Decode your system's IPv4 configuration, practice subnet calculations, examine routing tables, and perform path analysis using Linux CLI tools.
Lab Exercises
1
Decode Your IP Address
BEGINNER
Extract your system's IP addressing information and manually work through the subnet math to verify the network and broadcast addresses.
1. Find your IP address and CIDR prefix
2. Identify the address class based on the first octet
3. Calculate the subnet mask from the CIDR prefix
4. Determine the number of usable host addresses
# Step 1: Get your IP address and prefix length
ip addr show | grep "inet " | grep -v "127.0.0"
# Example output: inet 192.168.1.100/24 brd 192.168.1.255# Your IP: 192.168.1.100 Prefix: /24 Broadcast: 192.168.1.255# Step 2: Manual math example for 192.168.1.100/24# First octet = 192 → Range 192-223 → Class C# Default Class C mask: 255.255.255.0 (/24)# Step 3: /24 = 24 bits of 1s = 11111111.11111111.11111111.00000000# Decimal: 255.255.255.0# Step 4: Host bits = 32 - 24 = 8 bits# Usable hosts = 2^8 - 2 = 256 - 2 = 254
python3 -c "print(2**8 - 2)" # = 254 for /24
python3 -c "print(2**6 - 2)" # = 62 for /26
Subnet Reference Table
/24 hosts254
/25 hosts126
/26 hosts62
/27 hosts30
/28 hosts14
/29 hosts6
/30 hosts2
/16 hosts65,534
2
Routing Table Analysis
BEGINNER
Examine your system's routing table and understand each entry — especially the default route and locally connected networks.
1. Display the full routing table
2. Identify the default gateway entry
3. Find which route would be used to reach a remote IP
4. Compare the routing table before and after adding a test route
# Step 1: Show the routing table
ip route show
# Key entries:# default via X.X.X.X dev IFACE ← default route (gateway)# X.X.X.0/24 dev IFACE proto kernel scope link ← directly connected network# Step 2: Identify gateway
ip route | grep default
# Extract just the gateway IP:
ip route | grep default | awk '{print $3}'
# Step 3: Which route would be used for a specific destination?
ip route get 8.8.8.8
ip route get 192.168.1.50 # a local address — should use direct route# Step 4: Add and verify a test route (uses safe loopback)
sudo ip route add 10.20.30.0/24 via $(ip route | grep default | awk '{print $3}')
ip route show | grep 10.20.30 # verify it's there# Remove the test route:
sudo ip route del 10.20.30.0/24
3
Path Tracing and Hop Analysis
INTERMEDIATE
Use traceroute to visualize the path packets take through the network and understand routing at each hop.
1. Trace the route to Google's DNS server
2. Identify how many hops to reach the internet
3. Look for ICMP-filtered hops (timeouts)
4. Understand what a * * * response means
# Step 1: Trace route (install if missing: sudo apt install traceroute)
traceroute 8.8.8.8
# Shows each hop: router IP, hostname, round-trip time# Alternative: tracepath (usually pre-installed)
tracepath 8.8.8.8
# Step 2: Count hops
traceroute 8.8.8.8 | wc -l
# Step 3: ICMP-filtered hops appear as: N * * *# This means the router dropped ICMP TTL-exceeded messages# but is still FORWARDING traffic — it is NOT a break# Step 4: Look at a public traceroute for comparison
traceroute -n 1.1.1.1 # Cloudflare DNS, -n = no DNS reverse lookup
INTERPRETING TIMEOUTS
Seeing * * * at a hop does NOT mean the network is broken. It means that specific router is configured to silently drop ICMP packets (common on enterprise routers). If downstream hops respond, routing is working correctly. The path is broken only when all remaining hops also show * * *.
4
DNS Investigation
INTERMEDIATE
Explore DNS resolution — the process that translates domain names to IP addresses — using dig and the /etc/resolv.conf file.
1. Check which DNS servers are configured
2. Perform a detailed DNS lookup with dig
3. Query a specific DNS record type
4. Check hosts file for local overrides
# Step 1: Configured DNS servers
cat /etc/resolv.conf
# nameserver X.X.X.X lines show your DNS servers# On systemd-resolved systems:
resolvectl status | grep "DNS Servers"
# Step 2: Detailed DNS lookup with dig
dig google.com
# Look at: ANSWER SECTION (the IP address), QUERY TIME# Step 3: Query specific record types
dig google.com A # IPv4 address records
dig google.com MX # Mail exchange records
dig google.com NS # Nameserver records
dig google.com +short # just the IP, no headers# Step 4: Local hosts file overrides
cat /etc/hosts
# Format: IP_ADDRESS hostname [alias]# Entries here override DNS for the listed names