Network

Net

Learn about the sysctl command and the values related to the network class.

Summary

This class defines the parameters related to the networking stack.

Sysctl: net.ipv4.ip_forward

The sysctl key net.ipv4.ip_forward key is used to define IP forwarding of IPv4 network packets. Learn about the possible values of this key and their meaning.

Summary

This sysctl key defines if a system should allow forwarding of IPv4 network packets. This functionality is required for systems that act as a gateway or router. IP forwarding is normally not required for most desktops and servers.

How to see the the network IP address of your system

Show the IP address of your system with the help of the ip command.

Summary

Show your local IP address

How to see the IP address of your internet connection

Show the IP address of your internet connection using the dig command.

Summary

Query the IP address of your internet connection

How to see which DNS server is used

Find the active DNS server being used by reviewing the network configuration, including common commands to query this information.

Summary

Show the active DNS server

Apt-file

The command apt-file can help with discovering which files belong to a package or what package installed or provides them.

Summary

Networking

Everything related to networking, from the network configuration up to DNS resolving. Test and configure your system with these articles.

Summary

Most Linux systems are connected to a network as a client system, or to provide services to other systems. Knowing how to configure, monitor, and audit the network configuration is more than useful. In this section we look at the available options. Network configuration The system itself can’t talk with other systems if it doesn’t have any protocol to communicate. Nowadays that is mostly IP . The local configuration for the network is usually stored in /etc/network or in a network manager in /etc.

How to see the number of open connections on Linux

Show the number of open connections using the ss command on Linux.

Summary

Show number of open connections per protocol

Iftop

The command iftop shows ongoing bandwidth usage on one or more network interfaces and is a great tool for troubleshooting network issues.

Summary

How to see active connections and bandwidth usage on Linux

Show actual bandwidth usage and active connections using the iftop tool on Linux.

Summary

Show actual bandwidth usage

Show to clear the DNS cache with systemd

Learn how to inspect and clear the DNS cache when using the systemd resolver daemon.

Summary

Clear DNS cache using resolvectl

Resolvectl

The command resolvectl provides details about systemd-resolved, the name resolution daemon.

Summary

Network

Articles and information about troubleshooting network performance issues and monitoring network statistics

Summary

Network connectivity starts at a device that links the system to a network, and for Linux systems that is no different. Depending on the physical layer, such as Ethernet of Wi-Fi, the transactions between be better or worse. Besides physical limitations, there is congestion and packet loss that may introduce issues. In this section we look at troubleshooting network performance issues, tooling, and examples. Interfaces The first step is to learn what links we have towards the network.

How to show network TCP statistics and counters

Show counters related to the TCP connections by using the nstat command. This small utility will quickly retrieve the related statistics and display them.

Summary

Show TCP connection statistics

How to see errors and dropped packets on a network interface on Linux

Show the network link details using the ip command to find out if a network has errors or dropped packets on a Linux system.

Summary

Show network link statistics to discover errors or dropped packets

How to see the default gateway on Linux

Show the network routing table to discover the default gateway used on a Linux system.

Summary

Show network table to discover the default gateway

How to see which process is using a port

Show which process is already opened an UDP or TCP port on Linux by using the ss command.

Summary

Show which process is listening to a port

How to see open ports on Linux

Show which UDP/TCP ports are opened on a Linux system, including the related process. Use the ss tool to see more details about these sockets.

Summary

Show open network ports such as TCP and UDP

Networking: Frequently Asked Questions

Frequently asked questions about networking, such as DNS, IP configuration, TCP/UDP details, and more.

Summary

How to see the TTL value of a DNS record

Learn how to query the Time To Live (TTL) for a DNS record by using the dig tool.

Summary

Query DNS to reveal the TTL value of a DNS record.

BPFILTER: the next-generation Linux firewall

BPFILTER is one of the newer features to provide traffic filtering. Learn how it works and why it may replace iptables as the firewall on Linux systems.

Summary

The Linux community has a continuous drive to enhance the GNU/Linux kernel. When we look at network traffic filtering, we moved from ipchains to iptables. More recently we saw the introduction of nftables. Next in line is BPFILTER, part of the development work for the Linux 4.18 kernel. What is BPFILTER? BPFILTER is short for BPF based packet filtering framework. In other words, it is a framework that does packet filtering and is based on BPF.

Beginners guide to traffic filtering with nftables

The replacement of iptables is known as nftables. In this article, we learn to install nftables and configure it, to secure your Linux systems.

Summary

Learn how to use nftables in this introduction guide to the tool. With common examples, frequently asked questions, and generic tips.

The purpose of the /etc/networks file

Also wondering what some files are used for on Linux systems? In this article we have a look at the /etc/networks file.

Summary

Also wondering what particular files do on Linux? One of those files we recently rediscovered during auditing is the /etc/networks file. For some reason it was always there, yet we never change it. Output of /etc/networks When looking at the man page of networks(5) we learn its purpose (almost instantly): It translates between IP ranges and network names It is used for tools like netstat and route It only works on class A, B, or C networks It does not work on subnets Surprisingly enough a test with subnetting actually showed the right names during our test.

Differences between iptables and nftables explained

An overview of the differences between firewall technologies iptables and nftables. We highlight the major differences like simplicity and management.

Summary

The seasoned Linux administrator will be familiar with iptables, the network traffic filter. If you ever configured a Linux system with an ethernet bridge configuration, you might even have worked with ebtables. Or possibly you wanted to filter ARP traffic and used arptables? Newcomer nftables has arrived, with the purpose to replace iptables, ip6tables, ebtables and arptables. As with every big upcoming change, it is good to know the differences. We explain what makes nftables different to iptables, and why you want to adopt it in the near future.

Linux Security Guide for Hardening IPv6

Extensive guide to help you secure your IPv6 configuration on Linux. From initial set-up to hardening the kernel with sysctl.

Summary

Version 6 of Internet Protocol is now 20+ years available. You would think it is widely available now, right? Not exactly. Still many internet providers don’t have it deployed for their customers. Hosting companies are not always eager to deploy it either. Mostly because of lacking knowledge. To get at east more knowledge shared on the security side of IPv6, we have crafted this guide. Hopefully it will be a practical guide for your to configure and tune your configurations.

List network interfaces on Linux

Show the available network interfaces and information on Linux with the right tools. We cover common replacements for iptables and netstat, with examples.

Summary

The network configuration is a common place to start during system configuration, security audits, and troubleshooting. It can reveal useful information like MAC and IP addresses. This guide helps you to gather this information on Linux, including listing all available network interfaces and its details. Show network interfaces Linux Every Linux distribution is using its own way of configuring the network configuration details. Therefore, it is good to know which tools can be used to query these details in a generic way.

Which Linux process is using a particular network port?

Seeing the 'address in use' error or need to find out which process is listening to a particular port on Linux? Here are the tools to find out!

Summary

Most network related services have to open up a network socket, so they can start listening for incoming network requests. It is common to find the TCP or UDP being used as the main communication protocol. In this article, we will check what ports are used by which Linux process. Auditing processes and network services Find out what process is listening to a port Only one process can actively listen to a TCP or UDP port.

Filtering ARP traffic with Linux arptables

Filtering ARP traffic is easy with the arptables utility. In this article we look at the possibilities of arptables and provides example of using it.

Summary

Most Linux system administrators will be familiar with iptables on Linux. Less known is the arptables utility, which controls filtering arp packets. Installation of arptables The arptables utility is easy to set-up, as the main functionality is already implemented in the Linux kernel. Just install the arptables package on your favorite Linux distribution. Debian / Ubuntu: apt install arptables Red Hat: yum install arptables Configuration example To show the effect of filtering traffic, we will show an example by filtering router traffic and blocking it.

How to clear the ARP cache on Linux?

Clearing the ARP cache on Linux is easy with the arp or ip utility. This blog post will help you to clear the cache with examples for both utilities.

Summary

There are several reasons when you might need to clear your ARP cache. There are two common ways on Linux systems, typically using the arp or ip utility. Depending on your Linux distribution and the availability, we suggest using the ip tool. Clearing cache with ip Newer Linux distributions have the ip utility. The ip tool has a more advanced way to clear out the full ARP cache. ip -s -s neigh flush all

Linux Audit: Auditing the Network Configuration

This article describes how to audit the network configuration of Unix and Linux based systems, with useful tips for auditors and system administrators.

Summary

Within this article we have a look on how to audit and check the network configuration of Linux and other systems. The main focus is on gathering information and discover how systems are configured. By taking these steps we will do a manual audit. For efficiency reasons we suggest to use an automated tool like Lynis. Where to start? Each Linux distribution has their own way and files to configure the network.