6 minute read

Having access to the network is a key feature of most Linux systems. Users want to surf the net, send and receive email and transfer files with other users.

Typically the programs that perform these functions, such as web browsers and email clients, are reasonably easy to use. However, they all rely on an important feature: the ability of your computer to communicate with another computer.

Linux provides you with several tools to both configure your network as well as monitor how it is performing.‌⁠​​⁠​ 

ifconfig command

The ifconfig command stands for interface configuration and is used to display network configuration information.

It is important to note from the output below that the IP address of the primary network device eth0 is 192.168.1.2 and that the device is currently active UP:


root@localhost:~# ifconfig                                     
eth0      Link encap:Ethernet  HWaddr b6:84:ab:e9:8f:0a
          inet addr: 192.168.1.2  Bcast:0.0.0.0  Mask:255.255.255.0
          inet6 addr: fe80::b484:abff:fee9:8f0a/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:95 errors:0 dropped:4 overruns:0 frame:0
          TX packets:9 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:25306 (25.3 KB)  TX bytes:690 (690.0 B)
lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1 
          RX packets:6 errors:0 dropped:0 overruns:0 frame:0  
          TX packets:6 errors:0 dropped:0 overruns:0 carrier:0 
          collisions:0 txqueuelen:0 
          RX bytes:460 (460.0 B)  TX bytes:460 (460.0 B)

The lo device is referred to as the loopback device. It is a special network device used by the system when sending network-based data to itself.

The ifconfig command can also be used to modify network settings temporarily. Typically these changes should be permanent, so using the ifconfig command to make such changes is relatively rare.

route command

A router (or gateway) is a machine that allows hosts from one network to communicate with another network. To view a table that describes where network packages are sent, use the route command:


root@localhost:~# route    
Kernel IP routing table 
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface 
192.168.1.0     *               255.255.255.0   U     0      0        0 eth0  
default         192.168.1.1     0.0.0.0        UG     0      0        0 eth0

The first highlighted line in the preceding example indicates that any network package sent to a machine in the 192.168.1 network is not sent to a gateway machine (the * indicates no gateway).

The second highlighted line indicates that all other network packets are sent to the host with the IP address of 192.168.1.1 (the router).

Some users prefer to display this information with numeric data only, by using the -n option to the route command. For example, look at the following and focus on where the output used to display default:


root@localhost:~# route -n    
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface 
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
0.0.0.0        192.168.1.1     0.0.0.0         UG    0      0        0 eth0

The 0.0.0.0 refers to all other machines, and is the same as default.

ping command

The ping command can be used to determine if another machine is reachable.

If the ping command can send a network package to another machine and receive a response, then you should be able to connect to that machine.

By default, the ping command continues sending packages endlessly. To limit how many pings to send, use the -c option followed by a number indicating how many iterations you desire.

If the ping command is successful, it looks like the following example:


root@localhost:~# ping -c 4 192.168.1.2 
PING 192.168.1.2 (192.168.1.2) 56(84) bytes of data.
64 bytes from 192.168.1.2: icmp_req=1 ttl=64 time=0.051 ms
64 bytes from 192.168.1.2: icmp_req=2 ttl=64 time=0.064 ms 
64 bytes from 192.168.1.2: icmp_req=3 ttl=64 time=0.050 ms 
64 bytes from 192.168.1.2: icmp_req=4 ttl=64 time=0.043 ms
   
--- 192.168.1.2 ping statistics ---   
4 packets transmitted, 4 received, 0% packet loss, time 2999ms 
rtt min/avg/max/mdev = 0.043/0.052/0.064/0.007 ms

If the ping command fails, a message stating, Destination Host Unreachable displays:


root@localhost:~# ping -c 4 192.168.1.1 
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
From 192.168.1.2 icmp_seq=1 Destination Host Unreachable
From 192.168.1.2 icmp_seq=2 Destination Host Unreachable
From 192.168.1.2 icmp_seq=3 Destination Host Unreachable
From 192.168.1.2 icmp_seq=4 Destination Host Unreachable
 
--- 192.168.1.1 ping statistics --- 
4 packets transmitted, 0 received, +4 errors, 100% packet loss, time 2999ms
pipe 4

It is important to note that just because the ping command fails does not mean that the remote system is unreachable.

Some administrators configure their machines (and even entire networks!) to not respond to ping requests because a server can be attacked by something called a denial of service attack.

In this sort of attack, a server is overwhelmed by a massive number of network packets. By ignoring ping requests, the server is less vulnerable.

As a result, the ping command may be useful for checking the availability of local machines, but not always for machines outside of your own network.

netstat command

The netstat command is a powerful tool that provides a large amount of network information. It can be used to display information about network connections as well as display the routing table similar to the route command.

For example, to display statistics regarding network traffic, use the -i option to the netstat command:


root@localhost:~# netstat -i 
Kernel Interface table 
Iface   MTU Met   RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0       1500 0       137      0      4 0        12      0      0      0 BMRU
lo        65536 0        18      0      0 0        18      0      0      0 LRU

The most important statistics from the output above are the TX-OK and TX-ERR. A high percentage of TX-ERR may indicate a problem on the network, such as too much network traffic.

To use the netstat command to display routing information, use the -r option:


root@localhost:~# netstat -r
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
192.168.1.0     *               255.255.255.0   U         0 0          0 eth0 
default         192.168.1.1     0.0.0.0        UG         0 0          0 eth0 

The netstat command is also commonly used to display open ports.

A port is a unique number that is associated with a service provided by a host. If the port is open, then the service is available for other hosts.

The SSH service is assigned port #22. So, if port #22 is open, then the service is available to other hosts.

It is important to note that the host also needs to have the services running itself; this means that the service (in this case the ssh daemon) that allows remote users to log in needs to be started .

To see a list of all currently open ports, use the following command:


root@localhost:~# netstat -tln 
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State 
tcp        0      0 192.168.1.2:53          0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN 
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN 
tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN 
tcp6       0      0 :::53                   :::*                    LISTEN
tcp6       0      0 :::22                  :::*                    LISTEN 
tcp6       0      0 ::1:953                 :::*                    LISTEN 

As you can see from the output above, port #22 is listening, which means it is open.

In the previous example, -t stands for TCP , -l stands for listening (which ports are listening) and -n stands for show numbers, not names.

host command

In its simplest form, the host command works with DNS to associate a hostname with an IP address. As used in a previous example, example.com is associated with the IP address of 192.168.1.2:


root@localhost:~# host example.com
example.com has address 192.168.1.2

The host command can also be used in reverse if an IP address is known, but the domain name is not.


root@localhost:~# host 192.168.1.2
2.1.168.192.in-addr.arpa domain name pointer example.com.
2.1.168.192.in-addr.arpa domain name pointer cserver.example.com.

Other options exist to query the various aspects of a DNS such as a CNAME canonical name -alias:


root@localhost:~# host -t CNAME example.com
example.com has no CNAME record

Since many DNS servers store a copy of example.com, SOA Start of Authority records indicate the primary server for the domain:


root@localhost:~# host -t SOA example.com
example.com has SOA record example.com. cserver.example.com. 2 604800 86400 2419200 604800