Networking Introduction

Richard Newsham (rnewsham)


  • Often confused
  • Can be handled by same device


  • A switch can be a dumb box
  • Simply connects all ports together so they can communicate
  • Does not determine where traffic goes mearly passes information from one interface to another


  • Smarter than a switch
  • Directs information to the right location

How is data sent across a network

  • Packets
  • Data is encapsulated in packets with header information
  • Headers include information used for routing
  • Source, destination, checksum ...


Two way communication Fire and forget
Guaranteed delivery Can be lost
Large Small
Slow Fast
Data integrity required e.g. File copies Frequent actions e.g Heartbeat/monitoring

TCP Packet

Source Destination
Sequence number
Acknowledgment number
Data offset Reservered Flags
Window size
Checksum Urgent pointer

TCP Handshake


Source Destination
Length Checksum


  • 32 bit/4 byte
  • 232 = 4,294,967,296 addresses
  • Represented by 4, 1 byte octets


  • 128bit/16 byte
  • 2128 ~3.4 x 1038 addresses 340,282,366,920,938,463,463,374,607,431,768,211,456
  • Represented by 8 groups of 4 hexadecimal digits
  • Can be abbreviated by removing leading 0's and consecutive groups of 0's
  • 2001:0db8:0000:0000:0000:ff00:0042:8329
    -> 2001:db8::ff00:42:8329

MAC addresses

  • Media Access Control Address
  • Unique identifier for network interface
  • 248 281,474,976,710,656 addresses
  • 6, 2character hex octets fc:aa:14:7b:eb:5a
  • First 3 octets define organisation that issued it
    fc:aa:14 = Gigabyte
  • Last 3 are interface specific


  • Classless Inter-Domain Routing
  • Replaces old A/B/C classes which were too broad
  • Provides a flexible method of slicing up networks
/X Netmask Range Addresses Class
/32 1 D
/27 - 32
/24 - 256 C
/23 - 512
/16 - 65536 B
/8 - 16777216 A


Private ranges
  • - (10/8 prefix)
  • - (172.16/12 prefix)
  • - (192.168/16 prefix)


  • Numeric identifier in packet header to allow routing to specific listner
  • 16 bit number, range 0 - 65535
  • 0-1024 are well known ports reserved for common services
  • High ports allocated temporarily known as ephemeral
  • IANA says 49152+, Linux 32768+, Windows <7 1025-5000


  • Method for isolating traffic through the same interface
  • Packets tagged so each packet specific to a vlan
  • Putting an interface on a vlan isolates it from other traffic on same network
  • Useful for isolating a database or other servers which should not be on an open network


  • Address Resolution Protocol
  • Maps link layer to network layer
  • Typically MAC addresses to IP addresses


  • Network Address Translation
  • Allows multiple devices to share a single external IP address
  • Popular with ISPs for preserving IPv4 space
  • Modifies packet headers to allow routing
  • Port forwarding required to expose services externally
  • Causes problems with some communication protocols such as VPN


  • Used to transparently link two networks
  • Can be physical device connecting networks
  • More commanly seed as a software bridge
  • Used in virtualisation/docker hosts to create multiple virtual interfaces connected to the hosts network

Subnet structure, Netmask
  • - gateway
  • - usable addresses
  • - broadcast


Is an inverse representation of the IP addresses in the range inverted would be inverted would be


Can be any address in the range but is typically the first address.
This is the address through which any device in the subnet will communicate


The last address in the range
Used to send broadcast packets to the whole subnet
On receiving a broadcast the device reports back its MAC and IP for ARP

Why subnet

  • Reduce complexity in routing tables
  • Network isolation
  • Address re-use

Linux networking


$ cat /etc/resolv.conf 
# Generated by NetworkManager
  • Search defines domains to search in so doing a lookup for dev will check
  • nameserver fields define which nameservers to use to resolve DNS queries.


$ cat /etc/hosts localhost smoothie1.rjn
  • Contains mappings of ip address to hostname
  • Takes precedence over DNS
  • Assign memorable names to test machines
  • Overide DNS for a domain

ip addr

# ip addr
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default 
	link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
	inet scope host lo
		valid_lft forever preferred_lft forever
	inet6 ::1/128 scope host 
		valid_lft forever preferred_lft forever
2: ethA:  mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
	link/ether 08:00:27:33:c1:af brd ff:ff:ff:ff:ff:ff
	inet brd scope global ethA
		valid_lft forever preferred_lft forever
Gives interface, mac, ip/subnet, broadcast

ip route

# ip route dev eth1  proto kernel  scope link  src via dev eth0 dev eth0  proto kernel  scope link  src
default via dev eth1
Gives: subnet, device, via, source


Directory Name Service
Responsible for identifying addresses of machines by hostname
Either for human readability or more modern cases of container orchastration such as Kubernetes



A Records

@    IN A
*    IN A
dev  IN A
  • @ is the root domain
  • * is a wildcard for any subdomain
  • The most common record maps an address to a hostname.
  • AAAA records are the IPv6 equivalent

CNAME Records

home       IN CNAME
smooithe1  IN CNAME  home
  • Maps a hostname to another hostname
  • "." terminated means canonical name, without it maps back to subdomain on same domain.
  • Useful for pointing multiple subdomains at single A record so if IP changes only one record needs to be changed

MX Records

@  IN MX 10
@  IN MX 20
  • Defines the host for email delivery
  • Has numeric priority level to allow for backup mail servers

TXT Records

20170625._domainkey IN TXT  "k=rsa; p=MIGfMAeMA...urIuZxt6pAG/ZwIDAQAB"
@                   IN TXT  "v=spf1 ip4:  a -all"
_dmarc              IN TXT  "v=DMARC1;p=quarantine;pct=100;;"
_acme-challenge     IN TXT  "wJmKXbuLlKiyOkMuY2qeaE6RDw_5orlYwDZsDpkb42I"
  • Allows storing of text on a subdomain
  • Used for email identification e.g SPF, DKIM, DMARC
  • SSL providers often require a key to be added to verify domain ownership

SOA Records IN SOA (
	2018080151  ; Serial
	10800       ; Refresh
	3600        ; Retry
	604800      ; Expire
	3600 )      ; TTL
  • Serial numeric id, has to be incremented for each zone update
  • Refresh,Retry,Expire are for master/slave nameserver zone replication
  • TTL defines how long caching nameservers should cache records for


  • Two main configurations caching and authorative
  • Work as a chain answering and issuing dns queries
  • Bind used to be most popular, many others e.g Dnsmasq


  • Resolving dns works in stages breaking a domain into sections www. | foo. | com | .
  • Each section is queried to get NS for next level
Address Server asked Answer
. Hard coded root nameservers
com. root nameservers gtld nameservers gtld nameservers domains nameservers domains nameservers A



# ping
PING ( 56(84) bytes of data.
64 bytes from ( icmp_seq=1 ttl=53 time=16.3 ms
64 bytes from ( icmp_seq=2 ttl=53 time=16.6 ms
--- ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 16.368/16.514/16.660/0.146 ms
Good packet loss test
1000 packets, quietly (don't show each packet details), 0.01 seconds apart
ping -c 1000 -q -i 0.01
PING ( 56(84) bytes of data.	
--- ping statistics ---
1000 packets transmitted, 1000 received, 0% packet loss, time 12030ms
rtt min/avg/max/mdev = 12.669/13.332/27.358/1.114 ms pipe 2


$ traceroute -q 1
traceroute to (, 30 hops max, 60 byte packets
1  _gateway (  0.700 ms
2  *
3 (  10.126 ms
4 (  11.828 ms
5 (  12.276 ms
6 (  12.490 ms
7 (  13.211 ms
8  *
9 (  11.753 ms
10 (  13.488 ms
11 (  12.649 ms


$ telnet 80
Connected to
Escape character is '^]'.

HTTP/1.1 200 OK
Date: Fri, 07 Sep 2018 11:55:23 GMT
Server: Apache/2.4.27 (Red Hat) mod_fcgid/2.3.9 OpenSSL/1.0.1e-fips
X-Clacks-Overhead: GNU Terry Pratchett
Content-Type: text/html; charset=ISO-8859-1

Connection closed by foreign host.


$ host has address mail is handled by 10
$ host -t ns name server name server
$ host -t a -d
Trying ""
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24242
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;               IN      A

;; ANSWER SECTION:        3569    IN      A


dig A
;               IN      A
;; ANSWER SECTION:        3600    IN      A
;; AUTHORITY SECTION:            3600    IN      NS            3600    IN      NS
;; ADDITIONAL SECTION:      1800    IN      A      1800    IN      A


Suppress name and serivice name lookups -nn, Output packet data content as ASCII -A, Interface -i eth0, Port 80,
# tcpdump -nn -A -i eth0 port 80
All trafic except for port 22 and not from
# tcpdump -nn -i eth0 port not 22 and host not

Useful stuff