Experiment 1: Understand basics of network configuration files and

networking commands in Linux.

AIM: To familiarize the network configuration files and networking commands like ifconfig,
netstat, ping, arp, traceroute, whois etc.

Some of the important network configuration files are

1./etc/hosts
This file is used to resolve hostnames on small networks with no DNS server. This text
file contains a mapping of an IP address to the corresponding host name in each line. This file
also contains a line specifying the IP address of the loopback device i.e, 127.0.0.1 is mapped to
localhost.

It is possible to configure our system to first look at the entries in the hosts file before consulting DNS. This
preference is configured by a file located at "/etc/nsswitch.conf". Normally DNS is consulted first on most
systems.

A typical hosts file is as shown.

$ cat /etc/hosts
127.0.0.1 localhost
127.0.1.1 Dell-System-Inspiron-N4110

# The following lines are desirable for IPv6 capable hosts

::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

2 /etc/resolv.conf

This file is used for configuring the DNS (Domain Name System) resolver library. The resolv.conf
configuration file contains information parameters used by the DNS resolver. The DNS resolver allows for
the operating system to translate domain names into IP addresses. The process is known as resolving. The
path for this file is "/etc/resolv.conf".
Normally a resolv.conf file will contain a search order of domains which is used for fully qualified domain
name completion when no domain suffix is used in a query. We can find a list of name servers that will be
used for DNS lookup. Normally there will be at least two nameservers supplied, one for primary and a
secondary for redundancy.
Example of a resolv.conf configuration file:

1
#/etc/resolv.conf
search mydomain.com mydomain.net
nameserver 8.8.8.8
nameserver 8.8.4.4

search: The search list is normally determined from the local domain name. By default, it only contains the
local domain name. To change this, you can pass the desired name search path after the search keyword.

In the context of the /etc/resolv.conf file on Unix-like operating systems, the search keyword is
used to specify a domain search list. This list is used by the Domain Name System (DNS) resolver to expand
single-label hostnames (those without a domain suffix) when attempting to resolve them to fully qualified
domain names (FQDNs).
Here's a brief explanation of how it works:
1. Single-Label Hostname: If you try to resolve a hostname without specifying a domain
suffix, the resolver will use the search list to try and append different domains to the
hostname.
2. Search List: The search keyword is followed by a space-separated list of domain
names. When you attempt to resolve a single-label hostname, the resolver will iterate
through this list and append each domain to the hostname in turn until a match is found.
For example, if the search line in /etc/resolv.conf is:
search example.com subdomain.example.com

And you try to resolve the hostname "host", the resolver will try to resolve "host.example.com"
and "host.subdomain.example.com" before giving up.

Nameserver: A nameserver is specified by its IP address. If there is more than one entry for the parameter
nameserver, then the resolver library will query these in the order they are found.

The nameserver keyword is followed by the IP address of a DNS server. You can have multiple
nameserver lines in the file, indicating the presence of multiple DNS servers.
For example:
nameserver 8.8.8.8
nameserver 8.8.4.4

In this example, two DNS servers provided by Google (8.8.8.8 and 8.8.4.4) are specified.
Configuring the nameserver entries in /etc/resolv.conf is essential for DNS resolution on a Unix-
like system. It ensures that the system knows where to send DNS queries to resolve domain names into IP
addresses.

2
3 /etc/nsswitch.conf

The /etc/nsswitch.conf file is a configuration file on Unix-like operating systems that determines
the order and sources of the various databases and services used for name resolution and user
authentication. The acronym "nsswitch" stands for "Name Service Switch," and the file defines the order
in which the system should consult different sources when looking up information such as user names,
group names, hostnames, and other system-related data.
Here are some of the key purposes of the /etc/nsswitch.conf file:

1. Name Resolution Order:

 Hostnames: Specifies the order of sources to consult when resolving hostnames to IP

addresses. Common sources include DNS (dns), files (files), and NIS (nis).
 User and Group Information: Defines the order of sources to consult when looking up
user and group information, such as passwd and group entries. Common sources include
files (files), NIS (nis), and LDAP (ldap).
2. Authentication:

 Password and Group Authentication: Specifies the order of sources for authenticating
users and groups. Common sources include files (files), NIS (nis), and LDAP (ldap).
3. Service Switching:

 Service Databases: Specifies the order in which databases are consulted for various
services, such as passwd, group, hosts, and networks.
 Order of Priority: The entries in /etc/nsswitch.conf are arranged in a specific
order of priority. The first valid entry is used, and if the information is not found, the
system proceeds to the next entry.
4. Syntax:

 Configuration Format: The file uses a simple syntax with keywords like passwd,
group, hosts, and others, followed by sources such as files, dns, nis, and ldap.
5. Modifying System Behavior:

 Customization: Administrators can edit /etc/nsswitch.conf to customize the

system's behavior regarding name resolution and user authentication, tailoring it to the
specific needs of the environment.

Here is a simplified example of an /etc/nsswitch.conf file:

passwd: files ldap
group: files ldap
hosts: files dns

In this example:

 User and group information are first looked up in local files and then in an LDAP directory.
 Hostname resolution is attempted first in local files and then via DNS.

3
Summary: The "/etc/nsswitch.conf" file contains your settings as to how various system lookups are
carried out. Here you can configure your system to use the "/etc/hosts", "/etc/passwd" files locally or use
a "NIS" server or "DNS" server. One of the main functions of the "nsswitch.conf is to control how the
network is resolved.

4. /etc/hostname

The /etc/hostname file is used to store and set the hostname of a Unix-like operating
system. The hostname is a label assigned to a computer or device on a network. It helps identify
the device within the network and is often used for various networking and system
administration tasks.
Here's how the /etc/hostname file is typically used:

1. Storing the Hostname:

 The /etc/hostname file contains a single line that specifies the hostname of the
system. This file is read during the system's boot process to set the hostname.

 For example, the contents of the /etc/hostname file might be:

myserver

In this case, "myserver" is the hostname of the system.

2. Setting the Hostname during Boot:

 When the operating system boots, it reads the hostname from the /etc/hostname
file and sets the system's hostname accordingly.

 The configured hostname becomes part of the system's identity, and it is used in various
networking protocols, log entries, and other system-related activities.

3. Dynamic Configuration:

 Some systems may dynamically generate or configure the /etc/hostname file during
the boot process based on other configuration files or settings.
4. Network Configuration:

 The hostname is often used in network-related activities. For example, it may appear in
the system's fully qualified domain name (FQDN) or be used in DNS (Domain Name
System) resolution.
5. User Prompt:

 On some systems, the contents of the /etc/hostname file may be used to prompt
the user with the default hostname during the installation or initial setup of the
operating system.

4
 6. Editing the Hostname:

 Administrators can manually edit the /etc/hostname file to change the hostname of the
system. After editing the file, a system restart or specific commands may be required to
apply the changes.
It's important to note that while the /etc/hostname file stores the default or configured hostname,
the actual hostname of a running system can be obtained or modified using commands such as
hostname or hostnamectl depending on the specific Unix-like operating system in use (e.g., Linux
distributions may use different tools). Additionally, changes to the hostname may require updating
network configuration files and services to reflect the new hostname.

5. /etc/hosts.allow and /etc/hosts.deny

The /etc/hosts.allow file is used in Unix-like operating systems to control access to network services
based on the IP addresses or domain names of connecting systems. This file is part of the TCP Wrapper
mechanism, which provides a simple access control mechanism for network services. The access list is
generally known as a "TCP Wrapper Access Control List". Here are the key aspects of the
/etc/hosts.allow file:
1. Access Control Rules:

 The /etc/hosts.allow file contains rules that specify which hosts or networks are
allowed to access specific network services on the local system.
2. Syntax:

 Each rule in the file consists of a service name (or a list of service names) followed by a
colon and a list of allowed hosts or networks.
 Wildcards and patterns can be used in specifying hosts or networks.
 Blank lines and lines starting with # are considered comments.

Example of a simple rule: sshd: 192.168.1.2

In this example, only the host with the IP address 192.168.1.2 is allowed to access the SSH service
(sshd).

3. Service Names:

 Service names correspond to the network services that are controlled by the rules. For
example, sshd represents the SSH daemon, telnetd represents the Telnet daemon,
and so on.

4. Wildcard Usage:

 Wildcards, such as ALL or LOCAL, can be used in the /etc/hosts.allow file to

specify broad rules. For example: ALL: 192.168.

In this example, all services are allowed for hosts in the 192.168.0.0/16 network.

5
 1. Denying Access:

 The /etc/hosts.allow file is often used in conjunction with the

/etc/hosts.deny file. If a host or network is not explicitly allowed in
/etc/hosts.allow, the system checks the /etc/hosts.deny file to determine
whether access should be denied.
2. Combining Rules:

 Rules in both /etc/hosts.allow and /etc/hosts.deny are evaluated, and the

last matching rule takes precedence. This allows administrators to define complex
access control policies.
3. Service Restart:

 Changes to the /etc/hosts.allow file generally do not require a service restart.

However, the configuration may need to be reloaded or the affected service may need
to be restarted for changes to take effect.

Here's an example of a more complex /etc/hosts.allow file:

sshd: 192.168.1.2
telnetd: ALL
ALL: 10.0.0.0/255.0.0.0

In this example:

 Only the host with the IP address 192.168.1.2 is allowed to access SSH (sshd).
 All hosts are allowed to access Telnet (telnetd).
 All hosts in the 10.0.0.0/8 network are allowed to access any other service.

6
Some of the important networking commands are
IFCONFIG
 The Unix command ifconfig (short for interface configurator) serves to configure and
control TCP/IP network interfaces from a command line interface (CLI).
 Common uses for ifconfig include setting an interface's IP address and netmask and
disabling or enabling a given interface.
 OS initialize their network interfaces using ifconfig at boot time.
 ifconfig is also used to view the MTU (Maximum transmission unit).

NETSTAT
 netstat (network statistics) is a command-line tool that displays network connections
(both incoming and outgoing), routing tables, and a few network interface statistics.
 It is used for finding problems in the network and to determine the amount of traffic on
the network as a performance measurement.

Parameters
Parameters used with this command must be prefixed with a hyphen (-) rather than a slash (/).
-a: Displays all active TCP connections and the TCP and UDP ports on which the computer is
listening.
-e: Displays ethernet statistics, such as the number of bytes and packets sent and received. This
parameter can be combined with -s.
-i: Displays network interfaces and their statistics
-n: Displays active TCP connections, however, addresses and port numbers are expressed
numerically, and no attempt is made to determine names.
-p: Show which processes are using which sockets
-r: Display the kernel routing tables.
netstat -at
The above command will list all the TCP connections.
netstat -au
The above command will list all the UDP connections.

SS
The ss (socket statistics.) command is a replacement for netstat command. This command gives
more information in comparison to the netstat. It is also faster than netstat as it gets all
information from kernel userspace.
1. ss -ta
2. ss -ua
3. ss -xa

If you want to list listening ports for TCP, UDP and Unix use -t, -u and -x respectively with l
command.

7
Syntax:
1. ss -lt
2. ss -lu
3. ss -lx

PING
Ping is a computer network tool used to test whether a particular host is reachable across an IP
network; it is also used to self-test the network interface card of the computer. It works by
sending ICMP “echo request” packets to the target host and listening for ICMP “echo response”
replies. Ping is used to record any packet loss and print a statistical summary when finished.
Example: ping 192.168.86.45

ARP
 ARP (Address Resolution Protocol) command is used to display and modify ARP cache,
which contains the mapping of IP address to MAC address.
 The system’s TCP/IP stack uses ARP to determine the MAC address associated with an
IP address.

In computer networking, the Address Resolution Protocol (ARP) is the method for finding a
host's link layer (hardware) address when only its Internet Layer (IP) or some other Network
Layer address is known.
How to Use ARP to Find a MAC Address
In Windows, Linux, and other operating systems, the command line utility ARP (Address
Resolution Protocol) shows local MAC address information stored in the ARP cache. However,
it only works within the small group of computers on a local area network (LAN), not across the
internet.

TCP/IP computer networks use both the IP addresses and MAC addresses of connected client
devices. While the IP address changes over time, the MAC address of a network adapter always
stays the same.
Start by pinging the device you want the MAC to address for:

ping 192.168.86.45
The ping command establishes a connection with the other device on the network and should
show a result like this:

Pinging 192.168.86.45 with 32 bytes of data:

Reply from 192.168.86.45: bytes=32 time=290ms TTL=128
Reply from 192.168.86.45: bytes=32 time=3ms TTL=128
Reply from 192.168.86.45: bytes=32 time=176ms TTL=128Reply from 192.168.86.45: bytes=32
time=3ms TTL=128
Use the following ARP command to get a list that shows the MAC address of the device you
pinged:

8
arp -a
The results may look something like this but probably with many other entries:

Interface: 192.168.86.38 --- 0x3

Internet Address Physical Address Type
192.168.86.1 70-3a-cb-14-11-7a dynamic
192.168.86.45 98-90-96-B9-9D-61 dynamic
192.168.86.255 ff-ff-ff-ff-ff-ff static
224.0.0.22 01-00-5e-00-00-16 static
224.0.0.251 01-00-5e-00-00-fb static
Find the device's IP address in the list. The MAC address is shown right next to it. In this
example, the IP address is 192.168.86.45, and its MAC address is 98-90-96-B9-9D-61.

Here is an example of adding a static ARP entry on a Unix-like system:

sudo arp -s 192.168.1.1 00:11:22:33:44:55

In this example, the IP address 192.168.1.1 is statically mapped to the MAC address
00:11:22:33:44:55.

TRACEROUTE

traceroute is a computer network tool used to determine the route taken by packets across an IP
network. An IPv6 variant, traceroute6, is also widely available. Traceroute is often used for
network troubleshooting. By showing a list of routers traversed, it allows the user to identify the
path taken to reach a particular destination on the network. This can help identify routing
problems or firewalls that may be blocking access to a site.
In other words, traceroute command in Linux prints the route that a packet takes to reach the
host. This command is useful when you want to know about the route and about all the hops that
a packet takes.
The traceroute command in Windows is tracert. On a Linux system, the command is traceroute.
A typical tracert on a Windows machine would look like the following.
tracert www.google.com
Tracing route to www.google.com [74.125.227.179]
over a maximum of 30 hops:
1 1 ms <1 ms 1 ms 192.168.1.1
2 7 ms 6 ms 6 ms 10.10.1.2
3 7 ms 8 ms 7 ms 10.10.1.45
4 9 ms 8 ms 8 ms 10.10.25.45
5 9 ms 10 ms 9 ms 10.10.85.99
6 11 ms 51 ms 10 ms 10.10.64.2
7 11 ms 10 ms 10 ms 10.10.5.88
8 11 ms 10 ms 11 ms 216.239.46.248
9 12 ms 12 ms 12 ms 72.14.236.98
10 18 ms 18 ms 18 ms 66.249.95.231
11 25 ms 24 ms 24 ms 216.239.48.4

9
 12 48 ms 46 ms 46 ms 72.14.237.213
13 50 ms 50 ms 50 ms 72.14.237.214
14 48 ms 48 ms 48 ms 64.233.174.137
15 47 ms 47 ms 46 ms dfw06s32-in-f19.1e100.net [74.125.227.179]
Trace complete.

For all additional options of traceroute, check the manual page in the terminal with the man
command: man traceroute

WHOIS

WHOIS is a query/response protocol which is widely used for querying an official database to
determine the owner of a domain name, an IP address, or an autonomous system number on the
Internet. WHOIS lookups were traditionally made using a command line interface, but several
simplified web-based tools now exist for looking up domain ownership details from different
databases. WHOIS normally runs on TCP port 43.
The WHOIS system originated as a method that system administrators could use to look up
information to contact other IP address or domain name administrators (almost like "white
pages").
Example: whois 216.58.206.46
NetRange: 216.58.192.0 - 216.58.223.255
CIDR: 216.58.192.0/19
NetName: GOOGLE
NetHandle: NET-216-58-192-0-1
Parent: NET216 (NET-216-0-0-0-0)
NetType: Direct Allocation
OriginAS: AS15169
Organization: Google LLC (GOGL)
RegDate: 2012-01-27
Updated: 2012-01-27
Ref: https://whois.arin.net/rest/net/NET-216-58-192-0-1
OrgName: Google LLC
OrgId: GOGL
Address: 1600 Amphitheatre Parkway
City: Mountain View
StateProv: CA
PostalCode: 94043
Country: US
RegDate: 2000-03-30
Updated: 2017-12-21
we can also give the domain name instead of IP addresses like whois google.com

10
nslookup
nslookup (name server lookup) is a command-line tool used for querying DNS (Domain
Name System) to obtain domain name or IP address information.

$ nslookup www.lbscek.ac.in
Server: 127.0.0.53
Address: 127.0.0.53#53
Non-authoritative answer:
www.lbscek.ac.in canonical name = lbscek.ac.in.
Name: lbscek.ac.in
Address: 31.170.166.179
Name: lbscek.ac.in
Address: 2a02:4780:1:1244:0:2ea3:31f:2
root@root-Dell-System-Inspiron-N4110: ~$ nslookup -type=A www.lbscek.ac.in
Server: 127.0.0.53
Address: 127.0.0.53#53
Non-authoritative answer:
www.lbscek.ac.in canonical name = lbscek.ac.in.
Name: lbscek.ac.in
Address: 31.170.166.179
root@root-Dell-System-Inspiron-N4110: ~$ nslookup -type=AAAA www.lbscek.ac.in
Server: 127.0.0.53
Address: 127.0.0.53#53
Non-authoritative answer:
www.lbscek.ac.in canonical name = lbscek.ac.in.
Name: lbscek.ac.in
Address: 2a02:4780:1:1244:0:2ea3:31f:2

Route
Route manipulates the kernel's IP routing tables. Its primary use is to set up static routes to
specific hosts or networks via an interface after it has been configured with the ifconfig program.

When the add or del options are used, route modifies the routing tables. Without these
options, route displays the current contents of the routing tables.

11