Skip to main content

🌐 Lesson 7.1: Networking Commands

Your Linux machine is always talking to the network. Let's learn to listen in and ask the right questions.

🎯 Learning Objectives

  • View your IP address and network interfaces with ip
  • Test connectivity with ping and trace routes with traceroute
  • Look up DNS information with nslookup and dig
  • Inspect open ports and connections with ss
  • Download files with curl and wget
  • Manage connections with nmcli

Estimated Time: 40 minutes

📑 In This Lesson

Your IP Address and Interfaces

The ip command is the modern Swiss army knife for network configuration on Linux. It replaced the older ifconfig command (which you'll still see in tutorials, but is deprecated on Ubuntu).

# Show all network interfaces and their IP addresses
ip addr show
# Short form:
ip a

# Show only IPv4 addresses (cleaner output)
ip -4 addr show

# Show a specific interface
ip addr show enp0s3

# Show only interfaces that are UP
ip link show up

# Show your routing table (how traffic finds its way)
ip route show
# Short form:
ip r

Example ip addr Output (Simplified)

1: lo: <LOOPBACK,UP> mtu 65536
    inet 127.0.0.1/8 scope host lo
2: enp0s3: <BROADCAST,MULTICAST,UP> mtu 1500
    inet 192.168.1.42/24 brd 192.168.1.255 scope global dynamic enp0s3

Key things to spot:

  • lo — the loopback interface (127.0.0.1, a.k.a. "localhost"). Every Linux box has one; it's how the machine talks to itself.
  • enp0s3 (or eth0, ens33, wlp2s0) — your real network interface. The name varies by hardware.
  • inet 192.168.1.42/24 — your private IP address and subnet mask
graph LR A["Your Machine
192.168.1.42"] -->|"enp0s3"| B["Router / Gateway
192.168.1.1"] B --> C["Internet"] A -->|"lo"| A style A fill:#3b82f6,stroke:#2563eb,color:#fff style B fill:#6366f1,stroke:#4338ca,color:#fff style C fill:#22c55e,stroke:#166534,color:#fff 
# Find your public IP (the one the internet sees)
curl -s ifconfig.me
# or
curl -s icanhazip.com

# Show your hostname
hostname
hostname -I     # Just the IP addresses

💡 Private vs Public IP

ip addr shows your private IP (like 192.168.x.x or 10.x.x.x) — the address your router assigned you on the local network. Your public IP is the address the outside world sees, shared by all devices behind your router via NAT.

🐧 Distro Note

The ip command works identically across Ubuntu, Fedora, Arch, and all modern distros — it's part of the iproute2 package. The old ifconfig (from net-tools) is no longer installed by default on many distros.

Testing Connectivity: ping

ping sends small packets to a host and waits for a response. It's the first tool you reach for when something "isn't connecting."

# Ping a host (runs continuously — press Ctrl+C to stop)
ping google.com

# Send exactly 4 pings and stop
ping -c 4 google.com

# Ping with a timeout (2 seconds per ping)
ping -W 2 -c 4 192.168.1.1

# Ping your own machine (sanity check)
ping -c 2 localhost

Example ping Output

PING google.com (142.250.80.46) 56(84) bytes of data.
64 bytes from lax17s61-in-f14.1e100.net: icmp_seq=1 ttl=117 time=5.23 ms
64 bytes from lax17s61-in-f14.1e100.net: icmp_seq=2 ttl=117 time=4.87 ms
64 bytes from lax17s61-in-f14.1e100.net: icmp_seq=3 ttl=117 time=5.01 ms

--- google.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 4.870/5.037/5.230/0.147 ms

What to look for:

  • time=5.23 ms — round-trip time. Under 50ms to nearby servers is good.
  • 0% packet loss — anything above 0% suggests network trouble
  • Request timed out — the host didn't respond (blocked, down, or unreachable)

⚠️ Linux ping Runs Forever

Unlike Windows (which defaults to 4 pings), Linux ping runs indefinitely until you press Ctrl+C. Use -c 4 to limit it.

Tracing the Path: traceroute

traceroute shows every router (hop) your packets travel through to reach a destination. Great for finding where a connection breaks.

# Install if not present
sudo apt install traceroute

# Trace the path to a host
traceroute google.com

# Use ICMP instead of UDP (more likely to succeed through firewalls)
traceroute -I google.com

# Faster alternative: mtr (combines ping + traceroute, live-updating)
sudo apt install mtr
mtr google.com

Example traceroute Output

traceroute to google.com (142.250.80.46), 30 hops max, 60 byte packets
 1  _gateway (192.168.1.1)  1.234 ms  1.102 ms  0.987 ms
 2  10.0.0.1 (10.0.0.1)  8.432 ms  8.219 ms  8.105 ms
 3  * * *
 4  72.14.237.69 (72.14.237.69)  5.678 ms  5.432 ms  5.321 ms
 5  lax17s61-in-f14.1e100.net (142.250.80.46)  5.123 ms  5.001 ms  4.987 ms

Each numbered line is a hop (router). Three * * * means that router didn't respond — many routers silently drop traceroute packets, so a few * lines are normal.

💡 mtr — The Better Traceroute

mtr combines ping and traceroute into a single live-updating display. It continuously pings every hop and shows packet loss and latency at each step — much more useful for diagnosing intermittent issues. Press q to quit.

DNS Lookups: nslookup and dig

DNS (Domain Name System) translates human-readable names like google.com into IP addresses. When "the internet works but websites don't load," DNS is usually the culprit.

# Simple DNS lookup
nslookup google.com

# More detailed DNS query
dig google.com

# Get just the IP (short answer)
dig +short google.com

# Reverse lookup (IP → hostname)
dig -x 142.250.80.46

# Query a specific DNS server
dig @8.8.8.8 google.com

# Check your MX (mail) records
dig google.com MX

Example dig +short Output

$ dig +short google.com
142.250.80.46
graph LR A["You type
google.com"] --> B["DNS Resolver"] B --> C["Root Server"] C --> D[".com Server"] D --> E["Google's DNS"] E -->|"142.250.80.46"| A style A fill:#3b82f6,stroke:#2563eb,color:#fff style B fill:#6366f1,stroke:#4338ca,color:#fff style C fill:#f59e0b,stroke:#d97706,color:#fff style D fill:#f59e0b,stroke:#d97706,color:#fff style E fill:#22c55e,stroke:#166534,color:#fff

🐧 nslookup vs dig

nslookup is simpler and available everywhere (including Windows). dig gives much more detail and is preferred by sysadmins. On Ubuntu, both come from the dnsutils package: sudo apt install dnsutils.

Inspecting Connections: ss

ss (socket statistics) shows what network connections your machine currently has. It replaced the older netstat command.

# Show all TCP connections
ss -t

# Show all listening ports (what services are waiting for connections)
ss -tlnp

# Break down those flags:
#   -t  TCP only
#   -l  listening sockets only
#   -n  show port numbers (not service names)
#   -p  show the process using each port

# Show all UDP sockets
ss -ulnp

# Show both TCP and UDP, listening and established
ss -tunap

# Show a summary of socket types
ss -s

Example ss -tlnp Output

State    Recv-Q  Send-Q   Local Address:Port   Peer Address:Port  Process
LISTEN   0       128      0.0.0.0:22           0.0.0.0:*          users:(("sshd",pid=892,fd=3))
LISTEN   0       511      0.0.0.0:80           0.0.0.0:*          users:(("nginx",pid=1024,fd=6))
LISTEN   0       128      127.0.0.1:5432       0.0.0.0:*          users:(("postgres",pid=1100,fd=5))

Reading the output:

  • 0.0.0.0:22 — SSH is listening on all interfaces, port 22
  • 0.0.0.0:80 — nginx (web server) on port 80
  • 127.0.0.1:5432 — PostgreSQL is listening only on localhost (not exposed to the network)

💡 Common Port Numbers

PortServiceProtocol
22SSHTCP
80HTTPTCP
443HTTPSTCP
53DNSTCP/UDP
3306MySQLTCP
5432PostgreSQLTCP
6379RedisTCP

Downloading: curl and wget

Both tools fetch content from URLs, but they have different strengths.

curl — The Flexible One

# Fetch a web page and display it
curl https://example.com

# Download a file (save with the remote filename)
curl -O https://example.com/file.tar.gz

# Save with a custom name
curl -o myfile.tar.gz https://example.com/file.tar.gz

# Follow redirects (essential — many URLs redirect)
curl -L https://example.com/download

# Show response headers
curl -I https://example.com

# Send a POST request (useful for APIs)
curl -X POST -d "name=ray" https://httpbin.org/post

# Download silently (no progress bar)
curl -sO https://example.com/file.tar.gz

wget — The Downloader

# Download a file
wget https://example.com/file.tar.gz

# Download to a specific filename
wget -O myfile.tar.gz https://example.com/file.tar.gz

# Resume an interrupted download
wget -c https://example.com/largefile.iso

# Download an entire website for offline viewing
wget --mirror --convert-links --page-requisites https://example.com

🐧 curl vs wget

curl is better for API work, scripting, and quick checks — it supports more protocols and is more flexible. wget is better for straightforward downloads, especially large files and recursive site mirroring. Most sysadmins have both installed.

NetworkManager and nmcli

Ubuntu Desktop uses NetworkManager to manage connections. You can control it from the terminal with nmcli.

# Show overall network status
nmcli general status

# List all connections (active and saved)
nmcli connection show

# List active connections only
nmcli connection show --active

# Show available Wi-Fi networks
nmcli device wifi list

# Connect to a Wi-Fi network
nmcli device wifi connect "MyNetwork" password "MyPassword"

# Show device status (which interfaces are connected)
nmcli device status

# Show detailed info for a connection
nmcli connection show "Wired connection 1"

# Bring a connection down / up
nmcli connection down "Wired connection 1"
nmcli connection up "Wired connection 1"

💡 Server vs Desktop Networking

Ubuntu Desktop uses NetworkManager. Ubuntu Server typically uses netplan with config files in /etc/netplan/. If you're managing a headless server, you'll work with netplan YAML files instead of nmcli.

Key Network Config Files

/etc/hosts — Local DNS Overrides

# View the hosts file
cat /etc/hosts
# Typical /etc/hosts
127.0.0.1       localhost
127.0.1.1       ray-desktop
# Custom entries you might add:
192.168.1.100   myserver
192.168.1.101   devbox

Entries here override DNS lookups. Handy for testing, blocking sites, or giving friendly names to local machines.

/etc/resolv.conf — DNS Server Configuration

cat /etc/resolv.conf
# This file is often auto-managed by NetworkManager or systemd-resolved
nameserver 127.0.0.53

On Ubuntu, this usually points to systemd-resolved which handles DNS caching. To see the actual upstream DNS servers:

resolvectl status

/etc/hostname — Your Machine's Name

# View hostname
cat /etc/hostname

# Change hostname (takes effect after reboot, or use hostnamectl)
sudo hostnamectl set-hostname new-hostname

⚠️ Don't Edit resolv.conf Directly

On modern Ubuntu, /etc/resolv.conf is managed by systemd-resolved. Manual edits get overwritten. Use nmcli or netplan to change DNS settings permanently.

Exercises

🏋️ Exercise 1: Know Your Network

  1. Show your IP addresses: ip -4 addr show
  2. Find your default gateway: ip route | grep default
  3. Find your public IP: curl -s ifconfig.me
  4. Check your hostname: hostname
  5. See your DNS servers: resolvectl status | grep "DNS Servers"

🏋️ Exercise 2: Test Connectivity

  1. Ping your gateway: ping -c 4 $(ip route | grep default | awk '{print $3}')
  2. Ping an external site: ping -c 4 google.com
  3. Trace the route: traceroute -I google.com
  4. Look up a domain: dig +short github.com

🏋️ Exercise 3: Inspect Ports and Download

  1. List listening ports: sudo ss -tlnp
  2. Get a connection summary: ss -s
  3. Fetch HTTP headers: curl -I https://www.ubuntu.com
  4. Download a small test file: wget -O /tmp/test.txt https://example.com

Knowledge Check

❓ Question 1

Which command shows your IP address on modern Linux?

❓ Question 2

What does ss -tlnp show?

❓ Question 3

How do you limit ping to exactly 4 packets on Linux?

❓ Question 4

Which command gives a quick, short DNS answer for a domain?

Summary

🎉 Key Takeaways

  • ip addr shows your interfaces and IPs; ip route shows your routing table
  • ping -c 4 host tests basic connectivity; look for packet loss and latency
  • traceroute and mtr show the path packets take — useful for finding where connections break
  • dig +short domain gives a quick DNS lookup; nslookup works too
  • ss -tlnp shows listening ports and their processes — essential for troubleshooting
  • curl is flexible (APIs, headers, downloads); wget excels at simple downloads
  • nmcli manages NetworkManager connections from the terminal
  • /etc/hosts lets you override DNS locally; avoid editing /etc/resolv.conf directly

🍎 On macOS

Several networking commands differ on macOS:

  • ip addr / ip route don't exist — use ifconfig and netstat -rn instead
  • ss doesn't exist — use netstat -an or lsof -i -P to see ports and connections
  • ping, traceroute, dig, nslookup, and curl all work the same
  • wget is not pre-installed — install via brew install wget
  • nmcli doesn't exist — use networksetup (e.g., networksetup -listallhardwareports, networksetup -getinfo Wi-Fi)
  • /etc/hosts works the same, but flush the DNS cache after editing: sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder
  • Install mtr via brew install mtr

🚀 What's Next?

Now that you can inspect your network, the next lesson covers SSH and the Firewall — connecting to remote machines securely and controlling what traffic gets in and out.