Networking Basics in Linux
Networking Basics in Linux
Networking is a core skill for cybersecurity professionals. Understanding how Linux communicates over networks, how to diagnose connectivity issues, and how to inspect traffic is essential for system administration, penetration testing, and incident response.
This module covers basic networking concepts and Linux commands to monitor and troubleshoot networks.
1. Understanding IP Addressing
An IP address is a unique identifier assigned to a device on a network. It allows computers to communicate with each other.
Types of IP Addresses:
- IPv4 – 32-bit address (e.g., 192.168.1.10)
- IPv6 – 128-bit address (e.g., 2001:0db8:85a3::8a2e:0370:7334)
Components of an IP Address:
| Component | Description |
|---|---|
| Network part | Identifies the network |
| Host part | Identifies a device on the network |
| Subnet Mask | Defines the range of IP addresses in the network |
Cybersecurity professionals need to understand IPs for:
- Network scanning
- Intrusion detection
- Troubleshooting connectivity issues
2. Checking Network Configuration
Linux provides commands to view and configure network interfaces.
Using ifconfig (deprecated on some systems)
ifconfig
Output shows:
- Interface name (e.g., eth0, wlan0)
- IP address
- MAC address
- Network status
Bring an interface up or down:
sudo ifconfig eth0 up
sudo ifconfig eth0 down
Using ip (modern replacement for ifconfig)
ip addr show
Shows IP addresses for all interfaces.
Bring interface up:
sudo ip link set eth0 up
Bring interface down:
sudo ip link set eth0 down
Check routing table:
ip route
3. Testing Connectivity
Using ping
The ping command checks if a host is reachable and measures latency.
Example:
ping 8.8.8.8
Output shows:
- Response time
- Packet loss
- TTL (Time to Live)
Stop pinging with:
Ctrl + C
Ping a domain name:
ping google.com
This tests both connectivity and DNS resolution.
4. Network Diagnostics
Linux provides commands to analyze the path and status of network connections.
Using traceroute
traceroute shows the route packets take to reach a destination.
Install if needed:
sudo apt install traceroute
Run traceroute:
traceroute google.com
Output shows each hop and its response time. Useful for detecting network bottlenecks.
Using netstat
netstat displays active connections, listening ports, and routing tables.
Check listening ports:
netstat -tuln
Options:
-t→ TCP connections-u→ UDP connections-l→ Listening ports-n→ Show numeric addresses
Alternative modern command:
ss -tuln
5. Checking Open Ports
Open ports indicate services listening on the network. This is crucial in cybersecurity to detect potential vulnerabilities.
Example: Check open ports on localhost
sudo netstat -tulpn
Output shows:
- Port numbers
- Protocols (TCP/UDP)
- Associated processes
6. Basic DNS Lookup
DNS translates domain names into IP addresses. Linux provides tools to query DNS servers.
Using nslookup
nslookup google.com
Output shows:
- IP addresses of the domain
- Default DNS server
Using dig
dig provides detailed DNS information.
dig google.com
Output includes:
- Query time
- DNS server used
- Record types (A, MX, NS, etc.)
Example: Check MX records (mail servers):
dig google.com MX
Cybersecurity Importance
Networking skills help professionals:
- Monitor network activity
- Detect unauthorized devices and traffic
- Analyze network performance
- Perform penetration tests and vulnerability assessments
Understanding networking in Linux is critical before using advanced security tools like Nmap, Wireshark, or Metasploit.
Module Summary
Students should now understand:
- IP addressing and subnetting basics
- How to check network configuration with
ifconfigandip - How to test connectivity with
ping - How to trace network routes with
traceroute - How to inspect open ports with
netstat - How to perform DNS queries with
nslookupanddig
These skills provide the foundation for network monitoring, troubleshooting, and cybersecurity tasks.