01
Interface Tools
ip vs ifconfig — The Right Tool in 2026
ifconfig is part of the legacy net-tools package and is no longer installed by default on Ubuntu 24.04. The modern replacement is the ip command from the iproute2 package, which is more powerful, more consistent, and actively maintained.
Install both (for reference)
BASH
# ip is already installed — part of iproute2 which ip # ifconfig requires net-tools (not recommended for new setups) sudo apt install net-tools -y
Side-by-side comparison
| Task | Old: ifconfig | Modern: ip |
|---|---|---|
| Show all interfaces | ifconfig -a | ip addr |
| Show one interface | ifconfig eth0 | ip addr show eth0 |
| Bring interface up | ifconfig eth0 up | ip link set eth0 up |
| Bring interface down | ifconfig eth0 down | ip link set eth0 down |
| Assign IP address | ifconfig eth0 192.168.1.10 | ip addr add 192.168.1.10/24 dev eth0 |
| Show routing table | route -n | ip route |
| Show ARP table | arp -n | ip neigh |
ℹ️
Use ip — not ifconfig
On Ubuntu 24.04 systems, ifconfig is not installed and will not be present on fresh servers. Scripts and documentation that use ifconfig should be updated to use ip. The only reason to install net-tools is compatibility with legacy scripts you cannot modify.
02
ip Command Suite
ip addr, ip link & ip route
The ip command has three primary subcommands you'll use constantly: addr for IP addresses, link for interface state, and route for routing table management.
ip addr — IP address management
BASH
# Show all interfaces and their IP addresses ip addr ip addr show # Show a specific interface ip addr show eth0 ip addr show enp3s0 # Show only IPv4 addresses ip -4 addr # Show only IPv6 addresses ip -6 addr # Add an IP address to an interface (temporary — lost on reboot) sudo ip addr add 192.168.1.50/24 dev eth0 # Remove an IP address sudo ip addr del 192.168.1.50/24 dev eth0
ip link — interface state and properties
BASH
# Show all interfaces with link-layer info (MAC, MTU, state) ip link show ip link # Show a specific interface ip link show eth0 # Bring an interface up or down sudo ip link set eth0 up sudo ip link set eth0 down # Change MTU (useful for jumbo frames on 10GbE) sudo ip link set eth0 mtu 9000 # Show interface statistics (bytes/packets TX and RX) ip -s link show eth0
ip route — routing table
BASH
# Show the routing table ip route ip route show # Show which interface and gateway would be used to reach a host ip route get 8.8.8.8 ip route get 192.168.1.1 # Add a static route (temporary) sudo ip route add 10.0.0.0/8 via 192.168.1.1 # Delete a route sudo ip route del 10.0.0.0/8 # Show the default gateway ip route | grep default
ℹ️
Temporary vs persistent changes
Changes made with ip addr, ip link, and ip route are temporary — they are lost after a reboot. For persistent network configuration on Ubuntu 24.04, use Netplan (/etc/netplan/*.yaml) and apply with sudo netplan apply.
ip neigh — ARP / neighbour table
BASH
# Show ARP table (IP → MAC mappings on local network) ip neigh ip neigh show # Flush ARP cache for an interface sudo ip neigh flush dev eth0
03
DNS Resolution
DNS Resolution & dig
DNS translates hostnames to IP addresses. dig is the sysadmin's primary tool for querying DNS — it gives full, unambiguous output showing exactly what a nameserver returned, from which server, and how long it took. nslookup and host are simpler alternatives.
Install dig
BASH
# dig is in the dnsutils / bind9-dnsutils package
sudo apt install dnsutils -y
Basic dig usage
BASH
# Look up A record (IPv4 address) for a domain dig anfamily.cloud # Short answer only — just the IP dig anfamily.cloud +short # Look up specific record types dig anfamily.cloud A # IPv4 dig anfamily.cloud AAAA # IPv6 dig anfamily.cloud MX # Mail servers dig anfamily.cloud NS # Nameservers dig anfamily.cloud TXT # SPF, DKIM, verification records dig anfamily.cloud CNAME # Alias records dig anfamily.cloud SOA # Start of Authority # Reverse lookup — IP to hostname dig -x 8.8.8.8 +short
Query a specific DNS server
BASH
# Query Cloudflare's public resolver directly dig @1.1.1.1 anfamily.cloud # Query Google's public resolver dig @8.8.8.8 anfamily.cloud # Query your own server's resolver dig @localhost anfamily.cloud # Useful for diagnosing propagation — compare results from different resolvers dig @1.1.1.1 anfamily.cloud +short dig @8.8.8.8 anfamily.cloud +short
Trace the full DNS resolution path
BASH
# Trace from root nameservers down — shows every delegation step
dig anfamily.cloud +trace
Check DNS propagation timing
BASH
# Check TTL — how long the record is cached dig anfamily.cloud | grep "ANSWER SECTION" -A 3 # The number before the record type is the TTL in seconds # Example: anfamily.cloud. 300 IN A 104.21.45.78 # This record expires from cache in 300 seconds (5 minutes)
Simpler alternatives to dig
BASH
# host — simple, clean output host anfamily.cloud host -t MX anfamily.cloud # nslookup — interactive or one-shot nslookup anfamily.cloud nslookup anfamily.cloud 1.1.1.1 # resolvectl — check systemd-resolved status and cache resolvectl status resolvectl query anfamily.cloud
View current DNS resolver configuration
BASH
# On Ubuntu 24.04 with systemd-resolved cat /etc/resolv.conf resolvectl status | grep "DNS Servers" # Show which DNS server is actually being used systemd-resolve --status | grep "DNS Servers" -A 3
04
Connection Inspection
ss & netstat — Inspecting Connections
ss (socket statistics) is the modern replacement for netstat. It shows listening ports, established connections, and the processes behind them. Essential for verifying what's actually open on your server and diagnosing connection issues.
Most-used ss commands
BASH
# Show all listening TCP and UDP ports with process names sudo ss -tlnp # TCP listening, numeric, with process sudo ss -ulnp # UDP listening, numeric, with process sudo ss -tlunp # Both TCP and UDP listening # Show all established TCP connections ss -tn state established # Show everything — all states, all protocols sudo ss -anp # Filter by port number sudo ss -tlnp | grep :80 sudo ss -tlnp | grep :443 sudo ss -tlnp | grep :3306 # MySQL — should only show 127.0.0.1 # Show connection summary stats ss -s # Count established connections ss -nt state established | wc -l # Show connections by remote IP (useful for detecting floods) ss -nt | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -rn | head -10
ss flag reference
| Flag | Meaning |
|---|---|
-t | TCP sockets only |
-u | UDP sockets only |
-l | Listening sockets only |
-n | Numeric output — don't resolve hostnames or port names |
-p | Show process name and PID (requires root for full output) |
-a | All sockets (listening + established) |
-s | Summary statistics |
-r | Resolve hostnames (opposite of -n) |
netstat equivalent commands (legacy)
BASH
# netstat requires net-tools — install if needed sudo apt install net-tools -y # Show listening ports (equivalent to ss -tlnp) sudo netstat -tlnp # Show all connections sudo netstat -anp # Show routing table netstat -rn
✅
Use ss, not netstat
ss is faster, more detailed, and actively maintained. netstat reads from the /proc filesystem in a slow loop; ss uses kernel netlink sockets directly. On servers with many connections, the difference is significant.
05
Port Reference
Firewall Ports for Common Services
When configuring UFW or iptables, you need to know which ports your services use. This is the reference for every service commonly run on a LAMP/LEMP server or home lab.
Web & application services
| Port | Protocol | Service | Notes |
|---|---|---|---|
80 | TCP | HTTP | Unencrypted web traffic — redirect to 443 in production |
443 | TCP | HTTPS | Encrypted web traffic — primary port for production sites |
8080 | TCP | HTTP alt | Common alternate HTTP port for dev/proxy |
8443 | TCP | HTTPS alt | Alternate HTTPS port |
Remote access & file transfer
| Port | Protocol | Service | Notes |
|---|---|---|---|
22 | TCP | SSH / SFTP | Change to non-standard port to reduce brute force noise |
21 | TCP | FTP control | Unencrypted — avoid, use SFTP instead |
20 | TCP | FTP data | Active mode data transfer |
990 | TCP | FTPS | FTP over TLS — implicit mode |
3389 | TCP | RDP | Windows Remote Desktop — never expose to internet |
5900 | TCP | VNC | Remote desktop — tunnel through SSH if needed |
Database services
| Port | Protocol | Service | Notes |
|---|---|---|---|
3306 | TCP | MySQL / MariaDB | Bind to 127.0.0.1 only — never expose to internet |
5432 | TCP | PostgreSQL | Bind to localhost — same rule as MySQL |
6379 | TCP | Redis | No auth by default — must bind to localhost |
27017 | TCP | MongoDB | Bind to localhost — never expose publicly |
Email services
| Port | Protocol | Service | Notes |
|---|---|---|---|
25 | TCP | SMTP | Server-to-server mail — often blocked by ISPs on residential |
587 | TCP | SMTP submission | Authenticated client → server mail (STARTTLS) |
465 | TCP | SMTPS | SMTP over TLS (implicit) |
143 | TCP | IMAP | Mail retrieval — unencrypted |
993 | TCP | IMAPS | IMAP over TLS |
110 | TCP | POP3 | Legacy mail retrieval |
995 | TCP | POP3S | POP3 over TLS |
Network infrastructure
| Port | Protocol | Service | Notes |
|---|---|---|---|
53 | TCP/UDP | DNS | DNS queries — open if running a resolver |
67/68 | UDP | DHCP | Server/client — needed if running a DHCP server |
123 | UDP | NTP | Time synchronization |
161/162 | UDP | SNMP | Network monitoring — restrict to management network |
445 | TCP | SMB / Samba | File sharing — restrict to LAN only |
137–139 | TCP/UDP | NetBIOS | Legacy Windows networking — LAN only |
UFW rules for the above
BASH · UFW Examples
# Web server sudo ufw allow 80/tcp sudo ufw allow 443/tcp # SSH on non-standard port (rate-limited) sudo ufw limit 2222/tcp # Allow MySQL only from a specific IP (e.g. another server) sudo ufw allow from 192.168.1.50 to any port 3306 # Allow Samba from LAN only sudo ufw allow from 192.168.1.0/24 to any port 445 # Deny a specific port explicitly (optional — default deny handles it) sudo ufw deny 3306
06
Hostname Management
Hostname & /etc/hosts Management
The hostname identifies your server on the network. The /etc/hosts file provides static local DNS overrides — useful for home lab routing, forcing a domain to a local IP for testing, or speeding up lookups for frequently accessed hosts.
View and set hostname
BASH
# Show the current hostname hostname hostnamectl # Show just the FQDN (fully qualified domain name) hostname -f # Show static, transient, and pretty hostnames hostnamectl status # Set a new hostname (persists across reboots) sudo hostnamectl set-hostname myserver # Verify hostnamectl status
ℹ️
Update /etc/hosts after changing hostname
After changing the hostname, update /etc/hosts to map the new hostname to 127.0.1.1. Some software (like sudo and certain mail tools) resolves the hostname and will produce warnings or errors if it can't be found locally.
/etc/hosts — structure and syntax
The /etc/hosts file is read before DNS for name resolution. Entries here always win over DNS for the matching hostname.
/etc/hosts — format
# Format: IP_ADDRESS hostname [alias ...] # Lines starting with # are comments 127.0.0.1 localhost 127.0.1.1 myserver myserver.local # IPv6 localhost ::1 localhost ip6-localhost ip6-loopback # Custom entries — local lab machines 192.168.1.10 nas.local nas 192.168.1.20 pi.local pi 192.168.1.30 switch.local
Common /etc/hosts use cases
BASH · Editing /etc/hosts
# Edit the hosts file sudo nano /etc/hosts # Test a domain locally before DNS propagates # Point domain to your server's LAN IP during development: # 192.168.1.100 mysite.com www.mysite.com # Block a domain by pointing it to localhost # 127.0.0.1 ads.example.com # Verify the hosts file is being read correctly getent hosts myserver getent hosts 192.168.1.10 # Flush DNS cache after hosts file changes (systemd-resolved) sudo systemctl restart systemd-resolved sudo resolvectl flush-caches
Viewing all name resolution sources
BASH
# NSS (Name Service Switch) controls resolution order cat /etc/nsswitch.conf | grep hosts # hosts: files mdns4_minimal [NOTFOUND=return] dns # "files" = /etc/hosts first, then DNS # Change order here if needed (rarely necessary)
07
Real-World Patterns
Real-World Networking Patterns
These are the patterns you'll use repeatedly when working on live servers and home lab infrastructure.
Verify a service is listening on the right interface
BASH
# MySQL should ONLY show 127.0.0.1:3306 — not 0.0.0.0:3306 sudo ss -tlnp | grep 3306 # Nginx should show 0.0.0.0:80 and 0.0.0.0:443 sudo ss -tlnp | grep nginx # SSH should show on your chosen port sudo ss -tlnp | grep ssh
Diagnose a DNS resolution failure
BASH
# Step 1: Can we reach the DNS server at all? ping -c 3 1.1.1.1 # Step 2: Does DNS resolution work with a specific server? dig @1.1.1.1 google.com +short # Step 3: Does the system resolver work? dig google.com +short # Step 4: Check /etc/resolv.conf cat /etc/resolv.conf # Step 5: Check systemd-resolved status systemctl status systemd-resolved resolvectl status
Find what process is using a port
BASH
# Who is listening on port 80? sudo ss -tlnp | grep :80 # Alternative using lsof sudo lsof -i :80 sudo lsof -i :443 # Find by PID sudo lsof -p 1234
Test connectivity to a remote port
BASH
# Test TCP connectivity to a host:port (no install needed) nc -vz anfamily.cloud 443 nc -vz anfamily.cloud 22 # Test with a timeout nc -vz -w 3 anfamily.cloud 80 # Test using /dev/tcp (pure bash, no tools needed) timeout 3 bash -c '</dev/tcp/anfamily.cloud/443' && echo "open" || echo "closed"
Show all network interfaces and their status at a glance
BASH
# Compact summary of all interfaces ip -brief addr ip -brief link # Example output: lo UNKNOWN 127.0.0.1/8 eth0 UP 192.168.1.100/24 enp3s0 UP 10.0.0.5/24