Linux··5 min

Networking Fundamentals

Networking on Linux is not abstract. Every interface, every connection, every DNS lookup is visible and controllable from the terminal. Once you know the tools, diagnosing network problems becomes straightforward.

Series: Learning Linux from Scratch

  1. 1. Learning Linux from Scratch — After a Full IT Apprenticeship
  2. 2. What is Linux?
  3. 3. The Filesystem
  4. 4. Users and Permissions
  5. 5. Installing and Managing Software
  6. 6. Text Editors
  7. 7. Shell Scripting Basics
  8. 8. Process Management
  9. 9. Networking Fundamentals
  10. 10. SSH
  11. 11. systemd and Services
  12. 12. Disk Management
  13. 13. Users and Groups — In Depth
  14. 14. Cron and Scheduled Tasks
  15. 15. Firewall — iptables and ufw
  16. 16. Environment Variables and the Shell
  17. 17. Log Management
  18. 18. Kernel Module Management
  19. 19. The /proc Filesystem — In Depth
  20. 20. The /sys Filesystem and udev
  21. 21. Kernel Parameters and sysctl
  22. 22. Compiling and Installing a Custom Kernel

Networking on Linux is not abstract. Every interface, every connection, every DNS lookup is visible and controllable from the terminal. Once you know the tools, diagnosing network problems becomes straightforward.

Network interfaces

A network interface is the point where your machine connects to a network. It can be physical (an ethernet port, a wifi card) or virtual (a loopback interface, a VPN tunnel).

To see all interfaces on your system:

ip link show

To see interfaces with their IP addresses:

ip addr show

The output looks like this:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536
    link/loopback 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500
    link/ether 52:54:00:ab:cd:ef
    inet 192.168.1.100/24 brd 192.168.1.255 scope global eth0
  • lo is the loopback interface. It always has the address 127.0.0.1. Traffic sent here never leaves the machine. Used for processes communicating with each other locally.
  • eth0 or enp3s0 is typically your ethernet interface.
  • wlan0 or wlp2s0 is typically wifi.

IP addresses and CIDR notation

The /24 after an IP address is CIDR notation. It tells you how many bits of the address are the network part.

192.168.1.100/24 means the first 24 bits (192.168.1) identify the network, and the last 8 bits (100) identify the host within that network. A /24 network has 254 usable host addresses.

A /32 is a single host. A /0 covers every address in existence.

Routing

To see the routing table — how your machine decides where to send traffic:

ip route show
default via 192.168.1.1 dev eth0
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.100

The first line is the default route. Traffic that does not match any other rule gets sent to 192.168.1.1 — your gateway (usually your router).

Testing connectivity

ping

ping 8.8.8.8

Sends ICMP echo requests to a host and reports whether it responds. Use it to test basic reachability. Ctrl + C to stop.

ping -c 4 8.8.8.8

-c 4 sends exactly 4 packets and stops.

traceroute

traceroute 8.8.8.8

Shows every hop between your machine and the destination. Each line is a router that forwarded your packet. Useful for finding where a connection is failing.

curl and wget

Test whether a specific service is reachable:

curl -I https://example.com

-I fetches only the HTTP headers. If you get a response, the host is reachable and the web server is running.

DNS

DNS translates domain names into IP addresses. When you type google.com, your system asks a DNS server what IP address that maps to.

Your DNS servers are configured in:

/etc/resolv.conf

cat /etc/resolv.conf
nameserver 8.8.8.8
nameserver 8.8.4.4

To manually look up a domain:

dig google.com

The ANSWER SECTION shows the IP addresses returned. dig also shows which DNS server answered, how long it took, and the TTL of the record.

dig google.com +short

Just the IP addresses, nothing else.

/etc/hosts

Before your system queries DNS, it checks /etc/hosts. If a hostname is listed there, that IP is used without ever hitting a DNS server.

cat /etc/hosts
127.0.0.1   localhost
127.0.1.1   myhostname

You can add entries here to override DNS for specific domains. Useful for local development or blocking domains by pointing them to 127.0.0.1.

Open ports and connections

To see what ports are listening on your system:

ss -tlnp
  • -t — TCP only
  • -l — listening sockets only
  • -n — show numbers instead of resolving service names
  • -p — show the process using each socket
State   Recv-Q  Send-Q  Local Address:Port  Peer Address:Port  Process
LISTEN  0       128     0.0.0.0:22         0.0.0.0:*          users:(("sshd",pid=1234))
LISTEN  0       511     0.0.0.0:80         0.0.0.0:*          users:(("nginx",pid=5678))

This tells you port 22 (SSH) and port 80 (HTTP) are open, and which processes are listening on them.

To see all active connections:

ss -tnp

Assigning a static IP

Network configuration is managed differently across distributions. On systems using NetworkManager (most desktop distros):

nmcli con show
nmcli con mod "Wired connection 1" ipv4.addresses 192.168.1.50/24
nmcli con mod "Wired connection 1" ipv4.gateway 192.168.1.1
nmcli con mod "Wired connection 1" ipv4.dns 8.8.8.8
nmcli con mod "Wired connection 1" ipv4.method manual
nmcli con up "Wired connection 1"

On servers using systemd-networkd, configuration lives in /etc/systemd/network/.

On older Debian/Ubuntu systems, /etc/network/interfaces is used directly.

These tools cover the majority of what you need for day to day networking on Linux. You can see your interfaces, check routes, test connectivity, inspect DNS, and see exactly what is listening on which port. When something is not working, you have everything you need to find out why.

Next up: SSH — how it works, key-based authentication, and how to configure it properly.

#linux
0 views