In any network, devices communicate based on a unique entity known as IP Address. When communicating with each other, the default gateway routes packets from local network to external network. However, if the communication happens within same network or subnet, default gateway is not necessary, lets understand in detail.
IPv4 VS IPv6
For any communication to happen over a network, the source IP and destination IP addresses are mandatory.
- IPv4: This is a 32-bit structure, split into four 8-bit segments. Each segment ranges from 0-255, Here is an example:
192.168.1.1
The IP packet consists of a header and payload, where the header contains critical information for routing and delivery. Key elements include: the source IP address (indicating the sender) and destination IP address (indicating the recipient), which are essential for communication. Other important fields are the protocol (to identify transport layer protocols), payload length (for data size), and TTL (to prevent endless circulation).
IPv6: It consists of 128-bit and are represented as eight groups of four hexadecimal digits, separated by colons Here is an example:
2001:0db8:85a3:0000:0000:8a2e:0370:7334
Advantages: Offers virtually unlimited address space, enhanced security features, and improved routing efficiency.
Private VS Public IP
- Private: Addresses that are used within a private network and those are not routable on the internet. They are defined by the following ranges: Class A: 10.0.0.0 to 10.255.255.255 Class B: 172.16.0.0 to 172.31.255.255 Class C: 192.168.0.0 to 192.168.255.255
Ideal for LAN's where devices do not require a direct connection to the internet.
- Public: Addresses that are routable on the internet and are assigned by the ISP (Internet service provider).
Subnet Masks
A Subnet mask is crucial part of IP Networking, and determines how the IP addresses are divided into network and host portions.
- How it works:
A subnet mask is also a 32-bit number like IPv4, An example of subnet mask would be:
255.255.255.0
Binary representation: Each octet in the subnet mask can either by 1 (representing the network part) or 0 (representing the host part), for example subnet mask with 255.255.255.0
, the binary representation looks like: 11111111.11111111.11111111.00000000
The 1's indicate the first three octets (or the first 24 bits) are used to identify the network.
0's indicate the last octet is used to identify host addresses within the network.
- In a network with a subnet mask of
255.255.255.0
: The network portion is something like:192.168.1.0
, this means we can have addresses from192.168.1.1
to192.168.1.254
for individual devices (hosts), allowing for 254 usable addresses.
Subnetting divides the larger network into smaller sub networks, this makes the routing of data efficient. Instead of sending data to thousands of devices at once, the routers verify if the destination IP address fall within their range of subnet, If it does, then it allows. If it doesn't it will forward the packet to another router.
NAT (Net Address Translation)
This helps multiple devices on a network to share the same public IP, it's a process used by routers and firewalls to modify IP addresses information in packet headers as they pass through a network. Also, NAT acts as a basic firewall, making the devices behing the NAT not visible.
Default Gateway
It helps to route the traffic from local network to external network, acts as indermediatory between your local network and other networks, such as internet.
Example: For home networks, this is often the router assigned an IP address like 192.168.1.1
.
Networking Commands on Ubuntu:
Basic Connectivity Checks
ping: Test the connecitivty to the remote host.
ping google.com
traceroute: Traces the route packets take to destination.
traceroute google.com
nslookup/dig: Queries DNS to obtain domain name or IP address mapping.
nslookup google.com
ORdig google.com
.mtr
: My traceroute, It provides real-time data on the route the packets take from source to destination, while also measuring latency, packet loss, at each hop. This command combinestraceroute
andping
, for example:mtr meta.com
, the output you get contains the following information.
Network Configuration
ifconfig
: Displays or configures network interfaces.hostname
: Displays the system hostname
Network Interface Management
ip link show
: To display the information about network interfaces, and their status (up or down), and MAC Addresses.ip addr show
: To display IP address assigned to each network interface, useful for confirming your current IP configuration.
Routing and IP Management
ip route show
: To view the routing table, which shows how the packets are handled in a network, this command also shows your default gateway.route -n
: To display the routing table in a format that includes network destinations, gateways and interface information.
Monitoring and Debugging Network Connections
-
ss -tuln
: Socket statistics, useful to view the open/listening ports, useful for monitoring active network services, -t=TCP sockets, -u=UDP sockets, -l=LISTENING sockets, -n=DISPLAYS NUMERIC ADDRESSES AND PORTS.
It can be useful to monitor the services that are running on particular ports.
-
ip neigh show
: To display the ARP table, which maps IP addresses to MAC address, useful for troubleshooting local networks.
Firewall Management
-
ufw
: Useful for managing firewall status and to prevent the users from unauthorized access, some of the commands are: enable/disable it:sudo ufw enable
andsudo ufw disable
, andsudo ufw status
to know the status, For example,sudo ufw allow 22
, allows SSH connections, useful for remote management, By default UFW recognizes common service names.
Packet Analysis
-
tcpdump -i 'network_interface'
: For exampletcpdump -i eth0
captures packets on eth0 interface,tcpdump -i eth0 'tcp'
shows only the TCP packets.
- Host: The hostname or IP address of each hop.
- Loss%: The percentage of packet loss for each hop.
- Snt: The number of packets sent to each hop.
- Last: The latency of the last packet sent to that hop.
- Avg: The average latency over all packets sent to that hop.
- Best: The best (lowest) latency recorded.
- Wrst: The worst (highest) latency recorded.
- StDev: The standard deviation of the latency, indicating variability.
How packet analysis help troubleshooting?
Identify packet loss: high packet loss indicates network issues, which might be due to congestion, hardware problems or configuration.
Analyzing Latency: To figure out where delays are occuring on a network, this can help identify bottleneck or overloaded device.
Tracking connection errors: Errors like TCP retransmission, resets, or incomplete handshakes, which may indicate problems establishing or maintaining connections.
Unauthorized access: Can reveal unusual sources or patterns of traffic. this can help identifying security attacks, scans or unauthorized attempts.
Network Scanning and Discovery
-
nmap google.com
: Network-mapper, useful for network exploration, management and security. It helps us to discover hosts, scan ports, service version detection, OS detection, network mapping and more. For example,nmap google.com
ORnmap <destination_ip>
will perform default scan on the hosts,-p
option helps us scan specific ports-sV
helps in service version detection, -o helps in OS detection. It is useful to gather critical information about the network and also used in penetration testing, to know more about nmap runman nmap
.
Conclusion
This beginners guide covers most of the necessary concepts and command for networking, feel free to experiment it on your own and undestand each of the low-level details one by one.
Thanks for reading, Any Suggestions or feedback would be highly appreciated!
Top comments (0)