Hands-on network interface investigation, routing analysis, nmcli exploration, and connectivity testing on a live Linux system.
Lab Exercises
1
Interface Discovery with ip
BEGINNER
Use the modern ip command to discover all network interfaces, their addresses, and their link state.
1. List all interfaces and their link state
2. Show all IP addresses assigned to interfaces
3. Show detailed info for a specific interface
4. Identify which interface has a default route assigned
# Step 1: Link state — UP/DOWN, MAC addresses
ip link show
# Look for: lo (loopback), ethX/enpXsX (wired), wlpXsX (wireless)# Step 2: IP addresses — CIDR notation, scope
ip addr show
# Or shorthand:
ip a
# Step 3: Specific interface (replace enp0s3 with yours)
ip addr show enp0s3
ip link show enp0s3
# Step 4: Show routing table — find the default route interface
ip route show
# Look for: default via X.X.X.X dev INTERFACE_NAME
RECORD YOUR FINDINGS
Write down: your main interface name, your IP address and prefix, your gateway IP. You will need these in later exercises. On most virtual machines the interface is enp0s3 or ens3. On bare metal it may be eth0 or a longer predictable name.
2
Systematic Connectivity Testing
BEGINNER
Perform a layered connectivity test — from loopback to internet — to verify each part of the networking stack independently.
1. Test the TCP/IP stack with a loopback ping
2. Test local network connectivity to the gateway
3. Test internet reachability (skip DNS)
4. Test DNS resolution
# Step 1: Loopback — tests TCP/IP stack
ping -c 4 127.0.0.1
# Step 2: Gateway — tests local routing (use YOUR gateway IP)
ping -c 4 $(ip route | grep default | awk '{print $3}')
# The subshell extracts your gateway IP automatically# Step 3: Internet IP — bypasses DNS, tests routing
ping -c 4 8.8.8.8
# Step 4: DNS resolution
ping -c 2 google.com # uses DNS to resolve hostname
dig google.com A # detailed DNS query
cat /etc/resolv.conf # shows configured DNS servers
DIAGNOSIS KEY
If step 1 fails: TCP/IP stack issue. If step 2 fails: local addressing or routing issue. If step 3 fails but 2 works: upstream routing problem. If step 4 fails but 3 works: DNS configuration issue. Each failure pattern points to a different problem layer.
3
Exploring NetworkManager with nmcli
INTERMEDIATE
Use nmcli to explore NetworkManager's view of your connections, devices, and their configuration details.
1. List all NetworkManager connections (saved profiles)
2. Show detailed device status
3. Show full details of the active connection
4. Check NetworkManager service status
# Step 1: All saved connection profiles
nmcli connection show
# Active connections shown with active profile mark# Step 2: Device status (hardware devices)
nmcli device status
# Step 3: Full details of a connection (replace NAME with yours)
nmcli connection show "Wired connection 1"
# Shows: IP address, gateway, DNS, autoconnect, etc.# To show only IP settings:
nmcli -f IP4 connection show "Wired connection 1"
# Step 4: Is NetworkManager running?
systemctl status NetworkManager
nmcli general status
NMCLI OUTPUT
The nmcli connection show output includes hundreds of parameters. Look for ipv4.method (auto=DHCP, manual=static), IP4.ADDRESS (current IP), and IP4.GATEWAY (current gateway). These show the effective running configuration.
4
Viewing Open Ports and Listening Services
INTERMEDIATE
Use ss to examine which services are listening on network ports — essential for security auditing.
1. Show all TCP and UDP listening ports with process names
2. Show only established TCP connections
3. Find which process is listening on port 22 (SSH)
4. Count total open connections
# Step 1: All listening ports (TCP+UDP) with process IDs
ss -tulnp# t=TCP, u=UDP, l=listening, n=numeric, p=process# Step 2: Established connections only
ss -tnp state established
# Step 3: Find who owns port 22
ss -tlnp sport = :22
# Or: (run as root for process names on all users' ports)
sudo ss -tlnp sport = :22
# Step 4: Count connections
ss -s# summary statistics
ss -ta | wc -l # count all TCP sockets
5
Creating a Temporary Static IP with ip (Safe Experiment)
ADVANCED
Safely experiment with the ip command by adding a secondary IP address to the loopback interface — no risk of losing connectivity.
1. Add a test IP address to the loopback interface
2. Verify the address was added
3. Ping the new address
4. Remove the test address
# Step 1: Add secondary IP to loopback (safe — won't affect connectivity)
sudo ip addr add 10.99.99.1/32 dev lo
# /32 = single host address, added to loopback interface# Step 2: Verify it was added
ip addr show lo
# You should see 10.99.99.1/32 listed alongside 127.0.0.1/8# Step 3: Ping the new test address
ping -c 3 10.99.99.1
# Should respond — the IP exists on the loopback# Step 4: Remove the test address (clean up)
sudo ip addr del 10.99.99.1/32 dev lo
ip addr show lo # verify it's gone
WHY LOOPBACK
By using the loopback interface for this experiment, you cannot accidentally disconnect the system from the network. The loopback is always up and changes to it only affect local connectivity. This is the safe way to practice ip addr add/del commands without risk.