arvb.net

Network services and configurations

4 min read

Network configuration

Linux uses a layered approach to resolve names into IP addresses and connect to them:

LayerFileDescription
1/etc/hostsManual hostname mapping, used if DNS is unavailable for whatever reason
2/etc/resolv.confDNS server management (it no local names)
3etc/nsswitch.confControls overall lookup order

If troubleshooting DNS issues, it is possible to simply add an entry into /etc/hosts to override or bypass DNS. For instance, if we are trying to reach myserver.local and it is not responding, we could add the following:

192.168.1.200 myserver.local

Here we are telling the system to manually associated myserver.local with the 192.168.1.200 IP address, thus bypassing the need for DNS name resolution (since the system checks this file prior to attempting a DNS query).

When resolving names not listed in /etc/hosts, Linux will use the DNS servers listed in /etc/resolv.conf. The file is structured with nameserver <IP address>. If we can ping addresses but not reach them by name, this file is worth checking:

nameserver 212.91.97.3
nameserver 212.91.97.4

The /etc/nsswitch.conf controls the order in which the system will try different name resoluion methods and other data such as users or groups. For networking, it decides whether the system should look in /etc/hosts first or not (first by default). For example, the following line in the file means to check the hosts file first and then DNS:

hosts: files dns

NetworkManager

NetworkManager is a service in Linux that manages all network connections. It can be managed with nmcli or via the connection profiles stored in .nmconnection files located in /etc/NetworkManager/system-connections/.

Netplan

netplan is a tool used to configure and manage network settings. It uses YAML files to create configuration files and applies them through a backend rendered like NetworkManager or systemd-networkd.

IP x

ip a is used to view and manager the system network interfaces.

ip l shows link status, MAC address, MTU size, etc.

ip r displays the routing table

Network config tools

hostname is used to view or set the system name. Commands include hostnamectl set-hostname

arp is used to see the Address Resolution Protocol table. Common flags include -a (all ARP entries), -d (delete an entry), -s (set a static entry).

ethtool can be used to see driver info, to see stats, self-tests, set speed, etc. ethtool -S <interface> will give us statistics about the specified interface.

Network connectivity

ping/ping6 is a simply ping command to check roundtrip time statistics.

traceroute sends packets with incremental TTL values to see all the steps a request packet takes to reach a destination. An alternative is tracepath, which does not require root access and also detects MTU size issues using UDP packets.

mtr is a real-time tool that combines ping and traceroute functionality, displaying continous stats got each hop.

iperf3 measures network bandwidth by creating a client server and using TCP/UDP instead of ICMP.

Traffic analysis

ss is used to see the sockets being used by Linux. For example, we can use ss -lnt src :22 to see all the socket connections that are listening on port 22.

nc is used to talk or impersonate services. We can use nc -vz -w2 <ip_address> <port> , for example.

Note

We can use nc to transfer files between machines. For example, we can set up a listening device with nc -lvnp <port number> on a machine (listen, verbose,numeric only, portnumber), and then do nc -vn <ip_address> <port number> on a separate machine to send a file.

tcpdump is used to see packages sent through the network.

nmap is a reconnaissance tool.

DNS tools

nslookup arvb.net 8.8.8.8 is used to do a quick DNS check. The results might look as follows:

Server:         8.8.8.8
Address:        8.8.8.8#53
 
Non-authoritative answer:
Name:   arvb.net
Address: 188.114.96.7
Name:   arvb.net
Address: 188.114.97.7
Name:   arvb.net
Address: 2a06:98c1:3121::7
Name:   arvb.net
Address: 2a06:98c1:3120::7

dig is when we want the full anatomy of a DNS exchange. For example, dig @1.1.1.1 arvb.net MX +noall +answer +stats asks Cloudflare for the MX records of arvb.net:

arvb.net.               300     IN      MX      10 in1-smtp.messagingengine.com.
arvb.net.               300     IN      MX      20 in2-smtp.messagingengine.com.
;; Query time: 20 msec
;; SERVER: 1.1.1.1#53(1.1.1.1) (UDP)
;; WHEN: Mon Sep 29 09:10:58 UTC 2025
;; MSG SIZE  rcvd: 106

resolvectl can be used to see how the DNS resolution works in the system tiself. resolvectl query arvb.net will show the cache, link, etc. for a query:

arvb.net: 188.114.96.12                        -- link: wlan0
          188.114.97.12                        -- link: wlan0
          2a06:98c1:3120::c                    -- link: wlan0
          2a06:98c1:3121::c                    -- link: wlan0
 
-- Information acquired via protocol DNS in 64.3ms.
-- Data is authenticated: no; Data was acquired via local or encrypted transport: no
-- Data from: network

Graph View