Appearance
Networking
The way computers talk to one another.
Every computer on a network has it's own address. IP address -- Internet Protocol
There are ip address ranges that are designated for internal (private) networks.
192.168.1.x is a common one.
Documenting
What's a good layout for ip assignments? Example documentation
Just use /etc/hosts and keep it around in your configurations repo (e.g. ~/alpha/system/hosts)
Interface Configuration
You need to know a few details about your local network before you configure a static ip.
Network IP range (TODO: network class, CIDR notation) Available IP Gateway DNS
Often it's pretty straightforward to use a GUI.
If you want to configure an interface via a CLI, it's necessary to know where the OS stores the configuration settings. This varies from OS to OS.
Prerequisites (Pi)
On a Raspberry Pi, disable cloud config: To disable cloud-init's network configuration capabilities, write a file /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following:
network: {config: disabled}
NetworkManager
NetworkManager is the system... well... umm.. managing the network.
https://networkmanager.dev/docs/admins/ NetworkManager for administrators https://en.wikipedia.org/wiki/NetworkManager NetworkManager - Wikipedia https://www.networkmanager.dev/ NetworkManager https://www.networkmanager.dev/docs/ Documentation
It has a cli: nmcli that can be used to modify the network configuration.
This is what allows you to enable wifi on a machine with only a CLI.
https://networkmanager.dev/docs/api/latest/nmcli.html nmcli: NetworkManager Reference Manual
https://www.tecmint.com/nmcli-configure-network-connection/ How to Configure Network Connection Using 'nmcli' Tool https://www.makeuseof.com/configure-static-ip-address-settings-ubuntu-22-04/ How to Configure Static IP Address on Ubuntu 22.04 LTS https://www.makeuseof.com/connect-to-wifi-with-nmcli/ How to Connect to Wi-Fi Through the Linux Terminal With Nmcli
Interfaces
It is very convenient for seeing the status of the network. Dare I say better than ip address?
nmcli
An alternative way to find the interface in use:
ip address
Use the name that comes after the number, for example:
2: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
eno1 would be the adapter name.
Don't assume eth0 will just work.
Netplan
https://netplan.io/ Canonical Netplan
Netplan configuration files are located in /etc/netplan
When editing yaml files, it's easy to make syntax errors. To detect them, you'll want a linter:
sudo apt install yamllint
yamllint /etc/netplan/01-netplan.yaml
Create a new netplan configuration.
cd /etc/netplan
sudo vi 02-main-nic.yaml
add a section like:
network:
ethernets:
eno1:
dhcp4: false
addresses: [192.168.1.234/24]
routes:
- to: default
via: 192.168.1.1
nameservers:
addresses: [8.8.8.8, 4.2.2.2]
To apply the configuration and have changes take effect, run:
sudo netplan apply
https://netplan.io/examples/ Netplan | Backend-agnostic network configuration in YAML
Troubleshooting
Ping the gateway. If that doesn't work, the configuration is incorrect. Check your settings, your network addresses, etc (is it on a different subnet?)
ping 192.168.1.1
Related Tasks
Copy SSH keys to the new machine
GUI
https://www.google.com/search?q=ubuntu+gnome+3+change+IPs
ubuntu gnome 3 change IP - Google Search
https://www.lifewire.com/how-to-configure-networking-in-gnome-4682592
How to Configure Networking in GNOME
Security, Ports, Firewalls
Common Ports
By convention, common services utilize specific ports to publish and connect to the service. Some examples include:
SSH 22 DNS servers 53 tcp potential trojan (probably dns) ipps 631 Internet Printing Protocol over HTTPS
Firewall
Firewalls block external traffic from entering internal networks and hosts.
Ubuntu uses ufw. ufw is disabled by default. Enable this first on a new host machine! ๐
sudo ufw enable
Then allow the ports that you want to be accessible on your local network
sudo ufw allow 22
https://ubuntu.com/server/docs/security-firewall
iptables
See what netfilter rules have been applied with iptables tool
iptables -xvn -L
netstat
On a linux machine you can install netstat to see what ports are currently open:
sudo apt install net-tools
netstat -plan
netstat -pan | egrep " LISTEN "
netstat -tulnp
t โ Show TCP u โ Show UDP l โ Show only listening processes (netstat can show both listening and all established connections, i.e. as a client too) n โ Do not resolve network IP address names or port numbers p โ Show the process name that is listening on the port
Similar to netstat, but the focus is on processes:
`` ss -nutlp
lsof -i
via:
https://www.thegeekdiary.com/centos-rhel-how-to-find-if-a-network-port-is-open-or-not/
### nmap
To scan open ports from another (external) machine that's on the same network
nmap [ip of machine to scan]
## DNS
To resolve a name associated with an IP address, try nslookup:
nslookup 129.79.5.100
To go the other way and find the IP of a configured domain name, `dig` can help:
dig +short unix.stackexchange.com
Don't forget!
You can always add the host & ip to your `/etc/hosts` file and then it will resolve and you can test the service before the dns entries propagate! :)
## Traceroute
sudo apt install inetutils-traceroute
## Traffic Analysis
### Wireshark
To see what is happening on a network, use wireshark
https://www.wireshark.org/
Wireshark ยท Go Deep.
sudo apt install wireshark
https://jvns.ca/blog/2018/06/19/what-i-use-wireshark-for/
To see statistics on TCP connection duration:
'Statistics' -> 'Conversations'
### Other tools
https://www.reddit.com/r/networking/comments/78mtfj/looking_for_an_open_source_network_traffic/
Looking for an open source Network Traffic Analyzer : networking
https://github.com/robcowart/elastiflow
GitHub - robcowart/elastiflow: Network flow analytics (Netflow, sFlow and IPFIX) with the Elastic Stack
http://pmacct.net/
pmacct project: IP accounting iconoclasm
https://gitlab.com/thart/flowanalyzer
Manito Networks / flowanalyzer ยท GitLab
https://www.ntop.org/
ntop โ High Performance Network Monitoring Solutions based on Open Source and Commodity Hardware.