The purpose of the /etc/networks file

Also wondering what particular files do on Linux? One of those files we recently rediscovered during auditing is the /etc/networks file. For some reason it was always there, yet we never change it.

Screenshot of the contents in /etc/networks

Output of /etc/networks

When looking at the man page of networks(5) we learn its purpose (almost instantly):

  • It translates between IP ranges and network names
  • It is used for tools like netstat and route
  • It only works on class A, B, or C networks
  • It does not work on subnets

Surprisingly enough a test with subnetting actually showed the right names during our test. Digging through the related system calls (getnetbyaddr(3), getnetbyname(3), getnetent(3)), it did not reveal the reason why it worked.

Query the networks database

Linux systems use different databases which can be queried with the getent utility. It is the abbreviated name for “get entries” and uses the Nameserver Switch Services libraries. You may have been a package like libnss installed on your system. You can consider them wrappers around files and data structures, like the /etc/networks file.

Querying the networks database is simple:

getent networks

Depending on your network configuration it may be more populated than our test system, which shows only one network. In this case just the “link-local” network (, which is a reserved local network range for when no DHCP server is available. The system may then fall back on this range, to have at least some network.

Screenshot of running getent networks on Linux

A lonely network


The /etc/networks file has a limited purpose. It may help in displaying network names for some network related utilities. For more advanced network setups if may be useful to quickly show what network range belongs to which customer. We can conclude the /etc/networks file will not have a huge impact on how the system works.

Did you configure your /etc/networks file, or use it in a particularly useful way? Let it know!


Small picture of Michael Boelen

This article has been written by our Linux security expert Michael Boelen. With focus on creating high-quality articles and relevant examples, he wants to improve the field of Linux security. No more web full of copy-pasted blog posts.

Discovered outdated information or have a question? Share your thoughts. Thanks for your contribution.

Mastodon icon