4.4 Your Computer on the Network
4.4 Your Computer on the Network
Weight: 2
Description: Querying vital networking configuration and determining the basic requirements for a computer on a Local Area Network (LAN).
Key Knowledge Areas:
Internet, network, routers
Querying DNS client configuration
Querying network configuration
The following is a partial list of the used files, terms and utilities:
route, ip route show
ifconfig, ip addr show
netstat, ss
/etc/resolv.conf, /etc/hosts
IPv4, IPv6
ping
host
What is IP?
IP (Internet Protocol) is a set of rules that allows computers and devices to communicate with each other over a network. Every device connected to a network (like the Internet or a local network) must have an IP address so it can be identified and reached.
Think of IP like a postal system:
Every device has an address (IP address)
Data is sent in small packets
Each packet knows where it comes from and where it should go
IP works at Layer 3 (Network Layer) of the OSI model.
What is an IP Address?
An IP address is a unique number assigned to a device on a network. It identifies who you are and where you are on the network.
There are two main versions:
IPv4
IPv6
IPv4 Addressing
IPv4 Format
An IPv4 address is a 32-bit number, written as four decimal numbers separated by dots.
Example:
Each number is called an octet and ranges from 0 to 255.
So:
Network Part and Host Part
An IPv4 address is divided into:
Network part → identifies the network
Host part → identifies the device inside that network
Example:
192.168.1→ network10→ host
The exact split depends on the subnet mask.
IPv4 Classes (Classful Addressing)
Originally, IPv4 addresses were divided into classes.
IPv4 Classes Overview
A
1.0.0.0 – 126.0.0.0
255.0.0.0 (/8)
Very large networks
B
128.0.0.0 – 191.255.0.0
255.255.0.0 (/16)
Medium networks
C
192.0.0.0 – 223.255.255.0
255.255.255.0 (/24)
Small networks
D
224.0.0.0 – 239.255.255.255
—
Multicast
E
240.0.0.0 – 255.255.255.255
—
Reserved
Example:
⚠️ Today, classful addressing is mostly obsolete, but it is still important for learning basics.
Subnetting in IPv4
What is a Subnet?
A subnet is a smaller network created from a larger network.
Subnetting helps to:
Reduce broadcast traffic
Improve security
Use IP addresses efficiently
Subnet Mask
A subnet mask shows which part of the IP address is:
Network
Host
Example:
Binary view:
So:
This means:
First 24 bits → network
Last 8 bits → hosts
This is written as:
CIDR (Classless Inter-Domain Routing)
CIDR replaces classes and allows flexible subnet sizes.
Examples:
/24→ 256 addresses/26→ 64 addresses/30→ 4 addresses (often used for point-to-point links)
CIDR is what modern networking uses today.
Routing Basics
What is Routing?
Routing is the process of sending packets from one network to another.
A router decides:
Where the packet should go next
Based on the destination IP address
Routing Table
Routers use a routing table.
Example:
If no specific route matches, the default route is used.
Private and Public IPv4 Addresses
7.1 Private IP Ranges
These addresses are not routable on the Internet:
10.0.0.0/8172.16.0.0/12192.168.0.0/16
Used in:
Home networks
Data centers
Cloud internal networks
Public IP address
A public IP address is assigned to devices like routers, which are directly accessible over the internet. Public IPs are globally unique and traceable, which allows external devices to communicate with your network — but it also makes them visible and traceable to a specific location. To enhance privacy and security, devices within a local network typically share one public IP address.
Static IP address and Dynamic IP Address
Static IP address
Static IP addresses, also known as dedicated or fixed IP addresses, don’t change. Once a device is assigned an IP address, that address remains the same. Static IP addresses are common for web servers, email servers, or other devices that need to be consistently accessible at the same address.
Dynamic IP address
Dynamic IP addresses are temporary addresses assigned to devices by a network’s DHCP server each time a device connects to the network. This allows efficient use of available addresses, making it ideal for networks with many users. Dynamic IPs also offer security benefits, since their changing nature makes it harder for hackers to target.
NAT (Network Address Translation)
Because IPv4 addresses are limited, NAT is used.
NAT allows:
Many private IPs
To share one public IP
IPv6 Introduction
Why IPv6?
IPv4 has about 4.3 billion addresses, which is not enough.
IPv6 solves this problem.
IPv6 Format
IPv6 is a 128-bit address, written in hexadecimal.
Example:
Can be shortened:
IPv6 Characteristics
No classes
No NAT needed
Built-in support for security (IPsec)
Very large address space
IPv6 is the future of the Internet
IPv4 vs IPv6
Address size
32-bit
128-bit
Notation
Decimal
Hexadecimal
NAT
Common
Not needed
Classes
Yes (old)
No
Scalability
Limited
Massive
Linux Network Commands
Network commands are an essential toolkit for any network administrator or sysadmin. The commands help set up, troubleshoot, diagnose, and manage a Linux system's network connections.
ifconfig
ip address show (ip a)
route
ip route show (ip route)
netstat
ss
Linux provides many helpful networking commands and tools. The commands typically perform complex networking tasks like monitoring, troubleshooting, and network configuration. Most networking utilities are part of the older (legacy) net-tools package or the more modern iproute2.
Specific command syntax may differ depending on the command version. Double-check a command's syntax with:
man [command]
ip
The ip command is a unified networking tool for Linux systems. The ip command helps view and configure routing, interfaces, network devices, and tunnels.
The command is part of the iproute2 package and replaces many older networking tools, such as the route, ifconfig, and netstat commands.
syntax:
Each part of the command does the following:
[options]are the command-line parameters that modify the command's behavior.objectrepresents the available objects for configuration.[command]is a subcommand, an action performed on an object. The available commands differ depending on the object.
The ip command shows the help menu when used without any options, objects, or commands:
Add the -V option to see the current version:
The output prints the package and library version for the ip utility.
ip addr
The ip addr command manages and shows network interface IP addresses. The command aliases are ip address or ip a.
The syntax for the ip addr command is:
The available subcommands on the object are:
add- Adds a new address.show- Shows protocol addresses.del- Removes an address.flush- Flushes addresses based on specified criteria.
Every subcommand has additional options and keywords to perform specific tasks for the network interface addresses.
Example
The ip addr command without any subcommands shows the network interface information, including the associated IP addresses:
The output for ip addr show is identical.
To show a specific network interface, use the ip addr show subcommand and add the interface name. For example:
The command filters the ip addr output and shows only information relevant to the specified interface.
ip link
The ip link command manages and shows network interface information. It allows viewing, changing, enabling, and disabling network interfaces.
Syntax:
The subcommands enable the following actions:
show- Prints network interface information.set- Changes or adds information to a network interface.add- Adds a new network interface.del- Deletes a network interface.
Subcommands have additional options and allow targeting specific interfaces.
Example
The ip link command without any additional subcommands and options shows all network interface link information:
The ip link show command provides the same output.
To turn off and on an interface, use the following syntaxes as a superuser:
ip route
The ip route command shows and configures the IP routing table. The command allows users to adjust the routing table and perform other crucial networking tasks with the routing table.
Syntax
The following actions are available as subcommands:
show- Shows the routing table.add- Adds a new route to the table.del- Deletes a route from the table.change- Modifies an existing route.
The [destination] parameter determines where the network traffic is directed. Additional options help control the traffic flow further.
Example
To view the routing table, run the following command:
Each line in the output represents individual routes in the table.
ifconfig
The ifconfig (interface configuration) command manages and shows network interface information on a system. The command is part of the net-tools package.
Although the command has limited functions compared to the ip command, the ifconfig command is still commonly used for configuring network interfaces.
Syntax
The syntax breaks down into the following:
[interface]- The network interface to configure or show information for. The parameter is optional, and not specifying an interface shows the status of all active interfaces.[options]- Command-line options to perform specific actions or configure certain parameters. The parameter is also optional.
Example
To display all active network interfaces, run:
most commonly used option in ifconfig command:
Option
Description
Syntax
-a
Display all interfaces, including those that are down
ifconfig -a
-s
Display a short list, instead of details
ifconfig -s
-v
Run the command in verbose mode
ifconfig -v
up
Activate the driver for the given interface
ifconfig interface up
down
Deactivate the driver for the given interface
ifconfig interface down
ping
The Linux ping command is a network utility used to test a host's reachability on an Internet Protocol (IP) network. Its name comes from the sonar "ping" used in submarines, where a sound pulse is sent out to detect objects.
ping sends out ICMP (Internet Control Message Protocol) echo request packets to the target host and waits for echo replies. This method allows users to measure round-trip time and packet loss. The command is especially useful for troubleshooting network connectivity issues and assessing network performa
Syntax:
Here, "host_or_IP_address" represents the destination you want to ping.
The following example shows the ping command output when used without options:
Pinging continues until you press Ctrl + C to stop the process.
The output shows the following info:
from. The destination and its IP address. Note that a website's IP address may be different depending on your geographical location.icmp_seq=1. The sequence number of each ICMP packet. Increases by one for every subsequent echo request.ttl=58. The Time to Live value from 1 to 255. It represents the number of network hops a packet can take before a router discards it.time=13.1 ms. The time it took a packet to reach the destination and come back to the source. Expressed in milliseconds.
ping CommonOptions
-a
Generates a sound when the peer can be reached.
-c [count]
Limits the number of ping requests sent to the target.
-i [interval]
Sets the time (in seconds) to wait between sending ping requests.
-I [interface_address]
Sets the source IP address to the specified interface IP address. The option is required when pinging an IPv6 link-local address. You can use an IP address or the device name.
-n
Displays only numeric output (IP addresses instead of hostnames).
-q
Sets the source IP address to the specified interface IP address. The option is required when pinging an IPv6 link-local address. You can use an IP address or the device name.
-v
Provides more detailed output about each ping request and response.
Address Resolution in DNS (Domain Name Server)
DNS address resolution converts human-readable domain names into IP addresses that computers use to locate servers. It works like a digital phonebook, mapping names to numbers so websites can load correctly.
Translates domain names (e.g., www.example.com) into IP addresses
Essential for locating the correct server
Enables browsers to connect to websites
Functions like looking up a phone number in a contact list
Critical for proper internet communication
Key concepts of DNS
Domain Names: Human-readable addresses (e.g.,
www.google.com).IP Addresses: Numeric addresses used by computers to identify each other (e.g.,
172.217.3.110).DNS Records: Structured data that provides information about the domain name, such as IP address mappings
The Role of DNS Resolver in Address Resolution
DNS operates as a client-server application. A host that needs to map a domain name to an IP address (or vice versa) calls a DNS client called a resolver. The resolver accesses the nearest DNS server with a mapping request. Here's how the process works:
Step 1: The resolver sends a query to the nearest DNS server. Step 2: If the server has the required information, it returns the result. If not, it refers the resolver to other DNS servers. Step 3: The resolver checks if the response is correct and delivers it to the requesting application or user.
Caching Mechanism in DNS Resolution
DNS caching is a performance-enhancing mechanism used by DNS servers and client resolvers to temporarily store recently resolved domain-to-IP mappings. When a DNS server receives a response from another server during resolution, it stores this information in its cache so future queries for the same domain can be answered quickly without repeating the entire lookup process
/etc/resolve.conf
/etc/resolv.conf in Linux is the crucial DNS client configuration file that tells your system which DNS servers to query for resolving hostnames (like www.google.com) to IP addresses. It contains nameserver directives listing DNS server IPs, search for domain suffixes, and is often automatically managed by network tools (NetworkManager, systemd-resolved), sometimes as a symlink to a managed file, but you can edit it manually for custom DNS settings. Key Components:
nameserver IP_ADDRESS: Specifies the IP of a DNS server to use, with multiple entries tried in order.search DOMAIN: Defines domains to append to short hostnames (e.g.,search local.lanlets you pingserver1instead ofserver1.local.lan).domain DOMAIN: Sets the local domain name for the system.
Example Content:
/etc/hosts
Before DNS became a network standard, the /etc/hosts file was used to resolve an IP address to a fully qualified domain name (FQDN). This file can be used to manually link an FQDN to an IP address, such as a test server or internal network workstation, without editing DNS server entries. Care should be taken when editing this file.
host
The host command is a simple tool for performing DNS lookups. The command resolves IP addresses into domain names and vice versa.
Use the command to perform a query for DNS records and basic DNS troubleshooting.
Syntax
The various [options] control the command's behavior, such as the query type or the start of authority (SOA) for the provided domain.
Example
To perform a simple DNS lookup, use the host command and provide a hostname or IP address. For example:
The output shows the resolved IPv4 and IPv6 addresses for the provided hostname.
dig
The dig command queries Domain Name Systems (DNS) and finds information for DNS records. The command collects domain name information and associated records.
Use dig to troubleshoot DNS issues and to verify DNS configuration on a Linux system. It is suitable for creating scripts and automating tasks related to network troubleshooting. The robust command is so prevalent in network troubleshooting that a Windows version of dig is available.
Syntax:
The components of the command are:
[options]- Parameters that modify the behavior of the command.[domain]- The domain name to query.[record type]- The DNS record type to query. Defaults to A records.[DNS server]- A specified DNS server for the query.
All parameters are optional. The command shows the default DNS resolver information and query statistics without additional options.
Example
To perform a simple DNS lookup, run the command with a domain name:
Linux Name resolution flowchart:
netstat
The netstat command is a command-line tool for retrieving network statistics. It provides an overview of network activity and displays which ports are open or have established connections. netstat is essential for diagnosing network issues.
The netstat command can be used without parameters to display active network connections:
The output displays details of active internet connections across six columns:
Proto. Protocol of the connection (e.g., TCP, UDP).
Recv-Q. Number of bytes received and waiting in the queue to be processed.
Send-Q. Number of bytes waiting in the queue to be sent.
Local address. Local address and port of the connection. An asterisk (*) in the host indicates that the server is listening on all available interfaces, and a port may not yet be established.
Foreign address. Remote address and port of the connection. An asterisk (*) appears if a connection is not yet established.
State. State of the local socket. Values include
ESTABLISHED,LISTENING,CLOSED, or blank.
The second list shows all active Unix Domain open sockets with the following details:
Proto. Protocol used by the socket (always
unix).RefCnt. Reference count of the number of processes attached to this socket.
Flags. Flags associated with the socket, usually
ACCor blank.Type. The socket type.
State. State of the socket, most often
CONNECTED,LISTENING, or blank.I-Node. File system inode (index node) associated with this socket.
Path. File system path to the socket.
You can expand the netstat command with options to filter or customize output:
netstat Command Options
-a
Display all active TCP and UDP connections and listening ports.
-t
Display only TCP connections.
-u
Display only UDP connections.
-l
Show only sockets that are actively listening for incoming connections.
-p
Display the Process ID (PID) and program name associated with each socket.
-n
Display addresses and port numbers in numeric format without resolving names.
-r
Display the kernel routing table.
-s
Provide summary statistics for each protocol.
-c
Continuously update the output every second.
-e
Display extended information, including timers and user IDs.
the most usefule switches are netstat -tuna .
ss
The ss (socket statistics) tool is a CLI command used to show network statistics. The ss command is a simpler and faster version of the now obsolete netstat command.
The basic ss command usage is without any parameters:
The output returns a list of open non-listening sockets with established connections.
The columns show the following details:
Netid – Type of socket. Common types are TCP, UDP, u_str (Unix stream), and u_seq (Unix sequence).
State – State of the socket. Most commonly ESTAB (established), UNCONN (unconnected), LISTEN (listening).
Recv-Q – Number of received packets in the queue.
Send-Q – Number of sent packets in the queue.
Local address:port – Address of local machine and port.
Peer address:port – Address of remote machine and port.
For a more detailed output, add options to the ss command:
Some of usefull 'ss' command options:
Options
Description
-t
Display TCP sockets
-u
Display UDP sockets
-l
Display listening sockets
-a
Display all sockets (listening and non-listening)
-e
Display detailed information (including users)
-i
Display internal information
-n
Show numerical addresses instead of resolving
-r
Display the routing table
-s
Display summary statistics
-4
Display only IPv4 sockets
-6
Display only IPv6 sockets
-o
Show timers
-p
Show process information
-P
Show process statistics
summary
as final note take a look at the bellow table, ipv4 ipv6 support for each command:
route
Show / manipulate routing table
✅
❌
❌ none
Legacy command, IPv4 only
ip route show
Show routing table
✅
✅
-4 (IPv4), -6 (IPv6)
Modern replacement for route
ifconfig
Show / configure interfaces
✅
⚠️ Partial
❌ none
Deprecated, limited IPv6 support
ip addr show
Show IP addresses on interfaces
✅
✅
-4 (IPv4), -6 (IPv6)
Modern replacement for ifconfig
netstat
Show connections, routes, stats
✅
⚠️ Partial
-4 (IPv4), -6 (IPv6)
Deprecated, IPv6 via flags
ss
Show socket statistics
✅
✅
-4 (IPv4), -6 (IPv6)
Faster replacement for netstat
ping
Test connectivity
✅
✅
-4 (IPv4), -6 (IPv6)
ping6 also exists
host
DNS lookup
✅
✅
-4 (A record), -6 (AAAA record)
Queries DNS records
Key takeaways (important for modern Linux systems):
Prefer
ipoverrouteandifconfigPrefer
ssovernetstatMost modern tools support both IPv4 and IPv6
Legacy tools are often IPv4-focused or partially IPv6-aware
that's all.
.
.
.
sources:
https://us.norton.com/blog/privacy/what-is-an-ip-address https://blog.bytebytego.com/p/a-crash-course-in-ipv4-addressing https://www.geeksforgeeks.org/computer-networks/role-of-subnet-mask/ https://phoenixnap.com/kb/linux-network-commands https://www.geeksforgeeks.org/linux-unix/ifconfig-command-in-linux-with-examples/ https://phoenixnap.com/kb/netstat-command
Last updated