Skip to content

Networking

Prerequisites

  • Root or sudo privileges for network configuration changes

Quick Reference

Action Command
Show IP ip addr
Show Routes ip route
Ping ping <host>
Check TCP port nc -zv <host> <port>
Scan Ports nmap <host>
Local Ports ss -tlnp
DNS Lookup dig <domain>
Hostname hostnamectl set-hostname <name>

Procedure: Check IP Address and Interfaces

When to use: Verifying network configuration, troubleshooting connectivity, or finding your IP.

Steps:

  1. List all interfaces and IP addresses: 

    ip addr
    Look for eth0 or ens3.

  2. Show only up/running interfaces: 

    ip link show up

  3. Display routing table (gateway): 

    ip route

Troubleshooting:

  • If an interface is DOWN: Bring it up with ip link set dev <interface> up or check virtualization settings.

Procedure: Test Connectivity with ping

When to use: Checking if a remote host is reachable.

Steps:

  1. Ping by IP address (bypasses DNS): 

    ping 8.8.8.8

  2. Ping by hostname (tests DNS + connectivity): 

    ping google.com

  3. Trace the path to a host: 

    traceroute google.com

Troubleshooting:

  • "Destination Host Unreachable": Routing issue or local link down.
  • "Request timed out": Remote host is down or blocking ICMP (firewall).
  • "Temporary failure in name resolution": DNS issue.

Procedure: Scan Ports with nmap

When to use: Verifying which services are listening on a remote machine or checking firewall rules.

Steps:

  1. Scan for open TCP ports (default top 1000): 

    nmap <target_ip>

  2. Scan specific ports: 

    nmap -p 80,443 <target_ip>

  3. Scan all 65535 ports (slow): 

    nmap -p- <target_ip>

  4. Check local listening ports (without nmap): 

    ss -tlnp

Troubleshooting:

  • "Note: Host seems down": The host blocks ping. Add -Pn to skip ping check.

Procedure: Check a TCP Port with nc

When to use: Quickly testing whether a specific TCP port on a host is open and accepting connections, without installing nmap.

Steps:

  1. Test a single TCP port: 

    nc -zv <host> <port>
    Example: nc -zv example.com 443 — a successful connection prints "Connection to ... succeeded!"

  2. Test a range of ports: 

    nc -zv <host> 80-443

  3. Set a timeout (useful for filtered/firewalled ports): 

    nc -zv -w 3 <host> <port>

Why this does not work for UDP: UDP is connectionless — there is no handshake. When you send a UDP packet, the remote host is not required to respond. A closed UDP port may send back an ICMP "port unreachable" message, but firewalls typically block that. This means nc -u cannot distinguish between an open port (no response) and a firewalled port (no response). Use nmap -sU for UDP scanning, but be aware it is slow and unreliable for the same reasons.

Procedure: Disable IPv6

When to use: Troubleshooting network issues or if IPv6 is not supported/needed in your environment.

Steps:

  1. Edit sysctl configuration: 

    nano /etc/sysctl.d/disable-ipv6.conf

  2. Add the following lines: 

    net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1

  3. Apply changes immediately: 

    sysctl -p /etc/sysctl.d/disable-ipv6.conf

Troubleshooting:

  • If IPv6 is still active on some interfaces: Restart the network service or reboot.

Procedure: Change the Hostname

When to use: Setting a meaningful name for the server (e.g., web01.example.com).

Steps:

  1. Set the hostname: 

    hostnamectl set-hostname <new-hostname>

  2. Verify: 

    hostnamectl

  3. Update /etc/hosts to resolve the new name locally: 

    nano /etc/hosts
    Update the line starting with 127.0.0.1 or your static IP.

Troubleshooting:

  • Shell prompt doesn't update: Log out and log back in.

Procedure: Configure /etc/hosts

When to use: Overriding DNS for testing or mapping names on a system without a DNS server.

Steps:

  1. Edit the file: 

    nano /etc/hosts

  2. Add mappings in IP hostname alias format: 

    ************  web01.example.com  web01
*********     localhost

  3. Verify the new entry resolves correctly: 

    ping -c 1 web01.example.com
    Check that the output shows the correct IP address (first line). The ping itself may time out if ICMP is blocked — that's fine, the IP in the output is what matters.

Troubleshooting:

  • Changes ignored: Check /etc/nsswitch.conf. The hosts line should start with files dns.
  • Concepts: Networking Models