# 4.4 Your Computer on the Network ### **4.4 Your Computer on the Network** **Weight:** 2 **Description:** Querying vital networking configuration and determining the basic requirements for a computer on a Local Area Network (LAN). **Key Knowledge Areas:** * Internet, network, routers * Querying DNS client configuration * Querying network configuration **The following is a partial list of the used files, terms and utilities:** * route, ip route show * ifconfig, ip addr show * netstat, ss * /etc/resolv.conf, /etc/hosts * IPv4, IPv6 * ping * host ### What is IP? **IP (Internet Protocol)** is a set of rules that allows computers and devices to communicate with each other over a network.\ Every device connected to a network (like the Internet or a local network) must have an **IP address** so it can be identified and reached. Think of IP like a **postal system**: * Every device has an address (IP address) * Data is sent in small packets * Each packet knows where it comes from and where it should go IP works at **Layer 3 (Network Layer)** of the OSI model. *** ### What is an IP Address? An **IP address** is a unique number assigned to a device on a network.\ It identifies **who you are** and **where you are** on the network. There are two main versions: * **IPv4** * **IPv6** *** ### IPv4 Addressing #### IPv4 Format An **IPv4 address** is a **32-bit number**, written as four decimal numbers separated by dots. Example: ``` 192.168.1.100 ``` Each number is called an **octet** and ranges from **0 to 255**. So: ``` IPv4 = 4 octets = 32 bits ```

*** #### Network Part and Host Part An IPv4 address is divided into: * **Network part** → identifies the network * **Host part** → identifies the device inside that network

Example: ``` 192.168.1.10 ``` * `192.168.1` → network * `10` → host The exact split depends on the **subnet mask**. *** ### IPv4 Classes (Classful Addressing) Originally, IPv4 addresses were divided into **classes**. #### IPv4 Classes Overview | Class | Range | Default Subnet Mask | Use | | ----- | --------------------------- | ------------------- | ------------------- | | A | 1.0.0.0 – 126.0.0.0 | 255.0.0.0 (/8) | Very large networks | | B | 128.0.0.0 – 191.255.0.0 | 255.255.0.0 (/16) | Medium networks | | C | 192.0.0.0 – 223.255.255.0 | 255.255.255.0 (/24) | Small networks | | D | 224.0.0.0 – 239.255.255.255 | — | Multicast | | E | 240.0.0.0 – 255.255.255.255 | — | Reserved | Example: ``` 192.168.1.0 → Class C ``` ⚠️ **Today, classful addressing is mostly obsolete**, but it is still important for learning basics. *** ### Subnetting in IPv4 #### What is a Subnet? A **subnet** is a smaller network created from a larger network. Subnetting helps to: * Reduce broadcast traffic * Improve security * Use IP addresses efficiently *** #### Subnet Mask A **subnet mask** shows which part of the IP address is: * Network * Host

Example: ``` IP address: 192.168.1.100 Subnet mask: 255.255.255.0 ``` Binary view: ``` 255 = 11111111 0 = 00000000 ``` So:

This means: * First 24 bits → network * Last 8 bits → hosts This is written as: ``` /24 ``` *** #### CIDR (Classless Inter-Domain Routing) CIDR replaces classes and allows flexible subnet sizes. Examples: * `/24` → 256 addresses * `/26` → 64 addresses * `/30` → 4 addresses (often used for point-to-point links) CIDR is what **modern networking uses today**. *** ### Routing Basics #### What is Routing? **Routing** is the process of sending packets from one network to another. A **router** decides: * Where the packet should go next * Based on the destination IP address *** #### Routing Table Routers use a **routing table**. Example: ``` Destination: 10.0.0.0/8 → Gateway A Destination: 192.168.1.0/24 → Gateway B Default route: 0.0.0.0/0 → Internet ``` If no specific route matches, the **default route** is used. *** ### Private and Public IPv4 Addresses #### 7.1 Private IP Ranges These addresses are **not routable on the Internet**: * `10.0.0.0/8` * `172.16.0.0/12` * `192.168.0.0/16` Used in: * Home networks * Data centers * Cloud internal networks #### Public IP address A public IP address is assigned to devices like routers, which are directly accessible over the internet. Public IPs are globally unique and traceable, which allows external devices to communicate with your network — but it also makes them visible and traceable to a specific location. To enhance privacy and security, devices within a local network typically share one public IP address. {% hint style="success" %} #### Static IP address and Dynamic IP Address #### Static IP address Static IP addresses, also known as dedicated or fixed IP addresses, don’t change. Once a device is assigned an IP address, that address remains the same. Static IP addresses are common for web servers, email servers, or other devices that need to be consistently accessible at the same address. #### Dynamic IP address Dynamic IP addresses are temporary addresses assigned to devices by a network’s DHCP server each time a device connects to the network. This allows efficient use of available addresses, making it ideal for networks with many users. Dynamic IPs also offer security benefits, since their changing nature makes it harder for hackers to target. {% endhint %} *** #### NAT (Network Address Translation) Because IPv4 addresses are limited, NAT is used. NAT allows: * Many private IPs * To share one public IP *** ### IPv6 Introduction #### Why IPv6? IPv4 has about **4.3 billion addresses**, which is not enough. IPv6 solves this problem. *** #### IPv6 Format IPv6 is a **128-bit address**, written in hexadecimal. Example: ``` 2001:0db8:85a3:0000:0000:8a2e:0370:7334 ``` Can be shortened: ``` 2001:db8:85a3::8a2e:370:7334 ``` *** #### IPv6 Characteristics * No classes * No NAT needed * Built-in support for security (IPsec) * Very large address space {% hint style="success" %} IPv6 is the future of the Internet {% endhint %} *** ### IPv4 vs IPv6 | Feature | IPv4 | IPv6 | | ------------ | --------- | ----------- | | Address size | 32-bit | 128-bit | | Notation | Decimal | Hexadecimal | | NAT | Common | Not needed | | Classes | Yes (old) | No | | Scalability | Limited | Massive | *** ## Linux Network Commands Network commands are an essential toolkit for any network administrator or sysadmin. The commands help set up, troubleshoot, diagnose, and manage a Linux system's network connections. | OLD WAY | New WAY | | -------- | ------------------------ | | ifconfig | ip address show (ip a) | | route | ip route show (ip route) | | netstat | ss | Linux provides many helpful networking commands and tools. The commands typically perform complex networking tasks like monitoring, troubleshooting, and network configuration. Most networking utilities are part of the older (legacy) **`net-tools`** package or the more modern **`iproute2`**. {% hint style="info" %} **Note:** Both **`net-tools`** and **`iproute2`** command are available on most Linux distributions. However, it is recommended to use **`iproute2`** tools due to their flexibility and speed. Although **`net-tools`** is deemed as outdated, it is still widely used by legacy scripts and configurations. {% endhint %} > Specific command syntax may differ depending on the command version. Double-check a command's syntax with: **`man [command]`** ### ip The **`ip`** command is a unified networking tool for Linux systems. The **`ip`** command helps view and configure routing, interfaces, network devices, and tunnels. The command is part of the **`iproute2`** package and replaces many older networking tools, such as the **`route`**, **`ifconfig`**, and **`netstat`** commands. syntax: ``` ip [options] object [command] ``` Each part of the command does the following: * **`[options]`** are the command-line parameters that modify the command's behavior. * **`object`** represents the available objects for configuration. * **`[command]`** is a subcommand, an action performed on an object. The available commands differ depending on the object. The **`ip`** command shows the help menu when used without any options, objects, or commands: ``` ip ``` ``` [payam@earth Working]$ ip Usage: ip [ OPTIONS ] OBJECT { COMMAND | help } ip [ -force ] -batch filename where OBJECT := { address | addrlabel | fou | help | ila | ioam | l2tp | link | macsec | maddress | monitor | mptcp | mroute | mrule | neighbor | neighbour | netconf | netns | nexthop | ntable | ntbl | route | rule | sr | stats | tap | tcpmetrics | token | tunnel | tuntap | vrf | xfrm } OPTIONS := { -V[ersion] | -s[tatistics] | -d[etails] | -r[esolve] | -h[uman-readable] | -iec | -j[son] | -p[retty] | -f[amily] { inet | inet6 | mpls | bridge | link } | -4 | -6 | -M | -B | -0 | -l[oops] { maximum-addr-flush-attempts } | -echo | -br[ief] | -o[neline] | -t[imestamp] | -ts[hort] | -b[atch] [filename] | -rc[vbuf] [size] | -n[etns] name | -N[umeric] | -a[ll] | -c[olor]} ``` Add the **`-V`** option to see the current version: ``` ip -V ``` ``` [payam@earth Working]$ ip -V ip utility, iproute2-6.14.0, libbpf 1.5.0 ``` *The output prints the package and library version for the **`ip`** utility.* ### **ip addr** The **`ip addr`** command manages and shows network interface IP addresses. The command aliases are **`ip address`** or **`ip a`**. The syntax for the **`ip addr`** command is: ``` ip addr [subcommand] ``` The available subcommands on the object are: * **`add`** - Adds a new address. * **`show`** - Shows protocol addresses. * **`del`** - Removes an address. * **`flush`** - Flushes addresses based on specified criteria. Every subcommand has additional options and keywords to perform specific tasks for the network interface addresses. **Example** The **`ip addr`** command without any subcommands shows the network interface information, including the associated IP addresses: ``` ip addr ``` ``` [payam@earth Working]$ ip addr 1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: enp45s0: mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 7c:8a:e1:90:8e:8c brd ff:ff:ff:ff:ff:ff inet 172.20.29.81/24 brd 172.20.29.255 scope global dynamic noprefixroute enp45s0 valid_lft 2589512sec preferred_lft 2589512sec inet6 fe80::7e8a:e1ff:fe90:8e8c/64 scope link noprefixroute valid_lft forever preferred_lft forever 3: wlp0s20f3: mtu 1500 qdisc noqueue state DOWN group default qlen 1000 link/ether 66:1a:a9:1b:16:78 brd ff:ff:ff:ff:ff:ff permaddr 38:87:d5:57:1a:2a 7: docker0: mtu 1500 qdisc noqueue state DOWN group default link/ether 26:62:3b:65:3c:6f brd ff:ff:ff:ff:ff:ff inet 192.168.201.1/24 brd 192.168.201.255 scope global docker0 valid_lft forever preferred_lft forever inet6 fe80::2462:3bff:fe65:3c6f/64 scope link valid_lft forever preferred_lft forever ``` The output for **`ip addr show`** is identical. To show a specific network interface, use the **`ip addr show`** subcommand and add the interface name. For example: ``` ip addr show [interface] ``` ``` [payam@earth Working]$ ip addr show lo 1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever ``` *The command filters the **`ip addr`** output and shows only information relevant to the specified interface.* ### **ip link** The **`ip link`** command manages and shows network interface information. It allows viewing, changing, enabling, and disabling network interfaces. **Syntax:** ``` ip link [subcommand] [options] [interfaces]Copy ``` The subcommands enable the following actions: * **`show`** - Prints network interface information. * **`set`** - Changes or adds information to a network interface. * **`add`** - Adds a new network interface. * **`del`** - Deletes a network interface. Subcommands have additional options and allow targeting specific interfaces. **Example** The **`ip link`** command without any additional subcommands and options shows all network interface link information: ``` ip link ``` ``` [payam@earth Working]$ ip link 1: lo: mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: enp45s0: mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000 link/ether 7c:8a:e1:90:8e:8c brd ff:ff:ff:ff:ff:ff 3: wlp0s20f3: mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default qlen 1000 link/ether 66:1a:a9:1b:16:78 brd ff:ff:ff:ff:ff:ff permaddr 38:87:d5:57:1a:2a 7: docker0: mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default link/ether 26:62:3b:65:3c:6f brd ff:ff:ff:ff:ff:ff ``` *The **`ip link show`** command provides the same output.* To turn off and on an interface, use the following syntaxes as a superuser: ``` sudo ip link set [interface] down sudo ip link set [interface] up ``` ### ip route The **`ip route`** command shows and configures the IP routing table. The command allows users to adjust the routing table and perform other crucial networking tasks with the routing table. **Syntax** ``` ip route [subcommand] [options] [destination] Copy ``` The following actions are available as subcommands: * **`show`** - Shows the routing table. * **`add`** - Adds a new route to the table. * **`del`** - Deletes a route from the table. * **`change`** - Modifies an existing route. The **`[destination]`** parameter determines where the network traffic is directed. Additional options help control the traffic flow further. **Example** To view the routing table, run the following command: ``` ip route show ``` ``` [payam@earth Working]$ ip route show default via 172.20.29.1 dev enp45s0 proto dhcp src 172.20.29.81 metric 100 172.20.29.0/24 dev enp45s0 proto kernel scope link src 172.20.29.81 metric 100 192.168.201.0/24 dev docker0 proto kernel scope link src 192.168.201.1 linkdown ``` *Each line in the output represents individual routes in the table.* ### ifconfig The ifconfig (**i**nter**f**ace **config**uration) command manages and shows network interface information on a system. The command is part of the **`net-tools`** package. Although the command has limited functions compared to the **`ip`** command, the **`ifconfig`** command is still commonly used for configuring network interfaces. **Syntax** ``` ifconfig [interface] [options] ``` The syntax breaks down into the following: * **`[interface]`** - The network interface to configure or show information for. The parameter is optional, and not specifying an interface shows the status of all active interfaces. * **`[options]`** - Command-line options to perform specific actions or configure certain parameters. The parameter is also optional. **Example** To display all active network interfaces, run: ``` ifconfig ``` ``` [payam@earth Working]$ ifconfig docker0: flags=4099 mtu 1500 inet 192.168.201.1 netmask 255.255.255.0 broadcast 192.168.201.255 inet6 fe80::2462:3bff:fe65:3c6f prefixlen 64 scopeid 0x20 ether 26:62:3b:65:3c:6f txqueuelen 0 (Ethernet) RX packets 68008 bytes 4270213 (4.0 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 132291 bytes 184611052 (176.0 MiB) TX errors 0 dropped 65 overruns 0 carrier 0 collisions 0 enp45s0: flags=4163 mtu 1500 inet 172.20.29.81 netmask 255.255.255.0 broadcast 172.20.29.255 inet6 fe80::7e8a:e1ff:fe90:8e8c prefixlen 64 scopeid 0x20 ether 7c:8a:e1:90:8e:8c txqueuelen 1000 (Ethernet) RX packets 1432714 bytes 1654275240 (1.5 GiB) RX errors 0 dropped 7 overruns 0 frame 0 TX packets 763660 bytes 146536074 (139.7 MiB) TX errors 0 dropped 8 overruns 0 carrier 0 collisions 0 lo: flags=73 mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10 loop txqueuelen 1000 (Local Loopback) RX packets 103910 bytes 127010769 (121.1 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 103910 bytes 127010769 (121.1 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 ``` **most commonly used option in ifconfig command:** | Option | Description | Syntax | | ------ | ----------------------------------------------------- | ----------------------- | | -a | Display all interfaces, including those that are down | ifconfig -a | | -s | Display a short list, instead of details | ifconfig -s | | -v | Run the command in verbose mode | ifconfig -v | | up | Activate the driver for the given interface | ifconfig interface up | | down | Deactivate the driver for the given interface | ifconfig interface down | ### ping The Linux ping command is a network utility used to test a host's reachability on an Internet Protocol (IP) network. Its name comes from the sonar "ping" used in submarines, where a sound pulse is sent out to detect objects. **`ping`** sends out ICMP (Internet Control Message Protocol) echo request packets to the target host and waits for echo replies. This method allows users to measure round-trip time and packet loss. The command is especially useful for troubleshooting network connectivity issues and assessing network performa **Syntax:** ``` ping [options] host_or_IP_address ``` Here, "host\_or\_IP\_address" represents the destination you want to ping. The following example shows the **`ping`** command output when used without options: ``` ping google.com ``` ``` [payam@earth Working]$ ping google.com PING google.com (216.239.38.120) 56(84) bytes of data. 64 bytes from any-in-2678.1e100.net (216.239.38.120): icmp_seq=1 ttl=111 time=26.1 ms 64 bytes from any-in-2678.1e100.net (216.239.38.120): icmp_seq=2 ttl=111 time=26.3 ms 64 bytes from any-in-2678.1e100.net (216.239.38.120): icmp_seq=3 ttl=111 time=25.5 ms ^C --- google.com ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2003ms rtt min/avg/max/mdev = 25.487/25.975/26.333/0.357 ms ``` *Pinging continues until you press **Ctrl + C** to stop the process.* The output shows the following info: * **`from`**. The destination and its IP address. Note that a website's IP address may be different depending on your geographical location. * **`icmp_seq=1`**. The sequence number of each ICMP packet. Increases by one for every subsequent echo request. * **`ttl=58`**. The Time to Live value from 1 to 255. It represents the number of network hops a packet can take before a router discards it. * **`time=13.1 ms`**. The time it took a packet to reach the destination and come back to the source. Expressed in milliseconds. #### ping CommonOptions | Option | Description | | ---------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **`-a`** | Generates a sound when the peer can be reached. | | **`-c [count]`** | Limits the number of ping requests sent to the target. | | **`-i [interval]`** | Sets the time (in seconds) to wait between sending ping requests. | | **`-I [interface_address]`** | Sets the source IP address to the specified interface IP address. The option is required when pinging an IPv6 link-local address. You can use an IP address or the device name. | | **`-n`** | Displays only numeric output (IP addresses instead of hostnames). | | **`-q`** | Sets the source IP address to the specified interface IP address. The option is required when pinging an IPv6 link-local address. You can use an IP address or the device name. | | **`-v`** | Provides more detailed output about each ping request and response. | *** ## Address Resolution in DNS (Domain Name Server) DNS address resolution converts human-readable domain names into IP addresses that computers use to locate servers. It works like a digital phonebook, mapping names to numbers so websites can load correctly. * Translates domain names (e.g., [www.example.com](http://www.example.com)) into IP addresses * Essential for locating the correct server * Enables browsers to connect to websites * Functions like looking up a phone number in a contact list * Critical for proper internet communication #### Key concepts of DNS * **Domain Names**: Human-readable addresses (e.g., `www.google.com`). * **IP Addresses**: Numeric addresses used by computers to identify each other (e.g., `172.217.3.110`). * **DNS Records**: Structured data that provides information about the domain name, such as IP address mappings #### **The Role of DNS Resolver in Address Resolution** DNS operates as a **client-server application**. A host that needs to map a domain name to an IP address (or vice versa) calls a DNS client called a **resolver**. The resolver accesses the nearest DNS server with a mapping request. Here's how the process works: **Step 1**: The resolver sends a query to the nearest DNS server.\ **Step 2**: If the server has the required information, it returns the result. If not, it refers the resolver to other DNS servers.\ **Step 3**: The resolver checks if the response is correct and delivers it to the requesting application or user.

{% hint style="success" %} ### Caching Mechanism in DNS Resolution DNS caching is a performance-enhancing mechanism used by DNS servers and client resolvers to temporarily store recently resolved domain-to-IP mappings. When a DNS server receives a response from another server during resolution, it stores this information in its **cache** so future queries for the same domain can be answered quickly without repeating the entire lookup process {% endhint %} ### /etc/resolve.conf `/etc/resolv.conf` in Linux is the crucial DNS client configuration file that tells your system which DNS servers to query for resolving hostnames (like `www.google.com`) to IP addresses. It contains `nameserver` directives listing DNS server IPs, `search` for domain suffixes, and is often automatically managed by network tools (NetworkManager, systemd-resolved), sometimes as a symlink to a managed file, but you can edit it manually for custom DNS settings. Key Components: * **`nameserver IP_ADDRESS`**: Specifies the IP of a DNS server to use, with multiple entries tried in order. * **`search DOMAIN`**: Defines domains to append to short hostnames (e.g., `search local.lan` lets you ping `server1` instead of `server1.local.lan`). * **`domain DOMAIN`**: Sets the local domain name for the system. Example Content: ``` [payam@earth Working]$ cat /etc/resolv.conf # Generated by NetworkManager search systemgroup.net nameserver 172.20.0.25 nameserver 172.20.0.26 nameserver 172.23.0.25 # NOTE: the libc resolver may not support more than 3 nameservers. # The nameservers listed below may not be recognized. nameserver 172.23.0.23 ``` ### /etc/hosts Before DNS became a network standard, the /etc/hosts file was used to resolve an IP address to a fully qualified domain name (FQDN). This file can be used to manually link an FQDN to an IP address, such as a test server or internal network workstation, without editing DNS server entries. Care should be taken when editing this file. ``` [payam@earth Working]$ cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 ### 127.0.0.1 tonec.com 127.0.0.1 www.tonec.com 127.0.0.1 registeridm.com #172.20.100.20 vpa-infjenkins.abramad.com #172.29.100.2 gitlab.example.com 172.29.47.1 vts-vc01.example.com ``` ### host The host command is a simple tool for performing DNS lookups. The command resolves IP addresses into domain names and vice versa. Use the command to perform a query for DNS records and basic DNS troubleshooting. **Syntax** ``` host [options] [hostname/IP]Copy ``` The various **`[options]`** control the command's behavior, such as the query type or the start of authority (SOA) for the provided domain. **Example** To perform a simple DNS lookup, use the **`host`** command and provide a hostname or IP address. For example: ``` host google.com ``` ``` [payam@earth Working]$ host google.com google.com has address 216.239.38.120 google.com has IPv6 address 2001:4860:4802:32::78 ``` *The output shows the resolved IPv4 and IPv6 addresses for the provided hostname.* ### dig \ The dig command queries Domain Name Systems (DNS) and finds information for DNS records. The command collects domain name information and associated records. Use **`dig`** to troubleshoot DNS issues and to verify DNS configuration on a Linux system. It is suitable for creating scripts and automating tasks related to network troubleshooting. The robust command is so prevalent in network troubleshooting that a Windows version of dig is available. **Syntax:** ``` dig [options] [domain] [record type] [DNS server]Copy ``` The components of the command are: * **`[options]`** - Parameters that modify the behavior of the command. * **`[domain]`** - The domain name to query. * **`[record type]`** - The DNS record type to query. Defaults to A records. * **`[DNS server]`** - A specified DNS server for the query. All parameters are optional. The command shows the default DNS resolver information and query statistics without additional options. **Example** To perform a simple DNS lookup, run the command with a domain name: ``` dig google.com ``` ``` [payam@earth Working]$ dig google.com ; <<>> DiG 9.16.23-RH <<>> google.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55547 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4000 ;; QUESTION SECTION: ;google.com. IN A ;; ANSWER SECTION: google.com. 347 IN A 216.239.38.120 ;; Query time: 0 msec ;; SERVER: 172.20.0.25#53(172.20.0.25) ;; WHEN: Sat Dec 13 15:46:51 +0330 2025 ;; MSG SIZE rcvd: 55 ``` #### Linux Name resolution flowchart: ``` ┌─────────────────────┐ │ User Application │ │ (e.g., ping, curl) │ └──────────┬──────────┘ │ ▼ ┌─────────────────────┐ │ getaddrinfo() │ │ or gethostbyname() │ └──────────┬──────────┘ │ ▼ ╔══════════════════════════════╗ ║ Check /etc/nsswitch.conf ║ ║ hosts: files dns myhostname ║ ╚═══════════════╤══════════════╝ │ ┌──────────────┴──────────────┐ │ │ ▼ ▼ ┌─────────────────────┐ ┌─────────────────────┐ │ 1. files │ │ 2. dns │ │ (/etc/hosts file) │ │ (DNS Resolution) │ └──────────┬──────────┘ └──────────┬──────────┘ │ │ ▼ ▼ ┌─────────────────────┐ ┌─────────────────--────┐ │ Parse /etc/hosts │ │ Check /etc/resolv.conf│ │ Format: │ │ or systemd-resolved │ │ IP hostname aliases │ └──────────┬────────--──┘ └──────────┬──────────┘ │ │ ▼ ┌──────────┴──────────┐ ┌─────────────────────┐ │ If found: Return IP │ │ Query DNS servers │ │ If not: Continue → ├───────┤ in order (rotate) │ └─────────────────────┘ └──────────┬──────────┘ │ ┌─────────────────────────────┘ ▼ ┌─────────────────────┐ │ 3. myhostname │ │ (systemd only) │ └──────────┬──────────┘ │ ▼ ┌─────────────────────┐ │ Use local hostname │ │ from /etc/hostname │ └──────────┬──────────┘ │ ▼ ┌─────────────────────┐ │ 4. Return Result │ │ or "Unknown Host" │ └─────────────────────┘ ``` ### netstat The **`netstat`** command is a command-line tool for retrieving network statistics. It provides an overview of network activity and displays which ports are open or have established connections. **`netstat`** is essential for diagnosing network issues. The **`netstat`** command can be used without parameters to display active network connections:

The output displays details of active internet connections across six columns: * **Proto**. Protocol of the connection (e.g., TCP, UDP). * **Recv-Q**. Number of bytes received and waiting in the queue to be processed. * **Send-Q**. Number of bytes waiting in the queue to be sent. * **Local address**. Local address and port of the connection. An asterisk (\*) in the host indicates that the server is listening on all available interfaces, and a port may not yet be established. * **Foreign address**. Remote address and port of the connection. An asterisk (\*) appears if a connection is not yet established. * **State**. State of the local socket. Values include **`ESTABLISHED`**, **`LISTENING`**, **`CLOSED`**, or blank. The second list shows all active *Unix Domain* open sockets with the following details: * **Proto**. Protocol used by the socket (always **`unix`**). * **RefCnt**. Reference count of the number of processes attached to this socket. * **Flags**. Flags associated with the socket, usually **`ACC`** or blank. * **Type**. The socket type. * **State**. State of the socket, most often **`CONNECTED`**, **`LISTENING`**, or blank. * **I-Node**. File system inode (index node) associated with this socket. * **Path**. File system path to the socket. You can expand the **`netstat`** command with options to filter or customize output: ``` netstat [option] ``` #### netstat Command Options | OPTION | DESCRIPTION | | -------- | ----------------------------------------------------------------------------- | | **`-a`** | Display all active TCP and UDP connections and listening ports. | | **`-t`** | Display only TCP connections. | | **`-u`** | Display only UDP connections. | | **`-l`** | Show only sockets that are actively listening for incoming connections. | | **`-p`** | Display the Process ID (PID) and program name associated with each socket. | | **`-n`** | Display addresses and port numbers in numeric format without resolving names. | | **`-r`** | Display the kernel routing table. | | **`-s`** | Provide summary statistics for each protocol. | | **`-c`** | Continuously update the output every second. | | **`-e`** | Display extended information, including timers and user IDs. | the most usefule switches are **`netstat -tuna`** . ### ss The ss (socket statistics) tool is a CLI command used to show network statistics. The **ss** command is a simpler and faster version of the now obsolete netstat command. The basic **`ss`** command usage is without any parameters: ``` ss ``` The output returns a list of open non-listening sockets with established connections.

The columns show the following details: * **Netid** – Type of socket. Common types are *TCP*, *UDP*, *u\_str* (Unix stream), and *u\_seq* (Unix sequence). * **State** – State of the socket. Most commonly *ESTAB* (established), *UNCONN* (unconnected), *LISTEN* (listening). * **Recv-Q** – Number of received packets in the queue. * **Send-Q** – Number of sent packets in the queue. * **Local address:port** – Address of local machine and port. * **Peer address:port** – Address of remote machine and port. For a more detailed output, add options to the **`ss`** command: ``` ss ``` #### Some of usefull 'ss' command options: | Options | Description | | ------- | ------------------------------------------------- | | -t | Display TCP sockets | | -u | Display UDP sockets | | -l | Display listening sockets | | -a | Display all sockets (listening and non-listening) | | -e | Display detailed information (including users) | | -i | Display internal information | | -n | Show numerical addresses instead of resolving | | -r | Display the routing table | | -s | Display summary statistics | | -4 | Display only IPv4 sockets | | -6 | Display only IPv6 sockets | | -o | Show timers | | -p | Show process information | | -P | Show process statistics | ### summary as final note take a look at the bellow table, ipv4 ipv6 support for each command: | Command | Purpose | IPv4 | IPv6 | IPv4 / IPv6 Flags | Notes | | --------------- | ------------------------------- | :--: | :--------: | ----------------------------------- | --------------------------------- | | `route` | Show / manipulate routing table | ✅ | ❌ | ❌ none | Legacy command, **IPv4 only** | | `ip route show` | Show routing table | ✅ | ✅ | `-4` (IPv4), `-6` (IPv6) | Modern replacement for `route` | | `ifconfig` | Show / configure interfaces | ✅ | ⚠️ Partial | ❌ none | Deprecated, limited IPv6 support | | `ip addr show` | Show IP addresses on interfaces | ✅ | ✅ | `-4` (IPv4), `-6` (IPv6) | Modern replacement for `ifconfig` | | `netstat` | Show connections, routes, stats | ✅ | ⚠️ Partial | `-4` (IPv4), `-6` (IPv6) | Deprecated, IPv6 via flags | | `ss` | Show socket statistics | ✅ | ✅ | `-4` (IPv4), `-6` (IPv6) | Faster replacement for `netstat` | | `ping` | Test connectivity | ✅ | ✅ | `-4` (IPv4), `-6` (IPv6) | `ping6` also exists | | `host` | DNS lookup | ✅ | ✅ | `-4` (A record), `-6` (AAAA record) | Queries DNS records | **Key takeaways (important for modern Linux systems):** * Prefer **`ip`** over `route` and `ifconfig` * Prefer **`ss`** over `netstat` * Most modern tools support **both IPv4 and IPv6** * Legacy tools are often **IPv4-focused or partially IPv6-aware** that's all. . . . *** sources: \ \ \ \ \ \
--- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://borosan.gitbook.io/lpi-linux-essentials/4.4-your-computer-on-the-network.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.