gnupg/S.dirmngr
unix 2 [ ACC ] STREAM LISTENING 24251 877/systemd /run/user/1000/gnupg/S.gpg-agent.browser
unix 2 [ ACC ] STREAM LISTENING 24252 877/systemd /run/user/1000/gnupg/S.gpg-agent.extra
unix 2 [ ACC ] STREAM LISTENING 15627 1/init @/org/kernel/linux/storage/multipathd
unix 2 [ ACC ] STREAM LISTENING 24253 877/systemd /run/user/1000/gnupg/S.gpg-agent.ssh
unix 2 [ ACC ] STREAM LISTENING 24254 877/systemd /run/user/1000/gnupg/S.gpg-agent
unix 2 [ ACC ] STREAM LISTENING 24255 877/systemd /run/user/1000/pk-debconf-socket
unix 2 [ ACC ] STREAM LISTENING 24256 877/systemd /run/user/1000/snapd-session-agent.socket
unix 2 [ ACC ] STREAM LISTENING 20274 1/init /var/snap/lxd/common/lxd/unix.socket
unix 2 [ ACC ] STREAM LISTENING 15614 1/init /run/systemd/private
unix 2 [ ACC ] STREAM LISTENING 15616 1/init /run/systemd/userdb/io.systemd.DynamicUser
unix 2 [ ACC ] STREAM LISTENING 15625 1/init /run/lvm/lvmpolld.socket
unix 2 [ ACC ] STREAM LISTENING 15638 1/init /run/systemd/journal/stdout
unix 2 [ ACC ] STREAM LISTENING 16383 313/systemd-journal /run/systemd/journal/io.systemd.journal
unix 2 [ ACC ] STREAM LISTENING 20256 1/init /run/dbus/system_bus_socket
unix 2 [ ACC ] STREAM LISTENING 20276 1/init /run/snapd.socket
unix 2 [ ACC ] STREAM LISTENING 20278 1/init /run/snapd-snap.socket
unix 2 [ ACC ] STREAM LISTENING 20280 1/init /run/uuidd/request
unix 2 [ ACC ] STREAM LISTENING 20273 1/init @ISCSIADM_ABSTRACT_NAMESPACE
- As can be seen from the example above, the following PID:s are used:
- PID 559 for DNS cacher listening on port 53
- PID 607 for SSH daemon listening on port 22