Linux: Network Services and Configurations
Basics
Linux uses a layered approach (local files and external resources) to figure out how to resolve internal and external system names.
- /etc/hosts
- /etc/resolv.conf
- /etc/nsswitch.conf
/etc/hosts
/etc/nosts is a plain text file where we manually map hostname to IP addresses so the system can resolve names without relying on DNS. It is useful for environment where DNS is not available.
ex:
192.168.1.101 server1.local
192.168.1.102 server2.local
/etc/resolv.conf
/etc/resolv.conf tells Linux which DNS servers to use when resolving names that are not listed in /etc/hosts. It is useful for troubleshooting internet related issues or the system cannot resolve external domain names.
/etc/nsswitch.conf
/etc/nsswutch.conf controls the order in which the system tries different methods to resolve names and other data.
hosts: files dns # check local /etc/hosts first before querying external DNS
hosts: dns files # check external DNS first before checking local /etc/hosts
NetworkManager
nmcli
nmcli is a command line interface for interacting with NetworkManager, allowing admin to monitor and manage network connections on Linux.
nmcli device status # to show the status of all devices
nmcli general status # to check overall networking health
nmcli connection show # to lists configured connections
nmcli connection up <CONNECTION-NAME> # to activate a specific network connection
nmcli connection don <CONNECTION-NAME> # to deactivate a specific network connection
nmcli connection edit <CONNECTION-NAME> # to open an interactive editor for detailed changes
nmcli connection reload # to reload the settings after editing
nm-connection-editor is a GUI tool for editing NetworkManager connection profiles without needing to use the command line. Just type nm-connection-editor in the terminal to start the GUI.
.nmconnection is a configuration file used by NetworkManager to store settings for a specific network profile. They are located in /etc/NetworkManager/system-connections/
Netplan
Netplan is the default tool used to configure and manage network settings in Debian Linux. It uses YAML files to centralize network configurations.
Configuration Files
Network configuration files are written in YAML. They are stored in /etc/netplan/ directory. Configurations are not applied automatically. They must be activated before they take effect.
ex:
network:
version: 2
renderer: networkd
ethernets:
eth0:
addresses: [192.168.1.50/24]
gateway4: 192.168.1.1
nameservers:
addresses: [8.8.8.8, 1.1.1.1]
This tells netplan to configure a static IP address on eth0.
netplan try
netplan try is used to try a new network configuration temporarily, with a built-in safety mechanism. This commands applies changes for 120 seconds by default before reverting the configuration if not confirmed.
netplan apply
netplan apply is used to permanently apply changes made in the configuration files. This command reads the configurations from /etc/netplan/, applies the changes to the system, and activates the associated network interfaces.
netplan status
netplan status verifies which configuration is active, which interfaces are managed by which renderer, and their current settings.
IP Network Management Tool
ifconfig
ipconfig is a legacy tool used to configure ip network on Linux system. It is getting deprecated in for of ip command suite.
ex:
ifconfig # to view currently active network interface.
ip address
ip address is used to view and manage IP address configuration of system network interfaces.
ex:
ip address show # to view ip address configuration. or simply "ip a"
ip address show dev eth0 # to view ip address config of interface eth0
ip address add 192.168.1.100/24 dev eth0 # to add a ip address to eth0
ip address del 192.168.1.100/24 dev eth0 # to delete a ip address to eth0
ip address flush dev eth0 # to flush all ip addresses from eth0
ip link
ip link focuses on network interface link layer (Layer 2 of the OSI model)
ip link show # to view interfaces
ip link set eth0 up # to bring interface up
ip link set eth0 down # to bring interface down
ip link set eth0 mtu 9000 # to change the MTU
ip link set eth0 dev eth0 address 12:23:34:45:56:67 # to change the MAC address of the NIC
ip route
ip route is used to display and manage the kernel's routing table, which determines how network traffic is forwarded.
ip route add 10.0.0.0/24 via 192.168.1.99 # to add a network route
ip route add 172.16.0.0/16 via eth1 # to add a network route via an interface
ip route add default via 192.168.1.1 # to add a default route
ip route del 10.0.0.0/24 # to delete a route
Network Configuration Tools
hostname
hostname is used to view or set the system's network name. Use hostnamectl set-hostname server1 to permanently set the hostname of the system to server1.
arp
arp is used to show or manage the system's Address Resolution Protocol (ARP) table.
arp -n # to all arp cache
arp -a # to display all arp entries
arp -s 192.168.1.10 12:23:34:45:56:67 # to set a static entry
arp -d 192.168.1.10 # to delete an entry
ethtool
ethtool is used for querying and configuring Ethernet network interface configurations. It is used to query driver information, test link status, change interface speed, and change duplex settings.
ex:
ethtool eth0 # to view NIC details such as speed, duplex mode, link status, and firmware info
ethtool eth0 | grep "Link detected" # to check the link status
ethtool -s eth0 autoneg on # to enable speed auto negotiation
ethtool -s eth0 autoneg off # to disable speed auto negotiation
ethtool -s eth0 speed 100 duplex full # to set the speed and duplex mode
ethtool -t eth0 # to test the link
ethtool -S eth0 # to display statistics
Network Connectivity Tools
ping/ping6
ping is used to test basic reachability and round-trip response time to remote systems over IPv4. The syntax is ping <DESTINATION>
ex:
ping 192.168.1.1 # to send ICMP echo request to IP address
ping mysite.com # to send ICMP echo request to hostname
ping -c 3 mysite.com # to send 3 ping
ping -c 4 -i 2 mysite.com # to send 4 ping with a 2 second interval between each ping
ping -s 1400 mysite.com # to send pings with 1400-byte payloads
ping6 is used to test basic reachability and round-trip response time to remote systems over IPv6.
traceroute
traceroute shows the full path packets take to a destination. The syntax is traceroute <DESTINATION>
ex:
traceroute mysite.com # to see all hops along the path including response time
traceroute -I mysite.com # to use ICMP instead of UDP
traceroute -T -p 80 mysite.com # to use TCP port 80
traceroute -m 10 mysite.com # to limit number of hops to 10
traceroute -q 2 mysite.com # to change number of probe packet per hop. Default is 3
tracepath
Similar to traceroute but does not require root privilege. The syntax is tracepath <DESTINATION>.
ex:
tracepath -m 15 google.com # to set the maximum number of hops
mtr
mtr is a short for My Traceroute. it combines the functions of both ping and traceroute into a live, interactive view of each network hop. The syntax is mtr mysite.com.
ex:
mtr mysite.com
iperf3
iperf3 is an advanced tool used to test actual network throughput between systems and assess bandwidth performance under real conditions. The general syntax is iperf3 -c <DESTINATION>.
ex:
iperf3 -s # to start the server
iperf3 -c 192.168.1.50 # to test client
iperf3 -c 192.168.1.50 -t 60 # to test client for 60 seconds
iperf3 -c 192.168.1.50 -P 8 # to set 8 parallel streams
iperf3 -c 192.168.1.50 -J # to output JSON
Network Scanning and Traffic Analysis Tools
ss
ss is the quickest way to look at the sockets the system is using.
ss -t # to show all TCP connections
ss -u # to show all UDP connections
ss -l # to show listening sockets only
ss -a # to show all connections
ss -p # to show processes using sockets
ss -lnt src :22 # to show SSH connections
nc (netcat)
nc or netcat is a tool to talk to network services.
nc mysite.com 80 # to connect to the host on port 80
nc -l -p 2345 # to listen for connections in server mode
tcpdump
tcpdump is used for network traffic capture and analysis.
tcpdump -i eth0 # to capture packets from eth0
tcpdump -i eth0 -c 100 -w netlog.pcap # to capture first 100 packets from eth0 and write to a file
tcpdump -i eth0 # to capture packets from eth0
tcpdump -i eth0 tcp # to capture only TCP
tcpdump -i eth0 udp # to capture only UPD
nmap (Network Mapper)
nmap is a reconnaissance tool used to scan networks.
ex:
nmap 192.168.0.50 # to scan a single host
nmap 192.168.0.50 192.168.0.51 # to scan multiple hosts
nmap -p 80,443 192.168.0.52 # to scan host or network for specific ports
nmap -p 1-3000 192.168.1.55 # to scan a host for a range of ports
nmap -sV 192.168.1.50 # to detect services running on the host
nmap -O 192.168.1.50 # to guess OS running on the host
nmap -sS -p 22,80,443 -T4 -Pn 192.168.10.0/24 # to scan the network for hosts with open common ports (22, 80,and 443)
nmap -sS 192.168.0.55 # to perform a half open SYN scan which is faster and stealthier
nmap -F 192.168.0.60 # scan top 100 ports
nmap -Pn 192.168.0.55 # scan without ping
nmap --script=vuln 192.168.0.55 # to run vulnerability scan
DNS Tools
nslookup
nslookup is used to look up domain names. nslookup <DOMAIN> [DNS SERVER].
ex:
nslookup # enter the interactive mode
nslookup mysite.com # to query a domain records
nslookup -type=A mysite.com # to query specific record type such as A,AAAA,MX,TXT
nslookup mysite.com 9.9.9.9 # to query using a specific DNS server
dig (Domain Information Groper)
dig is used to get the full DNS exchange when looking up for domain names. It is more powerful than nslookup. dig [@SERVER] <DOMAIN> [TYPE] [OPTIONS]
ex:
dig mysite.com # to lookup a simple domain name
dig mysite.com AAAA # to query a specific record type
dig mysite.com +short # to obtain a short output
dig -x 88.89.90.91 # to perform a reverse DNS lookup
dig @8.8.8.8 mysite.com # to query using a specific DNS server
resolvectl
resolvectl is a DNS resolver service in systemd. resolvectl <VERB> [ARGUMENTS]
ex:
resolvectl query mysite.com # to query DNS