Network Configuration and Troubleshooting in Linux

Network Configuration and Troubleshooting in Linux
min read

Network Configuration and Troubleshooting in Linux

Network issues are some of the most frustrating problems in Linux administration. One moment everything works fine, the next moment you can't reach the internet, servers become unreachable, or applications start timing out. I've spent countless hours debugging network issues—from simple DNS misconfigurations to complex routing problems.

The difference between a novice and an expert isn't knowing every networking concept by heart—it's knowing which tools to use, what questions to ask, and how to systematically diagnose problems. In this comprehensive guide, I'll share the techniques I've learned from managing servers, troubleshooting connectivity issues, and configuring networks in various environments.

Whether you're setting up a home server, managing enterprise infrastructure, or just trying to understand why your Linux desktop can't connect to the internet, this guide will give you the tools and knowledge to diagnose and fix network problems efficiently.

Understanding Linux Network Architecture

Before diving into commands, let's understand how Linux handles networking:

Network Stack Layers

1. Physical Layer: Network interfaces (eth0, wlan0, etc.) 2. Data Link Layer: MAC addresses, ARP tables 3. Network Layer: IP addresses, routing tables 4. Transport Layer: TCP/UDP ports, connections 5. Application Layer: DNS, HTTP, SSH, etc.

Key Components

- Network Interfaces: Physical and virtual network connections

  • Routing Table: How packets find their destination
  • DNS Configuration: How hostnames resolve to IP addresses
  • Firewall Rules: What traffic is allowed or blocked
  • Network Services: DHCP, DNS servers, etc.

    • Essential Network Information Commands

    The `ip` Command: Modern Network Management

    The ip command is the modern replacement for ifconfig, route, and arp. It's more powerful and consistent.

    Viewing Network Interfaces

    bash 
    # Show all network interfaces
ip addr show
ip a    # Short form

# Show specific interface
ip addr show eth0

# Show interface statistics
ip -s link show

# Show only IPv4 or IPv6
ip -4 addr show
ip -6 addr show

    Understanding Interface Output

    plaintext 
    2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 08:00:27:12:34:56 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.100/24 brd 192.168.1.255 scope global dynamic eth0
       valid_lft 86394sec preferred_lft 86394sec
    inet6 fe80::a00:27ff:fe12:3456/64 scope link
       valid_lft forever preferred_lft forever

    - Interface state: UP/DOWN

  • MAC address: 08:00:27:12:34:56
  • IPv4 address: 192.168.1.100/24
  • Broadcast address: 192.168.1.255
  • IPv6 address: fe80::a00:27ff:fe12:3456/64

    • Routing Table Management

    bash 
    # Show routing table
ip route show
ip r    # Short form

# Show specific route
ip route get 8.8.8.8

# Show routing table for specific interface
ip route show dev eth0

# Add static route
sudo ip route add 10.0.0.0/24 via 192.168.1.1 dev eth0

# Delete route
sudo ip route del 10.0.0.0/24

# Add default gateway
sudo ip route add default via 192.168.1.1

    ARP Table Management

    bash 
    # Show ARP table (neighbor cache)
ip neigh show
ip n    # Short form

# Show ARP entries for specific interface
ip neigh show dev eth0

# Add static ARP entry
sudo ip neigh add 192.168.1.10 lladdr 08:00:27:12:34:56 dev eth0

# Delete ARP entry
sudo ip neigh del 192.168.1.10 dev eth0

# Flush ARP table
sudo ip neigh flush all

    Network Interface Configuration

    Temporary Configuration (Lost on Reboot)

    bash 
    # Bring interface up/down
sudo ip link set eth0 up
sudo ip link set eth0 down

# Add IP address
sudo ip addr add 192.168.1.100/24 dev eth0

# Remove IP address
sudo ip addr del 192.168.1.100/24 dev eth0

# Change MAC address
sudo ip link set eth0 down
sudo ip link set eth0 address 08:00:27:12:34:57
sudo ip link set eth0 up

    Permanent Configuration

    Ubuntu/Debian (Netplan):

    bash 
    # Edit netplan configuration
sudo nano /etc/netplan/01-network-manager-all.yaml

# Example static IP configuration:
network:
  version: 2
  renderer: networkd
  ethernets:
    eth0:
      dhcp4: false
      addresses:
        - 192.168.1.100/24
      gateway4: 192.168.1.1
      nameservers:
        addresses:
          - 8.8.8.8
          - 8.8.4.4

# Apply configuration
sudo netplan apply

    CentOS/RHEL:

    bash 
    # Edit interface configuration
sudo nano /etc/sysconfig/network-scripts/ifcfg-eth0

# Example static configuration:
TYPE=Ethernet
BOOTPROTO=static
NAME=eth0
DEVICE=eth0
ONBOOT=yes
IPADDR=192.168.1.100
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
DNS1=8.8.8.8
DNS2=8.8.4.4

# Restart networking
sudo systemctl restart network

    Connection and Port Analysis

    The `ss` Command: Socket Statistics

    ss is the modern replacement for netstat and provides more detailed information about network connections.

    Basic Usage

    bash 
    # Show all connections
ss -a

# Show listening ports only
ss -l

# Show TCP connections
ss -t

# Show UDP connections
ss -u

# Show process information
ss -p

# Combine options (TCP listening with process info)
ss -tlp

    Practical Examples

    bash 
    # Show all listening TCP ports with process names
sudo ss -tlpn

# Show established connections
ss -t state established

# Show connections to specific port
ss -tn sport = :22
ss -tn dport = :80

# Show connections by specific process
ss -p | grep ssh

# Show network usage by process
ss -i

    The `netstat` Command: Legacy but Still Useful

    While ss is preferred, netstat is still widely used:

    bash 
    # Show all connections with process info
sudo netstat -tulpn

# Show routing table
netstat -rn

# Show interface statistics
netstat -i

# Show listening ports only
netstat -ln

# Show TCP connections only
netstat -tn

    Understanding netstat Output

    plaintext 
    Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1234/sshd
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN      5678/mysqld

    - Proto: Protocol (tcp, udp)

  • Local Address: IP:Port listening on
  • Foreign Address: Remote connection details
  • State: Connection state (LISTEN, ESTABLISHED, etc.)
  • PID/Program: Process ID and name

    • DNS Configuration and Troubleshooting

    Understanding DNS Resolution

    bash 
    # Check DNS configuration
cat /etc/resolv.conf

# Test DNS resolution
nslookup google.com
dig google.com

# Detailed DNS query
dig google.com +trace

# Reverse DNS lookup
dig -x 8.8.8.8

# Check specific DNS record types
dig google.com MX    # Mail exchange
dig google.com NS    # Name servers
dig google.com A     # IPv4 address
dig google.com AAAA  # IPv6 address

    DNS Configuration Files

    `/etc/resolv.conf`

    bash 
    # View current DNS configuration
cat /etc/resolv.conf

# Example content:
nameserver 8.8.8.8
nameserver 8.8.4.4
search example.com

    `/etc/hosts`

    bash 
    # Local hostname to IP mapping
sudo nano /etc/hosts

# Example entries:
127.0.0.1   localhost
192.168.1.10   server.local
192.168.1.20   database.local

    systemd-resolved (Modern Systems)

    bash 
    # Check DNS resolution status
systemd-resolve --status

# Query specific DNS server
systemd-resolve --query=google.com --server=8.8.8.8

# Flush DNS cache
sudo systemd-resolve --flush-caches

    Network Troubleshooting Methodology

    The Systematic Approach

    When facing network issues, follow this systematic approach:

    1. Check Physical Layer: Cables, interfaces 2. Check Data Link Layer: Interface status, ARP 3. Check Network Layer: IP configuration, routing 4. Check Transport Layer: Port connectivity 5. Check Application Layer: DNS, application-specific issues

    Layer 1: Physical Connectivity

    bash 
    # Check interface status
ip link show

# Check cable connection (if supported)
sudo ethtool eth0

# Check interface statistics for errors
ip -s link show eth0

# Check dmesg for hardware messages
dmesg | grep -i eth0

    Layer 2: Data Link Layer

    bash 
    # Check ARP table
ip neigh show

# Check if gateway is reachable at layer 2
ping -c 1 192.168.1.1
ip neigh show | grep 192.168.1.1

# Check for duplicate MAC addresses
ip neigh show | sort

    Layer 3: Network Layer

    bash 
    # Check IP configuration
ip addr show

# Check routing table
ip route show

# Test local network connectivity
ping -c 4 192.168.1.1

# Test internet connectivity
ping -c 4 8.8.8.8

# Trace route to destination
traceroute google.com
tracepath google.com

    Layer 4: Transport Layer

    bash 
    # Check if specific port is open locally
ss -tlpn | grep :80

# Test remote port connectivity
telnet google.com 80
nc -zv google.com 80

# Test UDP connectivity
nc -zuv dns-server.com 53

    Layer 5-7: Application Issues

    bash 
    # Test DNS resolution
nslookup google.com
dig google.com

# Test HTTP connectivity
curl -I http://google.com
wget --spider http://google.com

# Check application-specific logs
sudo journalctl -u apache2

    Practical Troubleshooting Scenarios

    Scenario 1: "No Internet Connection"

    Step-by-step troubleshooting:

    bash 
    # 1. Check interface status
ip addr show

# 2. Check if interface has IP address
# If no IP, check DHCP:
sudo dhclient eth0

# 3. Check default gateway
ip route show | grep default

# 4. Test gateway connectivity
ping -c 4 192.168.1.1

# 5. Test DNS resolution
nslookup google.com

# 6. Test internet connectivity
ping -c 4 8.8.8.8

# 7. If DNS fails but ping works, fix DNS
echo "nameserver 8.8.8.8" | sudo tee /etc/resolv.conf

    Scenario 2: "Can't Connect to Web Server"

    bash 
    # 1. Check if server is listening
sudo ss -tlpn | grep :80

# 2. Test local connectivity
curl -I http://localhost

# 3. Check firewall rules
sudo iptables -L -n
sudo ufw status

# 4. Test from remote machine
telnet server-ip 80

# 5. Check server logs
sudo tail -f /var/log/apache2/error.log

    Scenario 3: "Slow Network Performance"

    bash 
    # 1. Check interface statistics
ip -s link show eth0

# 2. Check for packet loss
ping -c 100 gateway-ip

# 3. Test bandwidth
# Install iperf3
sudo apt install iperf3

# On server:
iperf3 -s

# On client:
iperf3 -c server-ip

# 4. Check network utilization
sudo iftop
sudo nethogs

# 5. Check for network errors
dmesg | grep -i network

    Scenario 4: "DNS Resolution Issues"

    bash 
    # 1. Check DNS configuration
cat /etc/resolv.conf

# 2. Test DNS servers
dig @8.8.8.8 google.com
dig @1.1.1.1 google.com

# 3. Check if DNS cache is the issue
sudo systemd-resolve --flush-caches

# 4. Test with different DNS
echo "nameserver 8.8.8.8" | sudo tee /etc/resolv.conf

# 5. Check if DNS service is running
sudo systemctl status systemd-resolved

    Advanced Network Troubleshooting Tools

    Packet Capture with tcpdump

    bash 
    # Capture packets on specific interface
sudo tcpdump -i eth0

# Capture specific traffic
sudo tcpdump -i eth0 host 192.168.1.10
sudo tcpdump -i eth0 port 80
sudo tcpdump -i eth0 tcp

# Save capture to file
sudo tcpdump -i eth0 -w capture.pcap

# Read from file
sudo tcpdump -r capture.pcap

# Capture with more details
sudo tcpdump -i eth0 -v -n

    Network Monitoring Tools

    bash 
    # Install monitoring tools
sudo apt install iftop nethogs nload

# Monitor bandwidth by interface
sudo iftop -i eth0

# Monitor bandwidth by process
sudo nethogs eth0

# Simple bandwidth monitor
nload eth0

# Monitor network connections
watch -n 1 'ss -tuln'

    Wireless Network Troubleshooting

    bash 
    # List wireless interfaces
iw dev

# Scan for wireless networks
sudo iw dev wlan0 scan | grep SSID

# Check wireless connection status
iw dev wlan0 link

# Check wireless configuration
cat /etc/wpa_supplicant/wpa_supplicant.conf

# Connect to wireless network
sudo wpa_supplicant -B -i wlan0 -c /etc/wpa_supplicant/wpa_supplicant.conf
sudo dhclient wlan0

    Network Security and Monitoring

    Firewall Configuration

    UFW (Uncomplicated Firewall)

    bash 
    # Enable/disable firewall
sudo ufw enable
sudo ufw disable

# Allow specific ports
sudo ufw allow 22/tcp
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp

# Allow from specific IP
sudo ufw allow from 192.168.1.0/24

# Deny specific port
sudo ufw deny 23/tcp

# Check firewall status
sudo ufw status verbose

# Delete rules
sudo ufw delete allow 80/tcp

    iptables

    bash 
    # List current rules
sudo iptables -L -n -v

# Allow incoming SSH
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT

# Allow loopback traffic
sudo iptables -A INPUT -i lo -j ACCEPT

# Allow established connections
sudo iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# Save rules (Ubuntu/Debian)
sudo iptables-save > /etc/iptables/rules.v4

    Network Security Monitoring

    bash 
    # Monitor network connections
sudo netstat -tulpn | grep LISTEN

# Check for unusual connections
sudo ss -tuln | grep -v "127.0.0.1\|::1"

# Monitor ARP table for changes
watch -n 5 'ip neigh show'

# Check for port scans
sudo journalctl | grep -i "port scan"

# Monitor failed connection attempts
sudo journalctl -u ssh | grep "Failed"

    Performance Optimization

    Network Buffer Tuning

    bash 
    # Check current buffer sizes
cat /proc/sys/net/core/rmem_max
cat /proc/sys/net/core/wmem_max

# Increase buffer sizes (temporary)
sudo sysctl -w net.core.rmem_max=16777216
sudo sysctl -w net.core.wmem_max=16777216

# Make permanent
echo "net.core.rmem_max = 16777216" | sudo tee -a /etc/sysctl.conf
echo "net.core.wmem_max = 16777216" | sudo tee -a /etc/sysctl.conf

    TCP Optimization

    bash 
    # Enable TCP window scaling
echo "net.ipv4.tcp_window_scaling = 1" | sudo tee -a /etc/sysctl.conf

# Enable TCP timestamps
echo "net.ipv4.tcp_timestamps = 1" | sudo tee -a /etc/sysctl.conf

# Increase TCP buffer sizes
echo "net.ipv4.tcp_rmem = 4096 12582912 16777216" | sudo tee -a /etc/sysctl.conf
echo "net.ipv4.tcp_wmem = 4096 12582912 16777216" | sudo tee -a /etc/sysctl.conf

# Apply changes
sudo sysctl -p

    Automated Network Monitoring Scripts

    Network Health Check Script

    bash 
    #!/bin/bash
# Network Health Monitor

LOG_FILE="/var/log/network-health.log"
TIMESTAMP=$(date '+%Y-%m-%d %H:%M:%S')

echo "=== Network Health Check - $TIMESTAMP ===" >> $LOG_FILE

# Check interface status
if ip link show eth0 | grep -q "state UP"; then
    echo "Interface eth0: UP" >> $LOG_FILE
else
    echo "ALERT: Interface eth0 is DOWN" >> $LOG_FILE
fi

# Check gateway connectivity
if ping -c 1 -W 5 192.168.1.1 >/dev/null 2>&1; then
    echo "Gateway connectivity: OK" >> $LOG_FILE
else
    echo "ALERT: Cannot reach gateway" >> $LOG_FILE
fi

# Check DNS resolution
if nslookup google.com >/dev/null 2>&1; then
    echo "DNS resolution: OK" >> $LOG_FILE
else
    echo "ALERT: DNS resolution failed" >> $LOG_FILE
fi

# Check internet connectivity
if ping -c 1 -W 5 8.8.8.8 >/dev/null 2>&1; then
    echo "Internet connectivity: OK" >> $LOG_FILE
else
    echo "ALERT: No internet connectivity" >> $LOG_FILE
fi

    Connection Monitor Script

    bash 
    #!/bin/bash
# Monitor specific service connectivity

SERVICE_HOST="192.168.1.100"
SERVICE_PORT="80"
EMAIL="admin@example.com"

# Test connection
if ! nc -z -w 5 $SERVICE_HOST $SERVICE_PORT; then
    echo "ALERT: Cannot connect to $SERVICE_HOST:$SERVICE_PORT" | \
    mail -s "Service Down Alert" $EMAIL
    
    # Log to syslog
    logger -t connectivity-monitor "Failed to connect to $SERVICE_HOST:$SERVICE_PORT"
fi

    Common Network Configuration Mistakes

    1. Incorrect Subnet Mask

    bash 
    # Wrong: Different subnets
IP: 192.168.1.100/24
Gateway: 192.168.2.1

# Correct: Same subnet
IP: 192.168.1.100/24
Gateway: 192.168.1.1

    2. DNS Misconfiguration

    bash 
    # Check if DNS servers are reachable
ping -c 1 8.8.8.8
dig @8.8.8.8 google.com

# Test different DNS servers
dig @1.1.1.1 google.com
dig @208.67.222.222 google.com

    3. Firewall Blocking Connections

    bash 
    # Check if firewall is blocking
sudo iptables -L -n | grep DROP
sudo ufw status

# Temporarily disable firewall for testing
sudo ufw disable

# Test connection, then re-enable
sudo ufw enable

    Quick Reference: Network Troubleshooting Commands

    bash 
    # Interface and IP Information
ip addr show                    # Show all interfaces
ip route show                   # Show routing table
ip neigh show                   # Show ARP table

# Connectivity Testing
ping -c 4 hostname             # Test connectivity
traceroute hostname            # Trace route
mtr hostname                   # Continuous trace

# Port and Service Testing
ss -tlpn                       # Show listening ports
nc -zv hostname port          # Test port connectivity
telnet hostname port          # Interactive port test

# DNS Testing
nslookup hostname             # Basic DNS lookup
dig hostname                  # Detailed DNS query
dig @8.8.8.8 hostname        # Query specific DNS server

# Network Monitoring
iftop -i eth0                 # Monitor bandwidth
nethogs eth0                  # Monitor by process
tcpdump -i eth0               # Packet capture

# Configuration
sudo netplan apply            # Apply netplan config (Ubuntu)
sudo systemctl restart network # Restart networking (CentOS)
sudo dhclient eth0           # Renew DHCP lease

    What's Next?

    Network troubleshooting is an essential skill that builds on everything we've learned—process management helps you understand which services are running, log analysis helps you diagnose network issues, and now network configuration gives you the tools to fix connectivity problems.

    This completes our intermediate Linux administration series. You now have the fundamental skills needed to manage Linux systems effectively:

    - Process Management: Monitor and control running programs

  • User & Group Management: Control access and permissions
  • Environment Configuration: Customize shell environments
  • Task Automation: Schedule and automate routine tasks
  • Log Analysis: Diagnose and troubleshoot system issues
  • Network Configuration: Manage connectivity and troubleshoot network problems

    • Key Takeaways

    - Systematic approach: Always troubleshoot network issues layer by layer

  • Use modern tools: Prefer ip over ifconfig, ss over netstat
  • Understand the stack: Physical → Data Link → Network → Transport → Application
  • Test incrementally: Start with local connectivity, then work outward
  • Document changes: Keep track of network configuration changes
  • Monitor proactively: Don't wait for users to report network issues

    Network troubleshooting is part art, part science. The more you practice these techniques and understand the underlying concepts, the faster you'll be able to diagnose and resolve connectivity issues. Remember: the network doesn't lie—if you ask the right questions with the right tools, you'll find the answers.

    ---

    • 🚀 Continue Your Linux Journey

    This is Part 13 of our comprehensive Linux mastery series.

    Previous: System Logs Analysis - Master log monitoring and troubleshooting

    Next: Systemd Deep Dive - Learn modern Linux service management

    📚 Complete Linux Series Navigation

    Advanced Skills:

  • Part 12: System Logs Analysis
  • Part 13: Network ConfigurationYou are here
  • Part 14: Systemd Deep Dive
  • Part 15: SSH Security
  • Part 16: Filesystem Hierarchy
  • Part 17: Firewalls & Security
  • Part 18: Storage Management
  • Part 19: Performance Monitoring

    Ready for Service Management? Continue with systemd to master modern Linux service administration!

    • 🔗 Related Network Topics

    - SSH Security

  • Firewalls & Security
  • System Monitoring

    ---

    Congratulations! You've completed the intermediate Linux administration series. You now have the skills to manage Linux systems confidently, from monitoring processes to troubleshooting network connectivity issues.

    • Made With Love on