Last modified: June 06, 2026
This article is written in: 🇺🇸
Networking is the practice of connecting computers, servers, phones, routers, printers, and other devices so they can communicate and exchange data.
A network can be very small, such as two computers connected together, or very large, such as the internet. Most modern systems depend on networking in some way, whether for browsing websites, logging into remote servers, downloading software, sharing files, using cloud services, or communicating between applications.
At a basic level, networking answers questions like:
google.com become IP addresses?To understand networking, it is important to know the basic terms: network interfaces, MAC addresses, IP addresses, DHCP, DNS, routes, gateways, and common diagnostic commands.
A network interface is the point where a computer connects to a network.
It may be a physical device, such as an Ethernet card or wireless card, or a virtual interface created by software.
A computer can have more than one network interface. For example, a laptop may have Wi-Fi, Ethernet, loopback, VPN, and virtual machine interfaces.
+--------------------------------------------------------+
| COMPUTER SYSTEM |
| |
| +------------------------------------------------+ |
| | OPERATING SYSTEM | |
| | | |
| | +--------------+ +--------------+ | |
| | | APPLICATION | <-> | APPLICATION | | |
| | +--------------+ +--------------+ | |
| | ... | |
| | +----------------------------------------+ | |
| | | NETWORK STACK | | |
| | +----------------------------------------+ | |
| +------------------------------------------------+ |
| | | |
| +-------+-------+ +-------+-------+ |
| | NETWORK CARD | | WIRELESS CARD | |
| +---------------+ +---------------+ |
| |
+--------------------------------------------------------+The operating system uses network interfaces to send and receive data.
Each interface usually has:
UP or DOWNCommon interface names include:
| Interface | Description |
lo |
Loopback interface |
eth0 |
Traditional Ethernet interface name |
ens33 |
Modern predictable Ethernet interface name |
wlan0 |
Wireless interface name |
docker0 |
Docker bridge interface |
tun0 |
VPN tunnel interface |
The loopback interface is used for internal communication inside the same machine.
It is usually named:
loIts IPv4 address is usually:
127.0.0.1This address is also called localhost.
For example, if a web server is running on your own computer, you may be able to access it with:
http://127.0.0.1or:
http://localhostThe loopback interface is not used to communicate with other devices. It is only for communication within the same system.
A simple way to think about it is:
127.0.0.1 = this computer talking to itselfAn Ethernet interface connects a device to a wired network.
A wireless interface connects a device to a Wi-Fi network.
Examples:
| Interface | Description |
eth0 |
Older Ethernet naming style |
ens33 |
Common Ethernet name on virtual machines |
wlan0 |
Common wireless interface name |
To see network interfaces on Linux, use:
ip link showExample output:
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
link/ether 00:11:22:33:44:55 brd ff:ff:ff:ff:ff:ffThe important parts are:
| Field | Description |
| eth0 | Interface name |
| UP | Interface is enabled |
| LOWER_UP | Physical link is detected |
| mtu 1500 | Maximum transmission unit |
| link/ether | MAC address follows |
| 00:11:22:33:44:55 | MAC address |
If an interface is DOWN, it may be disabled or disconnected.
A MAC address is a hardware identifier assigned to a network interface.
MAC stands for Media Access Control.
It is used mainly for communication inside a local network. Devices on the same local network use MAC addresses to deliver frames to the correct network card.
A typical MAC address looks like this:
aa:bb:cc:dd:ee:ffIt is made of six pairs of hexadecimal digits.
+-----------------------------------------+
| Manufacturer ID | Device Identifier |
+-----------------------------------------+
xx:xx:xx : xx:xx:xxThe first part often identifies the manufacturer or vendor. The second part identifies the individual device or adapter.
To view MAC addresses on Linux:
ip link showExample:
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
link/ether 00:11:22:33:44:55 brd ff:ff:ff:ff:ff:ffHere, the MAC address is:
00:11:22:33:44:55MAC addresses are used on the local network. IP addresses are used for routing traffic between networks.
A useful comparison is:
MAC address = local delivery identity
IP address = network location identityAn IP address identifies a device on an IP network.
IP stands for Internet Protocol.
IP addresses allow devices to find and communicate with each other across local networks and the internet.
There are two main versions:
IPv4 example: 192.168.1.10
IPv6 example: 2001:db8::10These notes focus mostly on IPv4.
An IPv4 address is made of four numbers separated by dots. Each number ranges from 0 to 255.
Example:
192.168.1.10IPv4 Address: 192.168.1.10
+-----+-----+-----+-----+
| 192 | 168 | 1 | 10 |
+-----+-----+-----+-----+
| | | |
| | | +--- Host part, often identifying a device
| | +---------- Subnet portion
| +---------------- Private address space
+---------------------- Network portionThe exact network and host portions depend on the subnet mask or prefix length.
For example:
192.168.1.10/24means the first 24 bits identify the network.
In everyday terms:
192.168.1.0/24 is the network
192.168.1.10 is one device on that networkTo show IPv4 addresses on Linux:
ip -4 address showExample output:
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
inet 192.168.1.10/24 brd 192.168.1.255 scope global dynamic eth0The important part is:
inet 192.168.1.10/24This means the interface has the IPv4 address:
192.168.1.10with prefix length:
24The word dynamic often means the address was assigned using DHCP.
Private IP addresses are used inside local networks.
They are not routed directly on the public internet.
Common private IPv4 ranges are:
10.0.0.0 to 10.255.255.255
172.16.0.0 to 172.31.255.255
192.168.0.0 to 192.168.255.255+---------------------------------+
| Private IP Address |
+---------------------------------+
| |
+------|---------++-----------------++---|-------------+
| 10.x.x.x || 172.16.x.x || 192.168.x.x |
| to || to || to |
| 10.255.255.255 || 172.31.255.255 || 192.168.255.255 |
+----------------++-----------------++-----------------+
| | |
| | +---- Common in home networks
| |
| +---------------------- Common in medium/large networks
|
+--------------------------------------------- Large private address spaceExamples of private IP addresses:
192.168.1.20
10.0.0.15
172.16.5.100Private addresses are commonly used by homes, schools, companies, virtual machines, containers, and cloud private networks.
Because private IP addresses are not directly reachable from the internet, routers usually use NAT to allow private devices to access public websites.
A public IP address identifies a network or device on the public internet.
Your home router usually has a public IP address assigned by your Internet Service Provider.
Devices inside your home usually have private IP addresses, such as:
192.168.1.2
192.168.1.3
192.168.1.4When those devices access the internet, the router translates their private addresses to the public address.
Internet
+----------------+
| |
| WWW / Cloud |
| |
+--------+-------+
|
| Public IP
| e.g. 203.0.113.10
|
+--------+-------+
| Router |
- - - - +--------+-------+ - - - - -
/ | \
/ | \
Private IP Private IP Private IP
192.168.1.2 192.168.1.3 192.168.1.4
Device A Device B Device CTo check your public IP from the command line, you can use an external service:
curl ifconfig.meor:
curl icanhazip.comExample output:
203.0.113.10Public IP addresses are visible on the internet, so systems using them should be protected with firewalls, secure configurations, and regular updates.
DHCP stands for Dynamic Host Configuration Protocol.
It automatically assigns network settings to devices.
Without DHCP, every device would need to be configured manually with:
That would be slow and error-prone, especially on large networks.
With DHCP, a device can join the network and automatically receive the settings it needs.
Device joins network
|
v
Asks for network settings
|
v
DHCP server replies with IP configuration
|
v
Device can communicate on the networkThe DHCP process usually has four main steps.
Device (DHCP Client) DHCP Server
| |
| 1. DHCPDISCOVER |
|--------------------------------->|
| |
| 2. DHCPOFFER |
|<---------------------------------|
| |
| 3. DHCPREQUEST |
|--------------------------------->|
| |
| 4. DHCPACK |
|<---------------------------------|
| |The steps are:
The assigned IP address is called a lease because it is usually temporary. The device can renew the lease before it expires.
DHCP is useful because it:
DHCP is especially helpful in networks where devices frequently join and leave.
Some devices need a stable IP address.
Examples include:
There are two common ways to give a device a consistent IP address.
A static IP address is manually configured on the device.
A DHCP reservation is configured on the DHCP server. The server always gives the same IP address to a device based on its MAC address.
A good rule is:
Use DHCP for normal client devices.
Use static IPs or DHCP reservations for infrastructure devices.Linux provides many commands for checking, configuring, and troubleshooting networks.
Some older commands are still common, but modern Linux systems usually prefer the ip command.
ifconfigThe ifconfig command was historically used to show and configure network interfaces.
Example:
ifconfigTo show a specific interface:
ifconfig eth0However, ifconfig is considered deprecated on many modern Linux distributions. The modern replacement is usually ip.
ipThe ip command is the modern Linux tool for viewing and managing network configuration.
Show IP addresses:
ip addr showShow only IPv4 addresses:
ip -4 addr showShow interfaces and MAC addresses:
ip link showShow interface statistics:
ip -s linkShow routes:
ip route showShow IPv6 routes:
ip -6 route showThe ip command replaces many older tools, including parts of ifconfig, route, and netstat.
pingThe ping command tests whether another host is reachable.
It sends ICMP echo request packets and waits for replies.
Example:
ping google.comTo send only five packets:
ping -c 5 google.comExample output includes round-trip time:
64 bytes from 142.250.185.206: icmp_seq=1 ttl=116 time=12.4 ms
64 bytes from 142.250.185.206: icmp_seq=2 ttl=116 time=11.9 msImportant values:
| Field | Description |
| time | Round-trip latency |
| ttl | Time to live |
| packet loss | Percentage of packets that did not return |
Low and consistent response times usually indicate a healthy connection.
High latency, packet loss, or no replies may indicate a network issue.
On Linux, to stop after a specific time limit, use -w:
ping -w 5 google.comThis runs for about five seconds.
To stop a continuous ping manually, press:
Ctrl + Cnetstat and ssThe netstat command shows network connections, listening ports, and network statistics.
Examples:
netstat -anetstat -lHowever, netstat is also considered older on many Linux systems.
The modern replacement is usually ss.
Show listening TCP and UDP ports:
ss -tulnShow established connections:
ss -tunA useful comparison:
netstat = older tool
ss = newer, faster replacementtracerouteThe traceroute command shows the path packets take to reach a remote host.
Example:
traceroute google.comIt displays each router, or hop, along the path.
Example:
1 192.168.1.1 1.1 ms
2 10.10.0.1 8.4 ms
3 203.0.113.1 14.2 ms
4 ...This is useful when troubleshooting slow or broken connections.
To avoid DNS lookups and show only IP addresses:
traceroute -n google.comTo set the maximum number of hops:
traceroute -m 30 google.comSome systems may use tracepath instead:
tracepath google.comrouteThe route command displays or modifies the routing table.
Example:
route -nThe -n option shows numeric IP addresses instead of trying to resolve names.
However, route is older. The modern command is:
ip routeA route tells the system where to send packets.
Example route:
default via 192.168.1.1 dev eth0This means:
If there is no more specific route, send traffic to 192.168.1.1 through eth0.The default gateway is the router your device uses to reach other networks.
If your computer wants to contact another device on the same local network, it can usually send traffic directly.
If your computer wants to contact a device outside the local network, such as a website on the internet, it sends the traffic to the default gateway.
+----------------+ +---------------+ +---------------------+
| Local Device A | | Local Network | | External Network / |
| 192.168.1.2 |-----| 192.168.1.0/24|-----| Internet |
+----------------+ | | +---------------------+
| Gateway: |
+----------------+ | 192.168.1.1 |
| Local Device B |-----| |
| 192.168.1.3 | +---------------+
+----------------+The default gateway is usually your router.
To show the default gateway on Linux:
ip route show defaultExample output:
default via 192.168.1.1 dev eth0The default gateway is:
192.168.1.1To extract only the gateway IP:
ip route show default | awk '{print $3}'The modern way to add a default gateway is:
sudo ip route add default via 192.168.1.254To remove the default route:
sudo ip route del defaultThe older route command can also do this:
sudo route add default gw 192.168.1.254and:
sudo route del defaultManual route changes made this way are usually temporary. They may disappear after a reboot or network restart unless configured persistently through NetworkManager, systemd-networkd, netplan, or distribution-specific network files.
NetworkManager is a Linux service that manages network connections.
It is common on desktop Linux systems and many servers.
It can manage:
NetworkManager has command-line, text-based, and graphical tools.
+------------+ +-------------+ +------------+
| | | | | |
| User Tools |<---->| Network |<---->| Network |
| nmcli, | | Manager | | Interfaces |
| nmtui, GUI | | Daemon | | eth0,wlan0 |
| | | | | |
+------------+ +------^------+ +------------+
|
v
+---------+
| D-Bus |
+----^----+
|
v
+------------+
| System |
| Services |
| DNS, DHCP, |
| VPN, etc. |
+------------+nmcli CommandsCheck whether NetworkManager is running:
nmcli -t -f RUNNING generalShow saved connection profiles:
nmcli con showShow device status:
nmcli dev statusReload connection profiles after changes:
nmcli con reloadBring a connection up:
nmcli con up eth0Bring a connection down:
nmcli con down eth0nmcliA static IP is useful for devices that should keep the same address, such as servers.
Example:
sudo nmcli con add \
con-name eth0 \
type ethernet \
ifname eth0 \
ipv4.method manual \
ipv4.addresses 192.168.1.10/24 \
ipv4.gateway 192.168.1.1 \
ipv4.dns "8.8.8.8 8.8.4.4"This creates a connection profile named eth0.
The settings mean:
192.168.1.10/24 static IP address and network prefix
192.168.1.1 default gateway
8.8.8.8 8.8.4.4 DNS serversThen activate it:
sudo nmcli con up eth0nmcliFor automatic IP assignment with DHCP:
sudo nmcli con add \
con-name eth0 \
type ethernet \
ifname eth0 \
ipv4.method autoThen activate it:
sudo nmcli con up eth0DHCP is usually best for laptops, desktops, and devices that do not need a fixed address.
nmtuinmtui is the NetworkManager text user interface.
It provides a menu-based interface in the terminal.
Start it with:
nmtuiIt can be used to:
nmtui is helpful when you do not have a graphical desktop but want something easier than long nmcli commands.
After changing network settings, you may need to restart NetworkManager:
sudo systemctl restart NetworkManagerBe careful when restarting networking on a remote server, because a mistake can disconnect your SSH session.
DNS stands for Domain Name System.
DNS translates human-readable names into IP addresses.
For example:
www.example.com ---> 93.184.216.34DNS is often described as the phonebook of the internet.
Humans prefer names. Computers communicate using IP addresses.
You type:
www.example.com
DNS finds:
93.184.216.34
Your computer connects to:
93.184.216.34A simplified DNS lookup looks like this:
User's Device DNS Resolver Root / TLD / Authoritative DNS
| | |
| 1. Request | |
| "www.example.com" | |
|--------------------------->| |
| | 2. Ask DNS hierarchy |
| |----------------------------> |
| | |
| | 3. Receive answer |
| |<---------------------------- |
| | |
| 4. Return IP address | |
|<---------------------------| |
| | |Before asking DNS servers, a Linux system may check local files first.
A common order is:
/etc/hostsThe /etc/hosts file can manually map names to IP addresses.
Example:
127.0.0.1 localhost
192.168.1.50 myserver.localIf this file contains a matching entry, the system may use it before asking DNS.
This is useful for small local mappings or testing.
/etc/resolv.confThe /etc/resolv.conf file often shows which DNS servers are configured.
Example:
nameserver 8.8.8.8
nameserver 8.8.4.4However, on many modern Linux systems, this file may be automatically managed by NetworkManager or systemd-resolved. Manual edits may be overwritten.
To check DNS settings on systems using systemd-resolved:
resolvectl statusDNS settings can be changed using NetworkManager tools.
With nmtui:
With nmcli, you can set DNS servers like this:
sudo nmcli con mod eth0 ipv4.dns "8.8.8.8 8.8.4.4"
sudo nmcli con mod eth0 ipv4.ignore-auto-dns yes
sudo nmcli con up eth0This sets custom DNS servers and tells NetworkManager not to use DNS servers received from DHCP.
DNS problems often look like this:
You can ping an IP address,
but you cannot reach a domain name.For example:
ping 8.8.8.8works, but:
ping google.comfails.
That suggests the network may be working, but name resolution is broken.
Useful DNS tools include:
dig example.comnslookup example.comhost example.comdig gives detailed DNS information.
nslookup is widely available and simple.
host is quick and easy for basic lookups.
Example:
dig www.example.comA successful answer will include an IP address in the answer section.
Packet analysis means capturing and inspecting network traffic.
It is useful for:
+-----------------------+
| Internet |
+-----------------------+
|
v
+--------------+ +-------+-------+ +---------------+
| Source | ====> | Packet River | ====> | Destination |
| Device | <==== | | <==== | Device |
+--------------+ +-------+-------+ +---------------+
^
|
[Packet Analysis Tool]
/ | \
/ | \
Source Data Destination
Address AddressPacket analysis should be done responsibly. Only capture traffic on networks and systems where you have permission.
tcpdumptcpdump is a command-line packet capture tool.
To capture packets on interface eth0 and save them to a file:
sudo tcpdump -i eth0 -w traffic.pcapExplanation:
-i eth0 capture on interface eth0
-w traffic.pcap write captured packets to a fileTo capture only 10 packets:
sudo tcpdump -i eth0 -c 10To save 10 packets to a file:
sudo tcpdump -i eth0 -c 10 -w traffic.pcapTo capture traffic for port 80:
sudo tcpdump -i eth0 port 80To capture DNS traffic:
sudo tcpdump -i eth0 port 53To capture ICMP traffic, such as ping:
sudo tcpdump -i eth0 icmpTo read a saved capture:
tcpdump -r traffic.pcapA .pcap file can also be opened in Wireshark for graphical analysis.
IP forwarding allows a Linux system to forward packets between networks.
When IP forwarding is enabled, the system can act like a router.
+-------------+ +------------+ +-------------+
| Network A | | | | Network B |
| 192.168.1.0 |-------| IP |-------| 10.0.1.0 |
| /24 | | Forwarding | | /24 |
+-------------+ | Device | +-------------+
| Router |
+-------------+ | | +-------------+
| Network C |-------| |-------| Network D |
| 10.0.2.0 | +------------+ | 172.16.1.0 |
| /24 | | /24 |
+-------------+ +-------------+This is useful for:
To check IPv4 forwarding:
cat /proc/sys/net/ipv4/ip_forwardOutput:
0means forwarding is disabled.
Output:
1means forwarding is enabled.
To enable IPv4 forwarding temporarily:
sudo sysctl -w net.ipv4.ip_forward=1To enable IPv6 forwarding temporarily:
sudo sysctl -w net.ipv6.conf.all.forwarding=1Temporary changes may be lost after reboot.
Edit:
/etc/sysctl.confAdd:
net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1Apply the changes:
sudo sysctl -p /etc/sysctl.confEnable IP forwarding carefully. A forwarding system may expose traffic between networks, so firewall rules and routing rules should be configured properly.
Network troubleshooting works best when done step by step.
A useful order is:
Use:
ip linkLook for the interface state.
Example problem:
2: eth0: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN mode DEFAULT group default qlen 1000The key part is:
state DOWNThis means the interface is not active.
To bring it up:
sudo ip link set eth0 upIf it still does not work, check cables, Wi-Fi connection, virtual machine settings, or NetworkManager.
Use:
ip -4 addressA normal private address might look like:
inet 192.168.1.10/24A suspicious address may look like:
inet 169.254.x.x/16An address in the 169.254.x.x range often means the device did not receive an address from DHCP and assigned itself a link-local address.
This usually indicates:
Use:
ip routeA normal route may look like:
default via 192.168.1.1 dev eth0
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.10The default route is important because it tells the system how to reach external networks.
If there is no default route, the system may reach local devices but not the internet.
Start local, then move outward.
Test loopback:
ping -c 3 127.0.0.1Test your own IP:
ping -c 3 192.168.1.10Test the default gateway:
ping -c 3 192.168.1.1Test a public IP:
ping -c 3 8.8.8.8Test DNS:
ping -c 3 google.comThe results help narrow down the problem.
If 127.0.0.1 fails:
local network stack problem
If gateway fails:
local network or router problem
If 8.8.8.8 works but google.com fails:
DNS problem
If gateway works but internet IP fails:
routing, firewall, or ISP problemCheck configured DNS:
cat /etc/resolv.confor:
resolvectl statusTest DNS lookup:
dig google.comor:
host google.comIf DNS fails, try a known DNS server:
dig @8.8.8.8 google.comIf that works, your configured DNS resolver may be wrong or unreachable.
Firewalls may block traffic.
On Linux systems using iptables:
sudo iptables -L -n -vOn systems using nftables:
sudo nft list rulesetOn systems using firewalld:
sudo firewall-cmd --list-allLook for rules that block required ports or protocols.
For example, if SSH is not reachable, check whether port 22 is allowed.
To see which services are listening:
ss -tulnExample output:
Netid State Local Address:Port
tcp LISTEN 0.0.0.0:22
tcp LISTEN 127.0.0.1:5432
tcp LISTEN 0.0.0.0:80This means:
port 22 is listening on all IPv4 interfaces
port 5432 is listening only on localhost
port 80 is listening on all IPv4 interfacesIf a service is only listening on 127.0.0.1, remote devices cannot connect to it.
If the issue is still unclear, use tcpdump.
Example:
sudo tcpdump -i eth0Capture only traffic to or from a host:
sudo tcpdump -i eth0 host 192.168.1.20Capture traffic on a port:
sudo tcpdump -i eth0 port 443Packet capture can answer questions like:
Not every network problem is caused by software.
Common physical issues include:
Always check the simple things early.
Sometimes a service restart can fix temporary network problems.
For NetworkManager:
sudo systemctl restart NetworkManagerFor older Debian-style networking:
sudo systemctl restart networkingBe careful when doing this over SSH. Restarting networking can disconnect you from the remote machine.
Symptoms:
ip address is missing
or address is 169.254.x.xCheck:
ip link
ip -4 address
nmcli dev statusPossible causes:
Symptoms:
ping 192.168.1.1 works
ping 8.8.8.8 failsCheck:
ip route
traceroute 8.8.8.8Possible causes:
router has no internet
wrong default gateway
firewall blocking traffic
ISP issueSymptoms:
ping 8.8.8.8 works
ping google.com failsCheck:
cat /etc/resolv.conf
resolvectl status
dig google.com
dig @8.8.8.8 google.comLikely cause:
DNS problemSymptoms:
service works locally
remote clients cannot connectCheck:
ss -tuln
sudo firewall-cmd --list-all
sudo iptables -L -n -vPossible causes:
127.0.0.1ip addr, ip link, and ip route to inspect a system’s network configuration. Identify the interface name, IP address, MAC address, and default gateway.nmtui or nmcli. Test DNS resolution with dig, host, or nslookup.tcpdump to capture packets on a network interface. Save the capture to a .pcap file and inspect it with tcpdump or Wireshark.traceroute or tracepath to map the route to a remote host. Identify where latency increases.ss -tuln.ss, netstat, or firewall tools to identify listening services and open ports. Explain how this helps with security and troubleshooting.