IP Addresses
An IP address is a unique identifier assigned to each device on a network, much like a postal address for your house.
IPv4: The Original Addressing Scheme
- Format: Four numbers separated by dots (e.g.,
192.168.1.10). - Range: Each number ranges from 0 to 255 (e.g.,
0.0.0.0to255.255.255.255). - Limitation: IPv4 supports about 4.3 billion addresses, which is why the world is gradually transitioning to IPv6.
Public vs. Private IP Addresses
- Public IP: The address of your network on the internet, assigned by your ISP. It must be globally unique.
- Private IP: Used inside a local network (like your home Wi-Fi). Devices communicate using these addresses, and the router translates them to a public IP using NAT.
Common Private IP Ranges
10.0.0.0 – 10.255.255.255172.16.0.0 – 172.31.255.255192.168.0.0 – 192.168.255.255(most common in home networks)
IPv6: The Modern Solution
-
Format: Eight groups of hexadecimal digits separated by colons.
Example:
2001:0db8:85a3:0000:0000:8a2e:0370:7334 - Advantage: Provides a virtually unlimited number of addresses (about 340 undecillion).
Subnets
A subnet (sub-network) is a logical subdivision of a larger network. It divides a large network into smaller and more manageable segments.
Why Use Subnets?
- Organization: Devices can be grouped logically (e.g., Finance subnet, Engineering subnet).
- Security: Traffic can be isolated between subnets.
- Performance: Reduces broadcast traffic and improves network efficiency.
The Subnet Mask
A subnet mask defines which portion of an IP address represents the network and which portion represents the host.
Example subnet mask:
255.255.255.0
Example IP: 192.168.1.10
- Network portion:
192.168.1 - Host portion:
.10
This means devices with IP addresses from 192.168.1.1 to 192.168.1.254 belong to the same local network.
CIDR Notation (The Shortcut)
Instead of writing an IP address and subnet mask separately, CIDR notation combines them.
Example:
192.168.1.0/24
The /24 means the first 24 bits are used for the network portion.
Common CIDR Examples
- /24 – 255 addresses (typical home network)
- /16 – 65,535 addresses (large organization)
- /32 – single host address (commonly used in firewall rules)
DNS (Domain Name System)
DNS acts like the phonebook of the internet. Humans remember domain names such as
google.com, but computers communicate using IP addresses like
142.251.32.206.
DNS translates domain names into IP addresses.
How DNS Lookup Works
- Your computer sends a query to a Recursive Resolver (often provided by your ISP or public DNS services like
1.1.1.1or8.8.8.8). - The resolver asks the Root DNS Servers where to find the
.comdomain. - The root servers direct the resolver to the .com TLD servers.
- The resolver asks the TLD servers where
google.comis located. - The TLD servers respond with the authoritative name servers for
google.com. - The resolver queries Google's name servers for the IP address.
- Google's servers return the IP address (e.g.,
142.251.32.206). - The resolver sends the IP address back to your computer.
- Your computer connects to the website using that IP address.
Configuration & Routing
1. ip addr (Show IP Addresses)
Replaces the old: ifconfig
Purpose: Displays IP addresses, MAC addresses, and the state (UP/DOWN) of all network interfaces.
# Show addresses for all interfaces ip addr # Show details for a specific interface ip addr show dev eth0
Example Output:
1: lo: <LOOPBACK,UP> mtu 65536
link/loopback 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500
link/ether 08:00:27:3a:4c:5b
inet 192.168.1.15/24 brd 192.168.1.255 scope global dynamic eth0
inet6 fe80::a00:27ff:fe3a:4c5b/64 scope link
- lo: Loopback interface (
127.0.0.1). - eth0: Ethernet network interface.
- link/ether: MAC address.
- inet: IPv4 address and subnet mask.
- inet6: IPv6 address.
- state UP: Interface is active.
2. ip route (Show Routing Table)
Replaces the old: route -n or netstat -r
Purpose: Displays the system routing table used to send packets between networks.
ip route
Example Output:
default via 192.168.1.1 dev eth0 proto dhcp metric 100 192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.15 metric 100
- default via 192.168.1.1: Default gateway (router).
- 192.168.1.0/24 dev eth0: Local network route.
Connectivity Testing
3. ping (Test Connectivity)
Purpose: Tests if a host is reachable by sending ICMP echo requests.
# Continuous ping ping google.com # Ping only 4 times ping -c 4 8.8.8.8
Example Output:
PING google.com (142.251.32.206) 64 bytes from 142.251.32.206: icmp_seq=1 ttl=117 time=11.4 ms 64 bytes from 142.251.32.206: icmp_seq=2 ttl=117 time=11.5 ms
- time=11.4 ms: Round-trip time (latency).
- Errors like
Destination Host Unreachableindicate network issues.
Ports & DNS
4. ss (Socket Statistics)
Replaces the old: netstat
Purpose: Displays open ports and active network connections.
# Show listening and established connections ss -tuln
Common Options:
-t: TCP connections-u: UDP connections-l: Listening sockets-n: Show numeric addresses-p: Show owning process (requires sudo)
# Find process using port 80 sudo ss -tulpn 'sport = :80'
- LISTEN: Service waiting for connections.
- ESTAB: Active connection.
5. dig (Domain Information Groper)
Purpose: Advanced DNS query tool used to troubleshoot DNS problems.
# Basic DNS lookup dig google.com # Query MX records dig MX google.com # Query specific DNS server dig @8.8.8.8 google.com # Short output dig +short google.com
142.251.32.206
Important Output Sections:
- ANSWER SECTION: Shows the returned IP address.
- Query time: DNS lookup time.
- SERVER: DNS server that responded.
6. nslookup (Name Server Lookup)
An older tool used to perform DNS lookups. While still functional, dig is preferred.
# Interactive mode nslookup > google.com > server 1.1.1.1 > exit
# Non-interactive mode nslookup google.com
7. netstat (Network Statistics - Legacy Tool)
netstat is now considered deprecated. Modern Linux systems use
ss and ip commands instead.
# Show listening ports netstat -tuln # Show routing table netstat -r