Computer Networks Lab Manual: Lab-I

(Basic UNIX Network Commands)

Sanjay K. Sahay
Dept. of CSIS, BITS Pilani, K.K. Birla Goa Campus

January 8, 2025
Basic UNIX Network Commands

0.1 Theory
The Lab-1 focuses on a set of foundational UNIX/Linux command-line tools that handle inter-
face configuration, address resolution, routing, simple diagnostics, and DNS lookups. Master-
ing these commands is crucial for anyone who needs to understand the fundamental workings
of TCP/IP networks. You will learn how to check and configure network interfaces, resolve
hostnames, diagnose connectivity issues, inspect routing tables, and query DNS information.

0.1.1 Warnings and Safe Usage

Some of these commands (like ifconfig or route when used with certain options) can
modify your system’s network settings and potentially disconnect you from the network or
cause conflicts. For the purpose of learning and illustration, we will describe these commands
in depth, but you should avoid making changes unless you fully understand what you are doing
or have explicit permission from a system administrator.
Commands that are generally safe to execute (for viewing or gathering information only)
include:
• ifconfig (without arguments or with <interface> only)
• iwconfig (view only)
• iwlist
• route -n
• ping
• netstat (or ss)
• ip addr show, ip link show, ip route show
• whois
• nslookup
• dig
• arp -a, arp -n
• traceroute (with default or harmless options)
Other commands or options that can break connectivity or require administrative privileges
(e.g., sudo) to make system-wide changes should typically be reserved for lab environments
or administrators who know how to revert changes if something goes wrong.

1
0.1.2 ifconfig
Purpose: ifconfig (short for “interface config”) is a legacy command for viewing and
configuring network interfaces on older UNIX/Linux systems. Although ifconfig has mostly
been superseded by the ip command (from the iproute2 suite), it is still helpful to under-
stand ifconfig due to its presence in many existing scripts and tutorials.

Basic Viewing Usage (Safe):

• ifconfig
Displays the status of all active network interfaces, including IP addresses, subnet masks,
and MAC addresses (for example, eth0, wlan0, lo).

• ifconfig eth0
Shows detailed information about the eth0 interface (if present on your system).

Administrative Usage (Potentially Harmful):

• sudo ifconfig eth0 192.168.1.10 netmask 255.255.255.0

Assigns an IP address to eth0. Mistakes can cause immediate loss of connectivity if the
IP or netmask is incorrect.

• sudo ifconfig eth0 down / sudo ifconfig eth0 up

Brings an interface offline or back online. Taking down the wrong interface can discon-
nect your machine.

Caution: Use ifconfig for viewing information only if you are on a modern system, or
consider using ip (Section 0.1.7). Avoid using the administrative options unless you’re in a
safe lab environment and can fix connectivity issues.

0.1.3 iwconfig and iwlist

Purpose: iwconfig and iwlist are specialized tools for managing and scanning wireless
(Wi-Fi) interfaces. They come with the wireless-tools package in many Linux distribu-
tions. Although many modern systems use graphical network managers or wpa_supplicant
behind the scenes, these tools allow you to manually inspect and configure wireless parameters.

Usage and Examples:

• iwconfig
Displays the wireless settings for each wireless interface (e.g., wlan0), such as ESSID,
frequency, mode, and encryption key. Viewing is safe and does not alter settings.

• iwconfig wlan0 essid "MyWiFi" key s:password

Associates wlan0 with a network named “MyWiFi” using a simple password. (Requires
administrative privileges and can disrupt connectivity if misconfigured.)

• iwlist wlan0 scan

Scans for nearby wireless networks on wlan0, displaying ESSIDs, signal strengths, and
encryption. This is safe as it only gathers information.

2
Remarks: When troubleshooting wireless issues, iwlist wlan0 scan is often a quick
way to confirm that your interface detects the network you want. However, changes to Wi-Fi
settings (iwconfig wlan0 essid ...) should only be done in a lab or with caution, as
incorrect parameters can prevent your connection from working properly.

0.1.4 route
Purpose: The route command displays or modifies the kernel’s routing table. The routing
table tells your system how to reach different networks (e.g., which gateway to use, which
interface to send packets on).

Usage and Examples:

• route -n
Safely displays the routing table in numeric form. Shows networks, gateways, and the
interfaces used for each route.

• sudo route add -net 10.10.10.0 netmask 255.255.255.0 gw 192.168.1.1

Adds a static route to reach 10.10.10.0/24 via gateway 192.168.1.1. Use only
if you understand the network topology. Mistakes can cause misrouted or unreachable
networks.

• sudo route del -net 10.10.10.0 netmask 255.255.255.0

Removes the static route. Removing needed routes can break connectivity to certain
subnets.

Alternative (Recommended): Use ip route show, ip route add, and ip route

del (Section 0.1.7) on modern systems. These commands typically offer more features and a
consistent syntax with other ip subcommands.

0.1.5 ping
Purpose: ping is one of the most commonly used networking tools to check whether a host
is reachable and to measure latency. It sends ICMP echo request packets and listens for echo
replies.

Common Options:

• -c <count>: Stop after sending a specified number of echo requests.

• -i <interval>: Set the delay between packets (in seconds).

• -s <packetsize>: Specify the payload size (in bytes).

• -W <timeout>: Wait up to timeout seconds for each reply.

• -4 or -6: Force IPv4 or IPv6, respectively.

3
Example (Safe):

ping -c 4 www.google.com

Sends four ICMP echo requests to www.google.com and reports round-trip time and packet
loss statistics. This is benign and commonly used for troubleshooting.

0.1.6 netstat
Purpose: netstat is a traditional utility for examining active connections (TCP, UDP,
UNIX sockets), interface statistics, and routing tables. It can reveal which ports your system is
listening on and to whom it is connected.

Common Options:

• -a: Show all connections (both listening and non-listening).

• -t: Filter for TCP connections only.

• -u: Filter for UDP connections only.

• -l: Show listening sockets.

• -p: Show the process ID (PID) and process name (requires root).

• -n: Show numerical addresses (skip DNS lookups).

• -r: Display the kernel’s routing table.

• -i: Display interface statistics.

Example (Safe):

netstat -ant

Shows all TCP connections in numeric form. Useful for detecting listening services and active
sessions.

Modern Alternative (Also Safe): ss (socket statistics) often replaces netstat on newer
Linux systems. For example, ss -ant provides a similar output.

0.1.7 ip
Purpose: ip (from iproute2) is a powerful and modern command for network configura-
tion and inspection, covering interfaces, addresses, routes, tunnels, and more.

4
Viewing Usage (Safe):

• ip addr show
Displays the IP addresses (IPv4 and IPv6) assigned to each interface.

• ip link show
Shows link-layer information, such as MAC addresses, interface states (UP/DOWN), and
MTUs.

• ip route show
Lists the kernel routing table, similar to route -n.

Administrative Tasks (Potentially Harmful):

• sudo ip addr add 192.168.1.10/24 dev eth0

Adds an IPv4 address to eth0. Mistakes can lead to IP conflicts or loss of connectivity.

• sudo ip route add 10.0.0.0/16 via 192.168.1.1

Adds a static route. An incorrect gateway or subnet can prevent traffic from reaching
desired networks.

• sudo ip link set eth0 down

Disables interface eth0. This will cut off traffic on eth0 until brought back up.

0.1.8 whois
Purpose: whois queries specialized databases for domain registration data, including do-
main owners, registrars, and contact details. It can also show information about IP address
blocks.

Usage and Examples (Safe):

• whois example.com
Returns domain registration info such as creation date, registrar details, expiration date,
etc.

• whois 8.8.8.8
Reveals that this IP address belongs to Google. Typically shows the ISP or organization
assigned to that block.

Notes: Privacy laws and domain registrars sometimes limit the information returned. Some
TLDs require you to use specific whois servers.

0.1.9 nslookup
Purpose: nslookup is a simple DNS lookup program. It can resolve a hostname to an IP
address or vice versa. Despite being considered deprecated in favor of dig, nslookup is still
widely installed and used.

5
Usage and Examples (Safe):

• nslookup www.example.com
Displays the IP addresses for www.example.com and the DNS server used for the
lookup.

• nslookup 93.184.216.34
Performs a reverse lookup on the IP, returning the domain name if available.

• nslookup (interactive mode)

Enter “server 8.8.8.8” to query Google’s DNS, or type domain names to resolve
them.

0.1.10 dig
Purpose: dig (Domain Information Groper) is a more advanced DNS query utility. It pro-
vides detailed output about DNS records, query times, and can trace the entire resolution path
from the root servers down.

Common Options (Safe):

• dig <hostname> <record_type>

Queries specific DNS record types such as A, AAAA, MX, TXT, etc.

• dig @<nameserver> <domain>

Uses a specific DNS server (e.g., 8.8.8.8) rather than your system’s default.

• +short
Produces minimal output, often just the IP addresses (helpful for scripts).

• +trace
Traces the DNS resolution starting from the root servers, illustrating each step of the
lookup.

Example (Safe):

dig example.com MX

Retrieves the mail exchange (MX) records for example.com.

0.1.11 arp
Purpose: arp manages the Address Resolution Protocol (ARP) cache, which maps IP ad-
dresses to MAC addresses for hosts on the same local network. Understanding ARP can be
vital when diagnosing LAN-related issues.

6
Usage and Examples:

• arp -a (Safe)
Prints a list of known IP-to-MAC address mappings on your system.

• arp -n (Safe)
Same as arp -a, but omits DNS lookups for IP addresses.

• sudo arp -d 192.168.1.15 (Risky)

Deletes the ARP entry for 192.168.1.15. Removing an entry can force a re-ARP,
which is usually harmless, but in misconfigured environments may cause confusion or
short-term connectivity issues.

• sudo arp -s 192.168.1.20 00:11:22:33:44:55 (Risky)

Adds a static ARP entry. Incorrect static entries can break communication if they conflict
with reality.

0.1.12 traceroute
Purpose: traceroute (on Linux) or tracert (on Windows) reveals the path packets
take to a destination by sending packets with progressively incremented TTL (Time To Live)
values.

Common Options (Safe):

• -n: Disable reverse DNS lookups, making the output purely numeric and often faster.

• -m <max_ttl>: Set a maximum hop count (default is typically 30).

• -q <queries>: Number of probes per hop (default 3).

• -I: Use ICMP echo request packets instead of default UDP.

• -T: Use TCP SYN packets, useful if ICMP/UDP are filtered.

Example (Safe):

traceroute www.google.com

Shows each router hop on the path to Google, reporting round-trip times.

0.2 Lab Experiments: Basic Commands

Below are hands-on experiments to practice the basic commands safely. Each experiment spec-
ifies the objective (what you will learn or confirm) and the expected outcome (what you might
see or discover). Unless instructed by your lab environment, avoid using sudo or changing
configurations.

1. Experiment: Viewing Interface Info and Wireless Scans

7
 • Objective: Familiarize yourself with basic interface configuration commands (ifconfig,
iwconfig, and iwlist). Learn how to distinguish wired vs. wireless interfaces
and gather information about available Wi-Fi networks.
• Instructions:
(a) Open a terminal and run:
ifconfig
iwconfig

Observe how ifconfig shows the IP, MAC address, and status of each inter-
face, whereas iwconfig is specifically for wireless settings like ESSID and
frequency.
(b) If you have a wireless interface (e.g., wlan0), run:
iwlist wlan0 scan

Look for SSIDs, signal strength (in dBm), and encryption types (WPA/WPA2,
etc.).
• Expected Outcome:
– You should see one or more interfaces, such as eth0 or enp0s3 (wired),
wlan0 (wireless), and lo (loopback).
– iwlist wlan0 scan should list any Wi-Fi networks in range, including
channel/frequency, signal power, and encryption details.
2. Experiment: Testing Connectivity and Routes

• Objective: Use ping to verify network connectivity and measure latency, and use
route -n or ip route show to understand your default gateway and local
routing.
• Instructions:
(a) Connectivity Check:
ping -c 4 8.8.8.8

This sends four echo requests to Google’s public DNS server. Observe whether
responses come back (indicating connectivity), and note the round-trip times
(latency).
(b) Routing Table:
route -n
-- or --
ip route show

Check which gateway (often 192.168.1.1 or similar) your system uses to

reach external networks. Look for a line beginning with default.
(c) (Optional) Traceroute:
traceroute 8.8.8.8

If allowed, see the network path to Google DNS.

8
 • Expected Outcome:
– ping results showing 0% packet loss (if all is well) and average latency
to 8.8.8.8.
– Routing table output indicating a default route pointing to your local router/gateway.
– traceroute displaying each intermediate hop from your machine to 8.8.8.8
(if not blocked by firewalls).

3. Experiment: DNS Queries and Domain Info

• Objective: Compare nslookup, dig, and whois to see how each tool can re-
trieve DNS or domain registration data.
• Instructions:
(a) nslookup www.example.com
Note the DNS server used and the IP addresses returned.
(b) dig www.example.com A
Check the ANSWER SECTION for the returned A record(s). Notice the query
time and additional sections.
(c) whois example.com
Observe domain registration details (registrar, creation date, expiration date,
etc.).
(d) Discuss or note how nslookup vs. dig differ in format. whois is not
strictly a DNS query but a registry query that reveals ownership information.
• Expected Outcome:
– You will see nslookup produce a shorter, more basic output, while dig pro-
vides more verbose details (question, answer, authority, and additional sec-
tions).
– whois will show domain registration info, which typically does not appear in
DNS lookups (e.g., domain owners and registrar).

4. Experiment: Monitoring Connections

• Objective: Investigate active connections and listening ports with netstat or ss.
Understand how to identify which services are running on which ports.
• Instructions:
(a) View TCP Sockets:
netstat -ant

or
ss -ant

Note any lines with LISTEN (services waiting for inbound connections) or
ESTABLISHED (active connections).
(b) View Routing Table Again:
netstat -rn

9
 Compare with ip route show or route -n from earlier.
(c) Optional:
sudo netstat -lptu

This shows listening sockets (-l) for both TCP and UDP (-t and -u), along
with the PID/program name (-p), but requires root privileges.
• Expected Outcome:
– A listing of ports (e.g., 0.0.0.0:22 for SSH) and states (LISTEN, ESTABLISHED).
– If your machine runs a web server on port 80 or 8080, you should see that in
the output.
– The route table output should match what you saw earlier with route -n or
ip route show.

5. Experiment: ARP Inspection

• Objective: Learn how the ARP cache tracks local LAN mappings of IP to MAC
addresses and observe how new entries appear after a ping.
• Instructions:
(a) Check your current ARP table:
arp -a

or
arp -n

(skipping hostname lookups).

(b) Ping a local host on the same subnet (e.g., 192.168.1.15):
ping -c 3 192.168.1.15

(Replace with an actual IP on your LAN.)

(c) Check the ARP table again:
arp -a

You should now see a new entry mapping 192.168.1.15 to a MAC address.
• Expected Outcome:
– The arp -a output should show a line for the IP you just pinged, listing a
MAC address in the format xx:xx:xx:xx:xx:xx.
– If the ARP entry didn’t exist before, it will appear now; this confirms ARP’s
role in resolving IP to MAC for local traffic.

These basic commands and experiments lay the foundation for deeper network troubleshooting
and configuration in UNIX/Linux environments. By understanding them, you can confidently
verify connectivity, gather system networking information without risking major network mis-
configuration, and build a solid knowledge base for more advanced tools.

10