Networking

Utilities

ip – show / manipulate routing, network devices, interfaces and tunnels

ip link
ip link set dev enp6s0 up

ip address – protocol address management

The ip addr command displays addresses and their properties, adds new addresses and deletes old ones.

ip address show
ip address add dev enp6s0 10.4.0.2/24
ip a del 10.53.4.50/24 dev eno1.4

ip neighbour – neighbour/arp tables management

ip neighbour show

ip route – routing table management

ip route show
ip route get 192.168.0.70
ip route add 10.8.53.0/24 via 192.168.53.10 dev p2p1

Task: Add a vlan interface and an IP

ip link add link eno1 name eno1.400 type vlan id 400
ip addr add 192.168.10.100/24 brd 192.168.10.255 dev eno1.400
ip link set dev eno1.400 up

route – show / manipulate the IP routing table

Add or remove a route:

route add -net 192.168.108.0 netmask 255.255.252.0 gw 192.168.0.187
route del -net 192.168.108.0 netmask 255.255.252.0

arp – manipulate the system ARP cache

Display current ARP cache:

arp -a

find the MAC address of a host:

$ arp myhost
Address                  HWtype  HWaddress           Flags Mask            Iface
myhost                   ether   15:1e:18:20:51:1e   C                     eno1

arp-scan – The ARP scanner

arp-scan 192.168.2.0/24

netstat

Print network connections, routing tables, interface statistics, masquerade connections, and multicast memberships

Print all listening process:

netstat --tcp --udp --listening --program --numeric | grep LISTEN
netstat -tulpn | grep LISTEN
  • -t – Show TCP ports.
  • -u – Show UDP ports.
  • -n – Show numerical addresses instead of resolving hosts.
  • -l – Show only listening ports.
  • -p – Show the PID and name of the listener’s process. This information is shown only if you run the command as root or sudo user.

Print routing table:

$ netstat -rn
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         192.168.0.1     0.0.0.0         UG        0 0          0 enp6s0
192.168.0.0     0.0.0.0         255.255.255.0   U         0 0          0 enp6s0

ss – another utility to investigate sockets

-l, –listeningDisplay only listening sockets (these are omitted by default).
-n, –numericDo not try to resolve service names. Show exact bandwidth values, instead of human-readable.
-p, –processesShow process using socket.
-t, –tcpDisplay TCP sockets.
-u, –udpDisplay UDP sockets.
ss -lnptu
watch -d -n 0.5 ss -tulpn

sudo might be needed to show which processes are listening (?).

lsof – list open files

  • -i [i] selects the listing of files any of whose Internet address matches the address specified in i. If no address is specified, this option selects the listing of all Internet and x.25 (HP-UX) network files.
# lsof -i
# lsof -nP -iTCP -sTCP:LISTEN

NetworkManager

NetworkManager is a daemon that sits on top of libudev and other Linux kernel interfaces (and a couple of other daemons) and provides a high-level interface for the configuration of the network interfaces.

NetworkManager will only handle interfaces not declared in /etc/network/interfaces.

NetworkManager keeps connection information on known individual networks in configuration files called profiles. Those are stored at /etc/NetworkManager/system-connections/.

nmcli – command-line tool for controlling NetworkManager

nmcli
nmcli device show
nmcli connection show
nmcli connection up vlan0004_DHCP
nmcli connection down vlan0004_DHCP

General

nmcli general status

Connection

  • add
  • clone
  • delete
  • down
  • edit
  • export
  • help
  • import
  • load
  • modify
  • monitor
  • reload
  • show
  • up
nmcli connection add type ethernet con-name LAN ifname ens18 ip4 192.168.0.100/22 gw4 192.168.0.3 ipv4.dns 192.168.0.70 ipv4.dns-search om.local
nmcli connection add type vlan con-name WAN vlan.parent ens18 vlan.id 20 ip4 192.168.100.10/24 gw4 192.168.100.1
nmcli con modify WAN vlan.id 50
nmcli con mod LAN ipv4.gateway ''
nmcli connection edit LAN

Disable ipv6

nmcli connection modify LAN ipv6.method "disabled"

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/configuring_and_managing_networking/using-networkmanager-to-disable-ipv6-for-a-specific-connection_configuring-and-managing-networking

nm-settings-nmcli – Description of settings and properties of NetworkManager connection profiles for nmcli

nmtui – Text User Interface for controlling NetworkManager

Documentation

Netplan

YAML network configuration abstraction for various backends

In the example below, we must set up routes, because there’s a chance the system choose the wrong eth as default gateway…

/etc/netplan#$ more 00-installer-config.yaml 
# This is the network config written by 'subiquity'
network:
  version: 2
  ethernets:
    enp1s0:
      addresses:
        - 192.168.122.2/24
      gateway4: 192.168.122.1
      nameservers:
        addresses: [192.168.122.1,8.8.8.8]
    enp6s0:
      addresses:
        - 10.4.0.2/24
#      gateway4: 10.4.0.1
      routes:
        - to: 0.0.0.0/0  
          via: 192.168.122.1
          metric: 100
        - to: 10.4.0.0/24
          via: 10.4.0.1
          metric: 50
# This is the network config written by 'subiquity'
network:
  ethernets:
    ens18:
      dhcp4: true
  version: 2

Alternatively, one can simply skip the gateway setting if the network is to be isolated anyway:

network:
  version: 2
  ethernets:
    enp1s0:
      addresses:
        - 192.168.122.2/24
      gateway4: 192.168.122.1
      nameservers:
        addresses: [192.168.122.1,8.8.8.8]
    enp6s0:
      addresses:
        - 10.4.0.2/24

Once the YAML file is good:

netplan apply

or:

netplan try

Documentation: https://netplan.io/reference

/etc/network/interfaces

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
    address 192.168.0.70
    netmask 255.255.255.0
    gateway 192.168.0.1
    dns-nameservers 192.168.0.1 192.168.0.2
    dns-search contoso.com