$ ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
link/ether 00:0c:29:33:3b:25 brd ff:ff:ff:ff:ff:ff

192.168.0.1

$ sudo ip addr add 192.168.0.5/255.255.255.0 dev ens33

$ ip addr show

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
25: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:33:3b:25 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.5/24 192.168.0.255 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::010c:29ff:fe33:3b25/64 scope link noprefixroute
valid_lft forever preferred_lft forever
    

$ ping -c 3 192.168.0.1

PING 192.168.0.1 (192.168.0.1) 56(84) bytes of data.
64 bytes from 192.168.0.1: icmp_seq=1 ttl=64 time=2.16 ms
64 bytes from 192.168.0.1: icmp_seq=2 ttl=64 time=1.85 ms
64 bytes from 192.168.0.1: icmp_seq=3 ttl=64 time=3.41 ms
--- 192.168.0.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 5ms
rtt min/avg/max/mdev = 1.849/2.473/3.410/0.674 ms
    

$ ip route show

$ sudo ip route add default via 192.168.0.1

2001:0db8:0000:abcd:0000:0000:0000:7334

2001:db8:0:abcd::7334

$ sudo ip addr add 2001:db8:0:abcd:0:0:0:7334/64 dev ens33

$ ip addr show

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
25: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:33:3b:25 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.5/24 192.168.0.255 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::010c:29ff:fe33:3b25/64 scope link noprefixroute
valid_lft forever preferred_lft forever
inet6 2001:db8:0:abcd::7334/64 scope global
valid_lft forever preferred_lft forever
    

$ ping 2001:db8:0:abcd::1

PING 2001:db8:0:abcd::1(2001:db8:0:abcd::1) 56 data bytes
64 bytes from 2001:db8:0:abcd::1: icmp_seq=1 ttl=64 time=0.030 ms
64 bytes from 2001:db8:0:abcd::1: icmp_seq=2 ttl=64 time=0.040 ms
64 bytes from 2001:db8:0:abcd::1: icmp_seq=3 ttl=64 time=0.072 ms
--- 2001:db8:0:abcd::1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 43ms
rtt min/avg/max/mdev = 0.030/0.047/0.072/0.018 ms
    

$ ping6 -c 1 fe80::010c:29ff:fe33:3b25%ens33

PING fe80::010c:29ff:fe33:3b25(fe80::010c:29ff:fe33:3b25) 56 data bytes
64 bytes from fe80::010c:29ff:fe33:3b25%ens33: icmp_seq=1 ttl=64 time=0.049 ms
--- fe80::010c:29ff:fe33:3b25 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.049/0.049/0.049/0.000 ms
    

$ cat /etc/resolv.conf
search lpi
nameserver 192.168.0.1
    

127.0.0.1 localhost.localdomain localhost
::1 localhost.localdomain localhost
192.168.0.10 server
2001:db8:0:abcd::f server
    

$ host learning.lpi.org
learning.lpi.org has address 208.94.166.198
    

$ dig learning.lpi.org
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21525
;; QUESTION SECTION:
;learning.lpi.org. IN A
;; ANSWER SECTION:
learning.lpi.org. 550 IN A 208.94.166.198
;; Query time: 3 msec
;; SERVER: 192.168.0.1#53(192.168.0.1)
    

$ ss -t
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 0 192.168.0.5:49412 192.168.0.1:https
ESTAB 0 0 192.168.0.5:37616 192.168.0.1:https
ESTAB 0 0 192.168.0.5:40114 192.168.0.1:https
ESTAB 0 0 192.168.0.5:54948 192.168.0.1:imap
    

    sudo ip addr add 192.168.10.10/24 dev ens33
    sudo ip addr add 2001:0:0:abcd:0:8a2e:0370:7334/64 dev ens33
    

    192.168.10.1 - פרטית
    120.56.78.35 - ציבורית
    172.16.57.47 - פרטית
    10.100.49.162 - פרטית
    200.120.42.6 - ציבורית
    

    192.168.0.15 example.com
    

    sudo ip -6 route add default via 2001:db8:0:abcd::1
    

    ◦ נתונים טקסטואליים: TXT
    ◦ חיפוש הפוך לפי כתובת IP: PTR
    ◦ דומיין שאין לו כתובת משלו ותלוי בדומיין אחר: CNAME
    ◦ שרת דואר: MX
    

    ss -u
    

    ss -s
    

    Total: 978 (kernel 0)
    TCP: 4 (estab 0, closed 0, orphaned 0, synrecv 0, timewait 0/0), ports 0
    Transport Total IP IPv6
    * 0 - -
    RAW 1 0 1
    UDP 7 5 2
    TCP 4 3 1
    INET 12 8 4
    FRAG 0 0 0
    

    sudo ip addr add 192.168.10.10/24 dev ens33
    sudo ip addr add 2001:0:0:abcd:0:8a2e:0370:7334/64 dev ens33
    

    192.168.10.1 X
    120.56.78.35
    172.16.57.47 X
    10.100.49.162 X
    200.120.42.6
    

    192.168.0.15 example.com
    

    sudo ip -6 route add default via 2001:db8:0:abcd::1
    

    ◦ נתונים טקסטואליים: TXT
    ◦ חיפוש הפוך לפי כתובת IP: PTR
    ◦ דומיין שאין לו כתובת משלו ותלוי בדומיין אחר: CNAME
    ◦ שרת דואר: MX
    

    ss -u
    

    ss -s
    

    Total: 978 (kernel 0)
    TCP: 4 (estab 0, closed 0, orphaned 0, synrecv 0, timewait 0/0), ports 0
    Transport Total IP IPv6
    * 0 - -
    RAW 1 0 1
    UDP 7 5 2
    TCP 4 3 1
    INET 12 8 4
    FRAG 0 0 0
    

Introduction
In today’s world, computing devices of any kind exchange information through networks. At the
very heart of the concept of computer networks are the physical connections between a device and
its peer(s). These connections are called links, and they are the most basic connection between two
different devices. Links can be established through various media, such as copper cables, optical
fibres, radio waves or lasers.
Each link is connected with an interface of a device. Each device can have multiple interfaces and
thus be connected to multiple links. Through these links computers can form a network; a small
community of devices that can directly connect to each other. There are numerous examples of such
networks in the world. To be able to communicate beyond the scope of a link layer network, devices
use routers. Think of link layer networks as islands connected by routers which connect the
islands—just like bridges which information has to travel to reach a device which is part of a remote
island.
This model leads to several different layers of networking:
Linux Essentials (Version 1.6) | 4.4 Your Computer on the Network
Version: 2022-04-29 | Licensed for Cyber School. | learning.lpi.org | 325
Link Layer
Handles the communication between directly connected devices.
Network Layer
Handles routing outside of individual networks and the unique addressing of devices beyond a
single link layer network.
Application Layer
Enables individual programs to connect to each other.
When first invented, computer networks used the same methods of communication as telephones in
that they were circuit switched. This means that a dedicated and direct link had to be formed
between two nodes for them to be able to communicate. This method worked well, however, it
required all the space on a given link for only two hosts to communicate.
Eventually computer networks moved over to something called packet switching. In this method the
data is grouped up with a header, which contains information about where the information is
coming from and where it’s going to. The actual content information is contained in this frame and
sent over the link to the recipient indicated in the frame’s header. This allows for multiple devices to
share a single link and communicate almost simultaneously.
Link Layer Networking
The job of any packet is to carry information from the source to its destination through a link
connecting both devices. These devices need a way to identify themselves to each other. This is the
purpose of a link layer address. In an ethernet network, Media Access Control Addresses (MAC) are
used to identify individual devices. A MAC address consists of 48 bits. They are not necessarily
globally unique and cannot be used to address peers outside of the current link. Thus these addresses
can not be used to route packets to another links. The recipient of a packet checks whether the
destination address matches its own link layer and, if it does, processes the packet. Otherwise the
packet is dropped. The exception to this rule is broadcast packets (a packet sent to everyone in a
given local network) which are always accepted.
The command ip link show displays a list of all the available network interfaces and their link layer
addresses as well as some other information about the maximum packet size:
Linux Essentials (Version 1.6) | Topic 4: The Linux Operating System
326 | learning.lpi.org | Licensed for Cyber School. | Version: 2022-04-29
$ ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT
group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode
DEFAULT group default qlen 1000
link/ether 00:0c:29:33:3b:25 brd ff:ff:ff:ff:ff:ff
The above output shows that the device has two interfaces, lo and ens33. lo is the loopback device
and has the MAC address 00:00:00:00:00:00 while ens33 is an ethernet interface and has the MAC
address 00:0c:29:33:3b:25.
IPv4 Networking
To visit websites such as Google or Twitter, to check emails or to allow businesses to connect to
each other, packets need to be able to roam from one link layer network to another. Often, these
networks are connected just indirectly, with several intermediate link layer networks which packets
have to cross to reach their actual destination.
The link layer addresses of a network interface cannot be used outside that specific link layer
network. Since this address has no significance to devices in other link layer networks, a form of
globally unique addresses are needed in order to implement routing. This addressing scheme, along
with the overall concept of routing, is implemented by the Internet Protocol (IP).
NOTE
A protocol is a set of procedures of doing something so that all parties following
the protocol are compatible to each other. A protocol can be seen as the definition
of a standard. In computing, the Internet Protocol is a standard agreed upon by
everyone so that different devices produced by different manufacturers can all
communicate with each other.
IPv4 Addresses
IP addresses, like MAC addresses, are a way to indicate where a data packet comes from and where
it is going to. IPv4 was the original protocol. IPv4 addresses are 32 bits wide giving a theoretical
maximum number of 4,294,967,296 addresses. However, the number of those addresses useable by
devices is much smaller as some ranges are reserved for special use cases such as broadcast
addresses (which are used to reach all participants of a specific network), multicast addresses
(similar to broadcast addresses, but a device must tune in like a radio) or those reserved for private
use.
Linux Essentials (Version 1.6) | 4.4 Your Computer on the Network
Version: 2022-04-29 | Licensed for Cyber School. | learning.lpi.org | 327
In their human readable format IPv4 addresses are denoted as four digits separated by a dot. Each
digit can range from 0 to 255. For example, take the following IP address:
192.168.0.1
Technically, each of these digits represents eight individual bits. Thus this address could also be
written like this:
11000000.10101000.00000000.00000001
In practice the decimal notation as seen above is used. However, the bitwise representation is still
important to understand subnetting.
IPv4 Subnets
In order to support routing, IP addresses can be split into two parts: the network and host portions.
The network portion identifies the network that the device is on and is used to route packets to that
network. The host portion is used to specifically identify a given device on a network and to hand
the packet over to its specific recipient once it has reached its link layer network.
IP addresses can be broken into subnet and host parts at any point. The so-called subnet mask
defines where this split happens. Let’s reconsider the binary representation of the IP address from
the former example:
11000000.10101000.00000000.00000001
Now for this IP address, the subnet mask sets each bit which belongs to the network part to 1 and
each bit that belongs to the host part to 0:
11111111.11111111.11111111.00000000
In practice the netmask is written in the decimal notation:
255.255.255.0
This means that this network ranges from 192.168.0.0 to 192.168.0.255. Note that the first three
numbers, which have all bits set in the net mask, stay unchanged in the IP addresses.
Linux Essentials (Version 1.6) | Topic 4: The Linux Operating System
328 | learning.lpi.org | Licensed for Cyber School. | Version: 2022-04-29
Finally, there is an alternative notation for the subnet mask, which is called Classless Inter-Domain
Routing (CIDR). This notation just indicates how many bits are set in the subnet mask and adds this
number to the IP address. In the example, 24 out of 32 bits are set to 1 in the subnet mask. This can
be expressed in CIDR notation as 192.168.0.1/24
Private IPv4 Addreses
As mentioned before, certain sections of the IPv4 address space are reserved for special use cases.
One of these use cases are private address assignments. The following subnets are reserved for
private addressing:
• 10.0.0.0/8
• 172.16.0.0/12
• 192.168.0.0/16
Addresses out of these subnets can be used by anyone. However, these subnets can not be routed on
the public internet as they are potentially used by numerous networks at the same time.
Today, most networks use these internal addresses. They allow internal communication without the
need of any external address assignment. Most internet connections today just come with a single
external IPv4 address. Routers map all the internal addresses to that single external IP address when
forwarding packets to the internet. This is called Network Address Translation (NAT). The special
case of NAT where a router maps internal addresses to a single external IP address is sometimes call
masquerading. This allows any device on the inside network to establish new connections with any
global IP address on the internet.
NOTE
With masquerading, the internal devices can not be referenced from the internet
since they do not have a globally valid address. However, this is not a security
feature. Even when using masquerading, a firewall is still needed.

IPv4 Address Configuration
There are two main ways to configure IPv4 addresses on a computer. Either by assigning addresses
manually or by using the Dynamic Host Configuration Protocol (DHCP) for automatic configuration.
When using DHCP, a central server controls which addresses are handed out to which devices. The
server can also supply devices with other information about the network such as the IP addresses of
DNS servers, the IP address of the default router or, in the case of more complicated setups, to start
an operating system from the network. DHCP is enabled by default on many systems, therefore you
will likely already have an IP address when you are connected to a network.
Linux Essentials (Version 1.6) | 4.4 Your Computer on the Network
Version: 2022-04-29 | Licensed for Cyber School. | learning.lpi.org | 329
IP addresses can also be manually added to an interface using the command ip addr add. Here, we
add the address 192.168.0.5 to the interface ens33. The network uses the netmask 255.255.255.0
which equals /24 in CIDR notation:
$ sudo ip addr add 192.168.0.5/255.255.255.0 dev ens33
Now we can verify that the address was added using the ip addr show command:
$ ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
25: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group
default qlen 1000
link/ether 00:0c:29:33:3b:25 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.5/24 192.168.0.255 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::010c:29ff:fe33:3b25/64 scope link noprefixroute
valid_lft forever preferred_lft forever
The above output shows both the lo interface and the ens33 interface with its address assigned with
the command above.
To verify the reachability of a device, the ping command can be used. It sends a special type of
message called an echo request in which the sender asks the recipient for a response. If the
connection between the two devices can be successfully established, the recipient will send back an
echo reply, thus verifying the connection:
Linux Essentials (Version 1.6) | Topic 4: The Linux Operating System
330 | learning.lpi.org | Licensed for Cyber School. | Version: 2022-04-29
$ ping -c 3 192.168.0.1
PING 192.168.0.1 (192.168.0.1) 56(84) bytes of data.
64 bytes from 192.168.0.1: icmp_seq=1 ttl=64 time=2.16 ms
64 bytes from 192.168.0.1: icmp_seq=2 ttl=64 time=1.85 ms
64 bytes from 192.168.0.1: icmp_seq=3 ttl=64 time=3.41 ms
--- 192.168.0.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 5ms
rtt min/avg/max/mdev = 1.849/2.473/3.410/0.674 ms
The -c 3 parameter makes ping stop after sending three echo requests. Otherwise, ping continues to
run forever and has to be stopped by pressing Ctrl + C .
IPv4 Routing
Routing is the process in which a packet gets from the source network to the destination network.
Each device maintains a routing table which contains information about which IP network can be
directly reached through the device’s attachment to link layer networks and which IP network can
be reached by passing packets on to a router. Finally, a default route defines a router which receives
all packets which did not match any other route.
When establishing a connection, the device looks up the target’s IP address in its routing table. If an
entry matches the address, the packet is either sent to the respective link layer network or passed on
to the router indicated in the routing table.
Routers themselves maintain routing tables, too. When receiving a packet, a router also looks up the
destination address in its own routing table and sends the packet on to the next router. This is
repeated until the packet arrives at the router on the destination network. Each router involved in
this journey is called a hop. This last router finds a direct connected link for the target address in its
routing table and sends the packets to its target interface.
Most home networks only have one way out, the singular router that came from the internet service
provider (ISP). In this case a device just forwards all packets that aren’t for the internal network
directly to the home router which will then send it to the provider’s router for further forwarding.
This is an example of the default route.
The command ip route show lists the current IPv4 routing table:
Linux Essentials (Version 1.6) | 4.4 Your Computer on the Network
Version: 2022-04-29 | Licensed for Cyber School. | learning.lpi.org | 331
$ ip route show
127.0.0.0/8 via 127.0.0.1 dev lo0
192.168.0.0/24 dev ens33 scope link
To add a default route, all that’s needed is the internal address of the router that’s going to be the
default gateway. If, for example, the router has the address 192.168.0.1, then the following
command sets it up as a default route:
$ sudo ip route add default via 192.168.0.1
To verify, run ip route show again:
$ ip route show
default via 192.168.0.1 dev ens33
127.0.0.0/8 via 127.0.0.1 dev lo0
192.168.0.0/24 dev ens33 scope link
IPv6 Networking
IPv6 was designed to deal with the shortcomings of IPv4, mainly the lack of addresses as more and
more devices were being brought online. However, IPv6 also includes other features such as new
protocols for automatic network configuration. Instead of 32 bits per address IPv6 uses 128. This
allows for approximately 2128 addresses. However, like IPv4, the number of globally unique usable
addresses is a lot smaller due to sections of the allocation being reserved for other uses. This large
number of addresses means there are more than enough public addresses for every device currently
connected to the internet and for many more to come, thus reducing the need for masquerading and
its issues such as the delay during translation and the impossibility to directly connect to
masqueraded devices.
IPv6 Addresses
Written down, the addresses use 8 groups of 4 hexadecimal digits each separated by a colon:
2001:0db8:0000:abcd:0000:0000:0000:7334
NOTE Hexadecimal digits range from 0 to f, so each digit can contain one of 16 different
values.
Linux Essentials (Version 1.6) | Topic 4: The Linux Operating System
332 | learning.lpi.org | Licensed for Cyber School. | Version: 2022-04-29
To make it easier leading zeros from each group can be removed when written down however each
group must contain at least one digit:
2001:db8:0:abcd:0:0:0:7334
Where multiple groups containing only zeros follow directly after each other they may be entirely
replaced by '::':
2001:db8:0:abcd::7334
However, this can only happen once in each address.
IPv6 Prefix
The first 64 bits of an IPv6 address are known as the routing prefix. The prefix is used by routers to
determine which network a device belongs to and therefore which path the data needs to be sent on.
Subnetting always happens within the prefix. ISPs usually hand out /48 or /58 prefixes to their
customers, leaving them 16 or 8 bits for their internal subnetting.
There are three major prefix types in IPv6:
Global Unique Address
Wherein the prefix is assigned from the blocks reserved for global addresses. These addresses
ware valid in the entire internet.
Unique Local Address
May not be routed in the internet. They may, however, be routed internally within an
organization. These addresses are used within a network to ensure the devices still have an
address even when there is no internet connection. They are the equivalent of the private address
ranges from IPv4. The first 8 bits are always fc or fd, followed by 40 randomly generated bits.
Link Local Address
Are only valid on a particular link. Every IPv6 capable network interface has one such address,
starting with fe80. These addresses are used internally by IPv6 to request additional addresses
using automatic configuration and to find other computers on the network using the Neighbor
Discovery protocol.

IPv6 Interface Identifier
While the prefix determines in which network a device resides, the interface identifier is used to
enumerate the devices within a network. The last 64 bits in an IPv6 address form the interface
identifier, just like the last bits of an IPv4 address.
When an IPv6 address is assigned manually, the interface identifier is set as part of the address.
When using automatic address configuration, the interface identifier is either chosen randomly or
derived from the device’s link layer address. This makes a variation of the link layer address appear
within the IPv6 address.
IPv6 Address Configuration
Like IPv4, IPv6 address can be either assigned manually or automatically. However, IPv6 has two
different types of automated configuration, DHCPv6 and Stateless Address Autoconfiguration
(SLAAC).
SLAAC is the easier of the two automated methods and built right into the IPv6 standard. The
messages use the new Neighbor Discovery Protocol which allows devices to find each other and
request information regarding a network. This information is sent by routers and can contain IPv6
prefixes which the devices may use by combining them with an interface identifier of their choice, as
long as the resulting address it not yet in use. The devices do not provide feedback to the router
about the actual addresses they have created.
DHCPv6, on the other hand, is the updated DHCP made to work with the changes of IPv6. It allows
for finer control over the information handed out to clients, like allowing for the same address to be
handed out to the same client every time, and sending out more options to the client than SLAAC.
With DHCPv6, clients need to get the explicit consent of a DHCP server in order to use an address.
The method to manually assign an IPv6 address to an interface is the same as with IPv4:
$ sudo ip addr add 2001:db8:0:abcd:0:0:0:7334/64 dev ens33
To verify the assignment has worked the same ip addr show command is used:
Linux Essentials (Version 1.6) | Topic 4: The Linux Operating System
334 | learning.lpi.org | Licensed for Cyber School. | Version: 2022-04-29
$ ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
25: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group
default qlen 1000
link/ether 00:0c:29:33:3b:25 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.5/24 192.168.0.255 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::010c:29ff:fe33:3b25/64 scope link noprefixroute
valid_lft forever preferred_lft forever
inet6 2001:db8:0:abcd::7334/64 scope global
valid_lft forever preferred_lft forever
Here we also see the link-local address fe80::010c:29ff:fe33:3b25/64.
Like IPv4, the ping command can also be used to confirm the reachability of devices through IPv6:
$ ping 2001:db8:0:abcd::1
PING 2001:db8:0:abcd::1(2001:db8:0:abcd::1) 56 data bytes
64 bytes from 2001:db8:0:abcd::1: icmp_seq=1 ttl=64 time=0.030 ms
64 bytes from 2001:db8:0:abcd::1: icmp_seq=2 ttl=64 time=0.040 ms
64 bytes from 2001:db8:0:abcd::1: icmp_seq=3 ttl=64 time=0.072 ms
--- 2001:db8:0:abcd::1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 43ms
rtt min/avg/max/mdev = 0.030/0.047/0.072/0.018 ms
NOTE On some Linux systems, ping does not support IPv6. These systems provide a
dedicated ping6 command instead.
To verify the link-local address again use ping again. But since all interfaces use the fe80::/64
prefix, the correct interface has to be specified along with the address:
Linux Essentials (Version 1.6) | 4.4 Your Computer on the Network
Version: 2022-04-29 | Licensed for Cyber School. | learning.lpi.org | 335
$ ping6 -c 1 fe80::010c:29ff:fe33:3b25%ens33
PING fe80::010c:29ff:fe33:3b25(fe80::010c:29ff:fe33:3b25) 56 data bytes
64 bytes from fe80::010c:29ff:fe33:3b25%ens33: icmp_seq=1 ttl=64 time=0.049 ms
--- fe80::010c:29ff:fe33:3b25 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.049/0.049/0.049/0.000 ms

DNS
IP addresses are difficult to remember and don’t exactly have a high coolness factor if you’re trying
to market a service or product. This is where the Domain Name System comes into play. In its
simplest form DNS is a distributed phone book that maps friendly rememberable domain names such
as example.com to IP addresses. When, for example, a user navigates to a website, they enter the
DNS hostname as part of the URL. The web browser then sends the DNS name to whichever DNS
resolver has been configured. That DNS resolver will in turn find out the address that correlates to
the domain. The resolver then replies with that address and the web browser tries to reach the web
server at that IP address.
The resolvers that Linux uses to look up DNS data are configured in the /etc/resolv.conf
configuration file:
$ cat /etc/resolv.conf
search lpi
nameserver 192.168.0.1
When the resolver performs a name lookup, it first checks the /etc/hosts file to see if it contains an
address for the requested name. If it does, it returns that address and does not contact the DNS. This
allows network administrators to provide name resolution without having to go through the effort
of configuration a complete DNS server. Each line in that file contains one IP address followed by
one or more names:
127.0.0.1 localhost.localdomain localhost
::1 localhost.localdomain localhost
192.168.0.10 server
2001:db8:0:abcd::f server
To perform a lookup in the DNS, use the command host:
Linux Essentials (Version 1.6) | Topic 4: The Linux Operating System
336 | learning.lpi.org | Licensed for Cyber School. | Version: 2022-04-29
$ host learning.lpi.org
learning.lpi.org has address 208.94.166.198
More detailed information can be retrieved using the command dig:
$ dig learning.lpi.org
; <<>> DiG 9.14.3 <<>> learning.lpi.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21525
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 2ac55879b1adef30a93013705d3306d2128571347df8eadf (bad)
;; QUESTION SECTION:
;learning.lpi.org. IN A
;; ANSWER SECTION:
learning.lpi.org. 550 IN A 208.94.166.198
;; Query time: 3 msec
;; SERVER: 192.168.0.1#53(192.168.0.1)
;; WHEN: Sat Jul 20 14:20:21 EST 2019
;; MSG SIZE rcvd: 89
Here we also see the name of the DNS record types, in this case A for IPv4.
Sockets
A socket is a communication endpoint for two programs talking to each other. If the socket is
connected over a network, the programs can run on different devices, such as a web browser
running on a user’s laptop and a web server running in a company’s data center.
There are three main types of sockets:
Unix Sockets
Which connect processes running on the same device.
Linux Essentials (Version 1.6) | 4.4 Your Computer on the Network
Version: 2022-04-29 | Licensed for Cyber School. | learning.lpi.org | 337
UDP (User Datagram Protocol) Sockets
Which connect applications using a protocol which is fast but not resilient.
TCP (Transmission Control Protocol) Sockets
Which are more reliable than UDP sockets and, for example, confirm the receipt of data.
Unix sockets can only connect applications running on the same device. TCP and UDP sockets
however can connect over a network. TCP allows for a stream of data that always arrives in the
exact order it was sent. UDP is more fire and forget; the packet is sent but its delivery at the other
end is not guaranteed. UDP does however lack the overhead of TCP, making it perfect for low
latency applications such as online video games.
TCP and UDP both use ports to address multiple sockets on the same IP address. While the source
port for a connection is usually random, target ports are standardized for a specific service. HTTP is,
for example, usually hosted at port 80, HTTPS is run on port 443. SSH, a protocol to securely log into
a remote Linux system, listens on port 22.
The ss command allows an administrator to investigate all of the sockets on a Linux computer. It
shows everything from the source address, destination address and type. One of its best features is
the use of filters so a user can monitor the sockets in whatever connection state they would like. ss
can be run with a set of options as well as a filter expression to limit the information shown.
When executed without any options, the command shows a list of all established sockets. Using the
-p option includes information on the process using each socket. The –s option shows a summary of
sockets. There are many more options available for this tool but the last set of major ones are -4 and
-6 for narrowing down the IP protocol to either IPv4 or IPv6 respectively, -t and -u allow the
administrator to select TCP or UDP sockets and -l to show only socket which listen for new
connections.
The following command, for example, lists all TCP sockets currently in use:
$ ss -t
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 0 192.168.0.5:49412 192.168.0.1:https
ESTAB 0 0 192.168.0.5:37616 192.168.0.1:https
ESTAB 0 0 192.168.0.5:40114 192.168.0.1:https
ESTAB 0 0 192.168.0.5:54948 192.168.0.1:imap
...

Guided Exercises
1. A network engineer is asked to assign two IP addresses to the ens33 interface of a host, one IPv4
address (192.168.10.10/24) and one IPv6 address (2001:0:0:abcd:0:8a2e:0370:7334/64). What
commands must they enter to achieve this?
2. Which addresses from the list below are private?
192.168.10.1
120.56.78.35
172.16.57.47
10.100.49.162
200.120.42.6
3. What entry would you add into the hosts file to assign 192.168.0.15 to example.com?
4. What effect would the following command have?
sudo ip -6 route add default via 2001:db8:0:abcd::1
Linux Essentials (Version 1.6) | 4.4 Your Computer on the Network
Version: 2022-04-29 | Licensed for Cyber School. | learning.lpi.org | 339
Explorational Exercises
1. Name the DNS record type used to serve the following requests:
◦ Textual data
◦ Reverse IP address lookup
◦ A domain that has no address of its own and relies on another domain for this information
◦ Mail Server
2. Linux has a feature called bridging, what does it do and how is it useful?
3. What option needs to be supplied to the ss command in order to view all established UDP
sockets?
4. Which command shows a summary of all sockets running on a Linux device?
5. The following output is generated by the command from the previous exercise. How many TCP
and UDP sockets are active?
Total: 978 (kernel 0)
TCP: 4 (estab 0, closed 0, orphaned 0, synrecv 0, timewait 0/0), ports 0
Transport Total IP IPv6
* 0 - -
RAW 1 0 1
UDP 7 5 2
TCP 4 3 1
INET 12 8 4
FRAG 0 0 0

Summary
This topic covers networking your Linux computer. First we learned about the various levels of
networking:
• The link layer which connects devices directly.
• The networking layer which provides routing between networks and a global address space.
• The application layer where applications connect to each other.
We have seen how IPv4 and IPv6 are used to address individual computers, and how TCP and UDP
enumerate sockets used by applications to connect to each other. We also learned how DNS is used
to resolve names to IP addresses.
Commands used in the exercises:
dig
Query DNS information and provide verbose information about the DNS queries and responses.
host
Query DNS information and provide condensed output.
ip
Configure networking on Linux, including network interfaces, addresses and routing.
ping
Test the connectivity to a remote device.
ss
Show information regarding sockets.
Linux Essentials (Version 1.6) | Topic 4: The Linux Operating System
342 | learning.lpi.org | Licensed for Cyber School. | Version: 2022-04-29
Answers to Guided Exercises
1. A network engineer is asked to assign two IP addresses to the ens33 interface of a host, one IPv4
address (192.168.10.10/24) and one IPv6 address (2001:0:0:abcd:0:8a2e:0370:7334/64). What
commands must they enter to achieve this?
sudo ip addr add 192.168.10.10/24 dev ens33
sudo ip addr add 2001:0:0:abcd:0:8a2e:0370:7334/64 dev ens33
2. Which addresses from the list below are private?
192.168.10.1 X
120.56.78.35
172.16.57.47 X
10.100.49.162 X
200.120.42.6
3. What entry would you add into the hosts file to assign 192.168.0.15 to example.com?
192.168.0.15 example.com
4. What effect would the following command have?
sudo ip -6 route add default via 2001:db8:0:abcd::1
It would add a default route into the table that sends all IPv6 traffic to the router with an
internal address of 2001:db8:0:abcd::1.
Linux Essentials (Version 1.6) | 4.4 Your Computer on the Network
Version: 2022-04-29 | Licensed for Cyber School. | learning.lpi.org | 343
Answers to Explorational Exercises
1. Name the DNS record type used to serve the following requests:
◦ Textual data
TXT
◦ Reverse IP address lookup
PTR
◦ A domain that has no address of its own and relies on another domain for this information
CNAME
◦ Mail Server
MX
2. Linux has a feature called bridging, what does it do and how is it useful?
A bridge connects multiple networking interfaces. All interfaces connected to a bridge can
communicate as if they were connected to the same link layer network: All devices use IP
addresses from the same subnet and do not require a router in order to connect to each other.
3. What option needs to be supplied to the ss command in order to view all established UDP
sockets?
The -u option shows all established UDP sockets.
4. Which command shows a summary of all sockets running on a Linux device?
The ss -s command shows a summary of all sockets
5. The following output is generated by the command from the previous exercise. How many TCP
and UDP sockets are active?
Linux Essentials (Version 1.6) | Topic 4: The Linux Operating System
344 | learning.lpi.org | Licensed for Cyber School. | Version: 2022-04-29
Total: 978 (kernel 0)
TCP: 4 (estab 0, closed 0, orphaned 0, synrecv 0, timewait 0/0), ports 0
Transport Total IP IPv6
* 0 - -
RAW 1 0 1
UDP 7 5 2
TCP 4 3 1
INET 12 8 4
FRAG 0 0 0
11 TCP and UDP sockets are active.