ALA-R4: Grid Basics | Advanced Linux Administration

Operational Briefing

Inspect network interfaces and confirm operational status with ip commands
Test layer-3 connectivity and trace path to a destination
Query and troubleshoot DNS resolution using host, nslookup, and dig
Connect, forward ports, and generate keypairs with SSH
Enumerate listening ports and map them to owning processes with ss

Mission Context:

"Before connecting a cell to the grid, you must know what interfaces it has, which are operational, and where the grid's naming layer will route its traffic. This module is the pre-flight check. Week 3 builds the infrastructure behind what you are reviewing here."

Network Interface Inspection

The ip command is the modern replacement for the deprecated ifconfig and route tools. Know it. ifconfig is not installed by default on Ubuntu 22.04.

# List all interfaces with IP addresses ip addr show # Show link-layer state (UP/DOWN, MAC, MTU) ip link show # Show interface statistics (packets, errors, drops) ip -s link show eth0 # Check IPv6 addresses from the kernel directly cat /proc/net/if_inet6

Ubuntu 22.04 uses predictable interface naming: ens33, enp3s0, eno1. The legacy eth0 name may still appear in VMs or containers. Look for state UP and an assigned IP to confirm operational status. The loopback interface lo should always show 127.0.0.1.

Operational Context:

Before connecting a cell to the grid, you must know what interfaces it has and which are operational. This is the pre-flight check.

Basic Connectivity Testing

ICMP-based tools confirm whether a cell can reach another node. They are the fastest first-pass check, but their absence (blocked by firewall) does not prove a host is down.

# Send 4 ICMP echo requests to the sector gateway ping -c 4 10.0.1.1 # Test IPv6 loopback reachability ping6 ::1 # Trace the route to a destination (shows each hop) traceroute 8.8.8.8 # Tracepath does not require root and measures MTU per hop tracepath 10.0.2.1

* * * in traceroute output means that hop dropped (or did not respond to) the ICMP probes. It does not necessarily mean the path is broken; the intermediate router may simply not respond to ICMP TTL-expired messages. Reachability of the final destination is the definitive test.

Operational Context:

A cell that cannot reach its sector gateway has an isolation problem. Know where the break is before escalating.

DNS Resolution Basics

DNS is the naming layer of the grid. Without it, cells cannot find each other by name. Understanding the resolution order and the tools to test each layer is essential before Week 3 builds the actual DNS infrastructure.

# Show the configured resolver(s) cat /etc/resolv.conf # Simple hostname lookup (uses the system resolver stack) host grid-command.matrix.net # Interactive or single-shot lookup against a specific server nslookup cell-071 # Authoritative query with full response detail dig A cell-071.sector7.matrix.net

The resolution order is defined in /etc/nsswitch.conf under the hosts: line. On Ubuntu 22.04 the default is files dns: check /etc/hosts first, then query DNS. To add a manual override for a grid node, add a line to /etc/hosts in the format IP hostname alias. These entries take priority over DNS and are immune to DNS poisoning.

Operational Context:

DNS is the naming layer of the grid. Without it, cells cannot find each other by name. Week 3 builds the infrastructure behind this refresher.

SSH: The Secure Link

Every remote operation on the grid goes through SSH. This refresher covers the commands and files that Week 2 will harden in depth.

# Connect to a remote cell ssh operator@10.0.1.5 # Connect using a specific identity file ssh -i ~/.ssh/cell_key operator@10.0.1.5 # Local port forwarding: tunnel local 8080 to remote localhost:80 ssh -L 8080:localhost:80 operator@10.0.1.5 # Generate a modern keypair (Ed25519 is preferred over RSA-2048) ssh-keygen -t ed25519 -C "operator-cell071"

~/.ssh/config lets you define host aliases so you can type ssh cell071 instead of the full command with flags. The authorized_keys file in ~/.ssh/ on the remote host lists the public keys allowed to authenticate without a password. Its permissions must be 600 or SSH will refuse to use it.

Operational Context:

Every remote operation on the grid goes through SSH. Weak SSH configuration means the cell's secure link is not actually secure. Week 2 hardens this.

Ports and Services

Knowing which ports are open on your cell is the first step of every hardening engagement. ss is the modern replacement for netstat and reads directly from the kernel socket table.

# List all TCP/UDP listening sockets (no process names) ss -tuln # Same, but include the process name and PID (requires root) sudo ss -tulnp # Look up a well-known port number grep ssh /etc/services

Port	Protocol	Service
22	TCP	SSH (secure shell)
53	TCP/UDP	DNS
80	TCP	HTTP
443	TCP	HTTPS
3306	TCP	MySQL
8443	TCP	Grid API (cell services)

Operational Context:

Knowing which ports are open on your cell is part of the pre-hardening inventory. You cannot protect what you do not know is listening.

Self-Check

What command shows all network interfaces and their IP addresses on Ubuntu 22.04? Why is ifconfig not the answer?
You run traceroute to a host and see * * * at hop 3 but a valid response at hop 4. What does that mean?
What file controls DNS resolution order on Ubuntu 22.04? How do you make a hostname resolve to a specific IP without changing DNS?
Run ss -tulnp on a Linux system. For each listening service, write one sentence about what it does and whether it should be exposed.

If you are comfortable with all of these, proceed to ALA-R5: Signal Processing.