Advanced Linux Network Connectivity: An Expert-Level Guide

Linux is a powerful, flexible platform for working with network connectivity and configuration. Whether you’re debugging low-level connectivity issues or designing complex multi-network topologies, Linux tools provide granular control and unparalleled visibility into how packets travel to and from your systems.

This guide dives into network commands, configuration files, and diagnostic techniques at an expert level. You’ll see example commands, real-life outputs, and best practices that will help you gain deeper insight into your Linux system’s network behavior.

1. Inspecting Network Interfaces

1.1 ip link show

The ip link show command displays a high-level summary of network interfaces. It reveals interface names, MAC addresses, and operational state.

$ ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether a2:45:bb:1f:9c:01 brd ff:ff:ff:ff:ff:ff
3: wlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether a0:5f:45:12:af:9c brd ff:ff:ff:ff:ff:ff        

Key fields:

• eth0 vs. wlan0: Different interface names, typically Ethernet vs. Wi-Fi.
• <UP,LOWER_UP>: Indicates the interface is up and the physical layer is also active.
• mtu 1500: Default maximum transmission unit (packet size in bytes).

1.2 ip addr show

While ip link show focuses on layer 2, ip addr show extends into layer 3 by displaying assigned IP addresses and subnet masks.

$ ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> ...
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host 
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> ...
    inet 192.168.1.10/24 brd 192.168.1.255 scope global eth0
    inet6 fe80::a045:bbff:fe1f:9c01/64 scope link
3: wlan0: <BROADCAST,MULTICAST> ...
    ...        

Key fields:

• inet 192.168.1.10/24: Your IPv4 address and CIDR notation (24 bits in the network mask).
• inet6 fe80::a045:...: Link-local IPv6 address.

2. Managing IP Addresses

You can add or remove IP addresses using the ip addr add and ip addr del commands. This is useful for advanced routing, or to configure secondary IPs on a single interface.

# Add an IP address to eth0
$ sudo ip addr add 192.168.50.10/24 dev eth0

# Remove the same IP address
$ sudo ip addr del 192.168.50.10/24 dev eth0

# Verify the change
$ ip addr show dev eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 ...
    inet 192.168.50.10/24 brd 192.168.50.255 scope global secondary eth0        

Pro tip: These changes are temporary and will revert after a reboot unless you persist them in your Linux distribution’s network configuration files (e.g., /etc/sysconfig/network-scripts/ifcfg-eth0 on RHEL/CentOS or /etc/netplan/ on Ubuntu).

3. Checking the Default Gateway and Routing Table

3.1 ip route show

To verify your default gateway and routing table, use the ip route show command:

$ ip route show default via 192.168.1.1 dev eth0 proto dhcp src 192.168.1.10 metric 100 192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.10 metric 100        

Key fields:

• default via 192.168.1.1 dev eth0: All traffic for networks not in the routing table will be sent to 192.168.1.1 through eth0.
• 192.168.1.0/24 dev eth0: Local subnet route.

3.2 Adding a Static Route

You can add a static route using ip route add. For example, if you want traffic to 10.10.10.0/24 to go through 192.168.50.1 on interface eth1:

$ sudo ip route add 10.10.10.0/24 via 192.168.50.1 dev eth1        

4. Basic Connectivity Testing

4.1 ping

ping uses ICMP Echo Request packets to test if a host is reachable and to measure network latency. It’s often the first line of debugging.

$ ping -c 4 google.com
PING google.com (142.250.72.174) 56(84) bytes of data.
64 bytes from iad23s58-in-f14.1e100.net (142.250.72.174): icmp_seq=1 ttl=116 time=12.8 ms
64 bytes from iad23s58-in-f14.1e100.net (142.250.72.174): icmp_seq=2 ttl=116 time=12.9 ms
64 bytes from iad23s58-in-f14.1e100.net (142.250.72.174): icmp_seq=3 ttl=116 time=13.2 ms
64 bytes from iad23s58-in-f14.1e100.net (142.250.72.174): icmp_seq=4 ttl=116 time=12.7 ms

--- google.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3001ms
rtt min/avg/max/mdev = 12.700/12.900/13.200/0.210 ms        

Flags:

• -c 4: Send 4 echo requests.
• -i 0.2: (optional) Set an interval of 0.2 seconds between pings (requires privileges).

5. Tracing the Route to a Destination

5.1 traceroute

Where ping checks basic reachability, traceroute reveals each hop taken en route to the target.

$ traceroute google.com
traceroute to google.com (142.250.72.174), 30 hops max, 60 byte packets
 1  192.168.1.1 (192.168.1.1)  1.335 ms  1.286 ms  1.256 ms
 2  10.1.2.1 (10.1.2.1)  2.312 ms  2.275 ms  2.245 ms
 3  172.16.0.45 (172.16.0.45)  6.014 ms  5.905 ms  5.832 ms
 ...
 9  iad23s58-in-f14.1e100.net (142.250.72.174)  13.056 ms  13.043 ms  12.950 ms        

Key fields:

• Hop number (e.g., 1, 2, 3).
• IP address of the router/host at each hop.
• Round-trip times in milliseconds.

5.2 mtr (My Traceroute)

mtr is an alternative to traceroute, combining ping and trace features in a single dynamic display. This is especially helpful for ongoing network performance monitoring. Install it (e.g., sudo apt-get install mtr) and run:

$ mtr google.com        

6. Verifying DNS Resolution

DNS issues are a common cause of connectivity failures. You can diagnose DNS resolution with tools like dig, nslookup, or by checking /etc/resolv.conf.

6.1 dig

$ dig google.com

; <<>> DiG 9.16.1-Ubuntu <<>> google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60506
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 10, ADDITIONAL: 0

;; ANSWER SECTION:
google.com.		299	IN	A	142.250.72.174

;; Query time: 25 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Fri Jan 17 00:29:43 UTC 2025
;; MSG SIZE  rcvd: 55        

6.2 Checking DNS Configuration

$ cat /etc/resolv.conf nameserver 8.8.8.8 nameserver 1.1.1.1 search localdomain

Be aware of systemd-based distributions (e.g., Ubuntu 20.04+) that often use systemd-resolved. In those cases, you might need to check /run/systemd/resolve/resolv.conf or use resolvectl.

7. Examining Ports and Connections

7.1 netstat and ss

netstat is a classic tool for listing open ports and active connections, but it’s deprecated on some modern distributions in favor of ss (socket statistics). Here’s how to use both:

# Using netstat
$ netstat -tulpn
Proto Recv-Q Send-Q Local Address  Foreign Address State   PID/Program name
tcp        0      0 0.0.0.0:22    0.0.0.0:*       LISTEN  1017/sshd
udp        0      0 127.0.0.1:53  0.0.0.0:*               945/dnsmasq

# Using ss
$ ss -tulpn
Netid  State   Recv-Q  Send-Q    Local Address:Port   Peer Address:Port  Process
tcp    LISTEN  0       128       0.0.0.0:22           0.0.0.0:*          users:(("sshd",pid=1017,fd=3))
udp    UNCONN  0       0         127.0.0.1:53         0.0.0.0:*          users:(("dnsmasq",pid=945,fd=4))        

Common flags:

• -t: TCP sockets
• -u: UDP sockets
• -l: Listening sockets
• -p: Show process name/PID
• -n: Don’t attempt to resolve IPs to hostnames (speeds up output)

8. Diagnosing Connectivity with nc (Netcat)

netcat (often aliased as nc) is a Swiss Army knife for TCP/UDP connectivity tests, port listening, file transfers, and more.

8.1 Simple Port Test

# Test if port 80 on example.com is open

$ nc -vz example.com 80

Connection to example.com 80 port [tcp/http] succeeded!        

8.2 On-the-Fly Server/Client

# On server (listen on TCP port 12345)
$ nc -l 12345

# On client
$ nc server_ip 12345
Hello, server!

# Server will display "Hello, server!" once connected        

This technique is great for verifying that firewalls and routing are configured correctly.

9. Checking ARP with ip neighbor

ARP (Address Resolution Protocol) maps IP addresses to MAC addresses on a local network. Linux stores this in the ARP cache, visible via ip neighbor.

$ ip neighbor show
192.168.1.1 dev eth0 lladdr b8:27:eb:99:1f:d0 REACHABLE
192.168.1.20 dev eth0 lladdr 8c:85:90:2a:12:e4 STALE        

• REACHABLE: The host responded recently.
• STALE: The entry is old but not yet invalidated.

To clear the ARP cache for a particular entry, you can remove it (though the system will repopulate it upon the next ARP request):

$ sudo ip neighbor del 192.168.1.20 dev eth0        

10. Advanced Connectivity Testing with nmap

nmap (Network Mapper) is a powerful port scanning and network exploration tool. It can discover hosts, open ports, and even identify running services and OS versions.

10.1 Basic Scan

$ nmap 192.168.1.0/24
Starting Nmap 7.80 ( https://nmap.org ) at 2025-01-17 00:35 UTC
Nmap scan report for 192.168.1.1
Host is up (0.0015s latency).
Not shown: 999 closed ports
PORT   STATE SERVICE
80/tcp open  http

Nmap scan report for 192.168.1.10
Host is up (0.0003s latency).
...        

10.2 Service and Version Detection

$ sudo nmap -sV -p 1-1000 192.168.1.10        

• -sV: Attempts to determine service/version info.
• -p 1-1000: Scans ports 1 through 1000.

Nmap can also perform OS fingerprinting with -O, vulnerability scanning with scripts (-sC or --script), and more.

11. Firewalls and Packet Filtering

11.1 iptables and nftables

On many older distributions, iptables is the default firewall utility. On newer distributions, nftables is favored. They both allow filtering, NAT, and packet manipulation at various points in the network stack.

• Check current firewall rules:

$ sudo iptables -L -n -v        

or

$ sudo nft list ruleset        

11.2 firewalld

On RHEL-based systems (CentOS, Fedora, etc.), firewalld is a dynamic firewall manager that uses either iptables or nftables as a backend.

# Check status
$ sudo systemctl status firewalld

# List open ports/services
$ sudo firewall-cmd --list-all

# Add a service/port (permanent)
$ sudo firewall-cmd --permanent --add-service=http
# Then reload
$ sudo firewall-cmd --reload        

12. Persisting Network Configurations

Many of the commands described (e.g., ip addr add, ip route add) alter the running configuration, which won’t survive a reboot unless you persist them. The method to persist changes varies by distribution:

• Debian/Ubuntu: Edit Netplan files in /etc/netplan/ (e.g., 01-netcfg.yaml) or older /etc/network/interfaces.
• RHEL/CentOS/Fedora: Edit the network scripts in /etc/sysconfig/network-scripts/ifcfg-*.
• SUSE: Use yast2 lan or edit /etc/sysconfig/network/ifcfg-*.

13. Summary and Best Practices

In this expert-level overview, you learned how to:

1. Identify and manage interfaces: Use ip link show and ip addr show to verify interface status and IP addresses.
2. Configure IP addresses: Temporarily add/remove IP addresses with ip addr add/del.
3. Inspect routing tables: Check default gateways and add static routes with ip route show/add.
4. Test connectivity: Use ping for quick ICMP checks, traceroute/mtr to follow packet paths, and nc to verify TCP/UDP ports.
5. Examine DNS resolution: Utilize dig, nslookup, or check resolv.conf for DNS troubleshooting.
6. Investigate ports and connections: Employ netstat or ss to view open ports, listening sockets, and network connections.
7. Look into ARP and neighbors: Use ip neighbor to check your ARP cache.
8. Scan networks: Use nmap for host discovery, port scanning, and OS fingerprinting.
9. Configure firewalls: Leverage iptables, nftables, or firewalld to manage access control.
10. Persist configurations: Ensure changes survive reboot by editing the relevant config files or using your distribution’s network configuration tools.

Armed with these commands, tips, and best practices, you’ll be able to swiftly diagnose, configure, and optimize Linux network connectivity with confidence. Happy networking!