Linux Networking Config

Network Interfaces

A network interface is how the kernel links up the software side of networking to the hardware side. We’ve already seen an example of this:

$ ifconfig -a
eth0  Link encap:Ethernet  HWaddr 1d:3a:32:24:4d:ce
      inet addr:192.168.1.129  Bcast:192.168.1.255  Mask:255.255.255.0
      inet6 addr: fd60::21c:29ff:fe63:5cdc/64 Scope:Link
  • The ifconfig tool allows us to configure our network interfaces, if we don’t have any network interfaces set up, the kernel’s device drivers and the network won’t know how to talk to each other.
  • Ifconfig runs on bootup and configures our interfaces through config files, but we can also manually modify them.
  • The loopback interface is used to represent your computer, it just loops you back to yourself. This is good for debugging or connecting to servers running locally.
  • The status of interfaces, can be up or down.
  • Most commonly used fields in the ifcoinfig -a output are HWaddr (MAC address of the interface), inet address (IPv4 address) and inet6 (IPv6 address).
  • The common configuration file for network insterfaces is /etc/network/interfaces.

To create an interface and bring it up

$ ifconfig eth0 192.168.2.1 netmask 255.255.255.0 up

To bring up or down an interface

$ ifup eth0
$ ifdown eth0
  • The ip command also allows us to manipulate the networking stack of a system. Depending on the distribution you are using it may be the preferred method of manipulating your network settings.

To show interface information for all interfaces

$ ip link show

To show the statistics of an interface

$ ip -s link show eth0

To add an IP address to an interface

$ ip address add 192.168.1.1/24 dev eth0

Network managers

  • nm-tool nm-tools reports NetworkManager’s state and it’s devices.
  • nmcli The nmcli command allows you to control and modify NetworkManager, see the manpage for more details.

ARP

Remember when we lookup a MAC address with ARP, it first checks the locally stored ARP cache on our system, you can actually view this cache:

$ arp
Address                 HWtype  HWaddress           Flags Mask            Iface
192.168.22.1            ether   00:12:24:fc:12:cc   C                     eth0
192.168.22.254          ether   00:12:45:f2:84:64   C                     eth0

The ARP cache is actually empty when a machine boots up, it gets populated as packets are being sent to other hosts. If we send a packet to a destination that isn’t in the ARP cache, the following happens:

  1. The source host creates the Ethernet frame with an ARP request packet
  2. The source host broadcasts this frame to the entire network
  3. If one of the hosts on the network knows the correct MAC address, it will send a reply packet and frame containing the MAC address
  4. The source host adds the IP to MAC address mapping to the ARP cache and then proceeds with sending the packet

You can also view your arp cache via the ip command:

$ ip neighbour show