Networking Basics¶

This page covers the everyday networking knowledge a Linux admin needs: how IP addresses work, how to inspect and configure interfaces with the modern ip and nmcli tools, how name resolution happens, and how to troubleshoot connectivity and ports.

Tested on

AlmaLinux 9.4 (RHEL 9 family) with NetworkManager. Ubuntu 22.04/24.04 notes are called out inline where the tooling differs (netplan, ufw).

IP addressing essentials¶

Every device on a TCP/IP network has an IP address. Most networks you will touch use IPv4: four 8-bit numbers (octets) separated by dots, e.g. 192.168.10.25. Each octet ranges from 0–255.

Subnet masks and CIDR¶

An address is split into a network part and a host part. The split is defined by a subnet mask. Modern notation uses CIDR — a /n suffix counting the network bits:

CIDR	Subnet mask	Usable hosts	Common use
/24	255.255.255.0	254	Typical office/home LAN
/16	255.255.0.0	65 534	Large internal network
/8	255.0.0.0	16 777 214	Very large block
/30	255.255.255.252	2	Point-to-point links

So 192.168.10.25/24 means the first 24 bits (192.168.10) are the network, and .25 identifies the host within it. Hosts on the same subnet talk directly; anything else goes through the gateway (router).

Private address ranges¶

These ranges (RFC 1918) are reserved for internal use and are not routed on the public internet:

10.0.0.0/8         10.0.0.0     – 10.255.255.255
172.16.0.0/12      172.16.0.0   – 172.31.255.255
192.168.0.0/16     192.168.0.0  – 192.168.255.255

Note

127.0.0.0/8 (usually 127.0.0.1, "localhost") is the loopback — your own machine. 169.254.0.0/16 is link-local (APIPA), an auto-assigned fallback when DHCP fails.

Inspecting the network with the `ip` suite¶

The iproute2 package provides the ip command, which replaces the older deprecated tools:

Old tool	Modern replacement
`ifconfig`	`ip addr`, `ip link`
`route`	`ip route`
`arp`	`ip neigh`
`netstat`	`ss`

Addresses and links¶

# Show all interfaces and their IP addresses
ip addr show
ip a            # short form

2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 52:54:00:a1:b2:c3 brd ff:ff:ff:ff:ff:ff
    inet 192.168.10.25/24 brd 192.168.10.255 scope global noprefixroute enp1s0
       valid_lft forever preferred_lft forever

# Just the link (layer 2) state of interfaces — UP/DOWN, MAC, MTU
ip link show

# Bring an interface administratively up or down
sudo ip link set enp1s0 down
sudo ip link set enp1s0 up

Warning

Changes made with ip addr add / ip link set are not persistent — they vanish on reboot or when NetworkManager re-applies a profile. For permanent configuration use nmcli (below).

Routing table¶

ip route show

default via 192.168.10.1 dev enp1s0 proto static metric 100
192.168.10.0/24 dev enp1s0 proto kernel scope link src 192.168.10.25 metric 100

The default line is your gateway — where packets go when no more specific route matches.

Neighbours (ARP table)¶

ip neigh show

192.168.10.1 dev enp1s0 lladdr 00:11:22:33:44:55 REACHABLE

This maps IP addresses to MAC addresses on the local segment.

Managing connections with NetworkManager / nmcli¶

On RHEL/AlmaLinux, NetworkManager owns the interfaces and nmcli is the command-line front-end. NetworkManager separates devices (hardware) from connections (saved profiles).

# List devices and their state
nmcli device status

DEVICE   TYPE      STATE      CONNECTION
enp1s0   ethernet  connected  enp1s0
lo       loopback  unmanaged  --

# List saved connection profiles
nmcli connection show

Configure a static IP¶

# Set address, gateway, and DNS on the connection profile named "enp1s0"
sudo nmcli connection modify enp1s0 \
  ipv4.method manual \
  ipv4.addresses 192.168.10.25/24 \
  ipv4.gateway 192.168.10.1 \
  ipv4.dns "1.1.1.1 8.8.8.8"

# Apply the change by reactivating the connection
sudo nmcli connection up enp1s0

Switch back to DHCP¶

sudo nmcli connection modify enp1s0 ipv4.method auto
sudo nmcli connection modify enp1s0 -ipv4.addresses "" -ipv4.gateway ""
sudo nmcli connection up enp1s0

Bring connections up and down¶

sudo nmcli connection down enp1s0   # deactivate
sudo nmcli connection up enp1s0     # reactivate

Tip

nmtui is a friendly text UI for the same tasks if you prefer menus over flags.

Ubuntu: netplan¶

Ubuntu Server uses netplan, which renders YAML in /etc/netplan/*.yaml to a backend (usually systemd-networkd):

# /etc/netplan/01-netcfg.yaml
network:
  version: 2
  ethernets:
    eth0:
      addresses: [192.168.10.25/24]
      routes:
        - to: default
          via: 192.168.10.1
      nameservers:
        addresses: [1.1.1.1, 8.8.8.8]

sudo netplan try     # apply with a safety rollback timer
sudo netplan apply   # apply immediately

Hostnames¶

# View current hostname info
hostnamectl

# Set a permanent (static) hostname
sudo hostnamectl set-hostname web01.example.com

The change is written to /etc/hostname. Add a matching line to /etc/hosts so the name resolves locally.

DNS resolution¶

When you reference a name like example.com, the resolver consults several sources in an order set by /etc/nsswitch.conf:

hosts:      files dns myhostname

files means /etc/hosts is checked first, then dns.

File	Purpose
`/etc/hosts`	Static name → IP mappings, checked before DNS
`/etc/resolv.conf`	Nameservers (`nameserver`) and `search` domains
`/etc/nsswitch.conf`	Order of resolution sources

# /etc/hosts
127.0.0.1   localhost
192.168.10.25  web01.example.com web01

Note

On systems running systemd-resolved (common on Ubuntu), /etc/resolv.conf is a symlink to a stub and DNS servers are managed by NetworkManager/resolved — edit DNS via nmcli or netplan, not the file directly.

Query tools¶

# dig: the detailed DNS query tool
dig example.com +short
# 93.184.216.34

# Look up a specific record type
dig MX example.com +short

# host: concise lookup
host example.com

# nslookup: interactive/classic tool
nslookup example.com

# getent hosts: resolves the way applications do (honours nsswitch + /etc/hosts)
getent hosts web01

Tip

Use getent hosts (not just dig) when debugging why an app resolves a name differently — it respects /etc/hosts and nsswitch.conf, while dig queries DNS servers directly.

Ports and the well-known ports concept¶

A single host can run many services, each distinguished by a port number (0–65535) layered on top of TCP or UDP. The well-known ports (0–1023) are reserved for standard services and require root to bind:

Port	Service	Port	Service
22	SSH	443	HTTPS
25	SMTP	53	DNS
80	HTTP	3306	MySQL

Ports 1024–49151 are registered; 49152–65535 are ephemeral (used for client-side outbound connections).

Connectivity and port troubleshooting¶

Reachability¶

# ICMP echo — is the host up and reachable?
ping -c 4 192.168.10.1

# Trace the path packets take to a destination
traceroute example.com

# tracepath: similar, no root required, discovers MTU
tracepath example.com

Note

On AlmaLinux, install these with sudo dnf install traceroute bind-utils. bind-utils provides dig, host, and nslookup.

Listening sockets¶

# ss: show TCP+UDP listening sockets with process names
sudo ss -tulpn

Netid State  Recv-Q Send-Q Local Address:Port  Peer Address:Port Process
tcp   LISTEN 0      128          0.0.0.0:22         0.0.0.0:*     users:(("sshd",pid=812,fd=3))
tcp   LISTEN 0      511          0.0.0.0:80         0.0.0.0:*     users:(("nginx",pid=940,fd=6))

Flag breakdown: -t TCP, -u UDP, -l listening, -p show process, -n numeric (don't resolve names/ports). The legacy equivalent is netstat -tulpn (from the net-tools package).

Checking a remote port¶

# nc (netcat): test if a TCP port is open
nc -vz example.com 443
# Connection to example.com 443 port [tcp/https] succeeded!

# telnet: classic interactive port check
telnet example.com 80

# curl / wget: test an actual HTTP(S) service
curl -I https://example.com
wget -qO- https://example.com

-v is verbose, -z makes nc scan without sending data (just report open/closed).

Verify your work¶

# 1. Confirm your interface has the expected IP and is UP
ip -br addr show

# 2. Confirm the default gateway is set
ip route show default

# 3. Confirm DNS resolves a public name
getent hosts example.com && dig example.com +short

# 4. Confirm outbound connectivity
ping -c 2 1.1.1.1

# 5. Confirm a local service is listening
sudo ss -tulpn | grep ':22'

Expected: an IP/24 on your NIC, a default via <gateway> route, a resolved address, successful pings, and sshd listening on 22.

Summary¶

IPv4 addresses split into network/host parts via a CIDR prefix; 10/8, 172.16/12, and 192.168/16 are private.
The ip suite (ip addr, ip link, ip route, ip neigh) replaces ifconfig/route/arp; its changes are temporary.
On RHEL/AlmaLinux, nmcli makes persistent changes via connection profiles; Ubuntu uses netplan YAML.
Name resolution flows through /etc/nsswitch.conf → /etc/hosts → /etc/resolv.conf; query with dig, host, nslookup, and getent hosts.
Troubleshoot with ping/traceroute/tracepath for reachability and ss -tulpn, nc, curl for ports and services.

Next, secure remote access with SSH and lock down ports with Firewalls.

Networking Basics¶

IP addressing essentials¶

Subnet masks and CIDR¶

Private address ranges¶

Inspecting the network with the ip suite¶

Addresses and links¶

Routing table¶

Neighbours (ARP table)¶

Managing connections with NetworkManager / nmcli¶

Configure a static IP¶

Switch back to DHCP¶

Bring connections up and down¶

Ubuntu: netplan¶

Hostnames¶

DNS resolution¶

Query tools¶

Ports and the well-known ports concept¶

Connectivity and port troubleshooting¶

Reachability¶

Listening sockets¶

Checking a remote port¶

Verify your work¶

Summary¶

Test yourself¶

Inspecting the network with the `ip` suite¶