Linux management and hardening

Network settings in a linux environment

Easy
20 min

This module covers how to manage network settings in a Linux environment. The management of IP addresses using the ip command-line tool in Linux can vary slightly depending on the system and distribution.

IP Address Management

Check Attached Network Interfaces

ip link show

or you can also check the ip address like this

ip addr or ip a

This command shows all network interfaces, such as wireless and wired interfaces. For example, if a laptop has a Wi-Fi card and an Ethernet port, they would appear as these types of interfaces.

Determining the IP address

ip addr add new_ip/network_mask dev interface

Replace new_ip with the new static IP address, verkon_maski with the network mask, and rajapinta with the name of the interface.

Remove IP Address

sudo ip addr del old_ip/network_payment network dev interface

You can use this command to remove an IP address.

Remove / Enable Interface

This command shuts down (disables) a specific interface.

sudo ip link set dev eth0 down

This command starts (enables) a previously disabled interface.

sudo ip link set dev eth0 up

Define to use DHCP

sudo dhclient interface

This command initiates a DHCP request on the selected interface

However, these changes will only be effective until the system is restarted. If you want to make the changes permanent, you can edit network configuration files such as /etc/network/interfaces or use NetworkManager (nmcli or a graphical interface) to make long-term changes.

Routing table

Using the IP Route Command

The ip route command in Linux is used to display or modify the routing table. This command provides information on how the network is connected to different network adapters and routers.

The command can be used as follows:

ip route show

This displays the entire IP routing table.

Below is an explanation of the printed image:

  • default: This means the default route that is used when there is no information about any other defined routes. It is usually designated for all traffic that does not match any other specific route.
  • via 10.42.28.4: This indicates the address of the next hop or router that the route follows. All traffic that is not directly connected to this device (i.e., local network traffic) is directed through this address.
  • dev eth0: This specifies which network adapter (in this case eth0) the traffic is sent or received on. eth0 is a common name for Ethernet network adapters.
  • mtu 1400: This indicates the maximum packet size (Maximum Transmission Unit) for this route. MTU specifies the largest allowed size of a data packet that can be sent along this route without being fragmented into smaller parts. In this case, the maximum size is set to 1400 bytes.

In summary, this route means that all traffic that is not directly connected to this device (default) is routed through the network adapter eth0 to the router address 10.42.28.4, and the maximum size of data packets for this route is limited to 1400 bytes.

You can also use ip route add, ip route delete and other similar commands for adding, deleting or modifying routes.

ARP

ARP (Address Resolution Protocol) is a protocol that maps IP addresses to physical MAC addresses on a network. In a Linux environment, ARP can be managed in various ways, and here are some key tools and methods:

ARP command usage

You can inspect and manipulate the ARP table using the arp command. This command displays the current ARP table:

arp - n

You can also remove entries from the ARP table if necessary:

sudo arp -d <IP address>


ARP management using the ip command

With the 'ip' command, you can view ARP records and make changes.

ip neighbor show

You can delete records using the following command:

sudo ip neigh delete <IP address>


Using the arping tool

The arping tool allows you to send ARP queries to specific addresses and check if they are alive. Install arping if necessary through the package management system.

sudo arping -c 3 <IP address>

Exercise

Answer the questions below.

You are assigned to fix the following network that supposedly isn't working. Choose the command that solves this problem.

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host proto kernel_lo
valid_lft forever preferred_lft forever
2901: eth0@if2902: <BROADCAST,MULTICAST,DOWN,LOWER_UP> mtu 1450 qdisc noqueue state DOWN group default qlen 1000
link/ether 22:b0:b4:b1:65:52 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 10.42.28.181/32 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::20b0:b4ff:feb1:6552/64 scope link proto kernel_ll
valid_lft forever preferred_lft forever

Choose the right one

Which of the commands is correct when you want to set the IP address 10.0.0.2 and netmask 255.255.255.0 for interface eth0?

hakatemia pro

Ready to become an ethical hacker?
Start today.

As a member of Hakatemia you get unlimited access to Hakatemia modules, exercises and tools, and you get access to the Hakatemia Discord channel where you can ask for help from both instructors and other Hakatemia members.