Thanks for all your error reports, I didn't forget it. I'll cleanup my guide soon. Thanks again!

Exercise 24. Networking: interface configuration, ifconfig, netstat, iproute2, ss, route

This exercise is a big one in terms of info dumped on you, and if you are not familiar with networking this is gonna hurt. If you feel absolutely lost, skip to the Do This part right away and be done with it. To understand this part properly you should be at least superfluously familiar with the following basic concepts of networking:

  1. Communications protocol — a communications protocol which is a system of digital message formats and rules for exchanging those messages in or between computing systems and in telecommunications.
  2. Ethernet — family of computer networking technologies for local area networks (LANs).
  3. MAC address — an unique identifier assigned to network interfaces for communications on the physical network segment. Example: 08:00:27:d4:45:68.
  4. TCP/IP — the Internet protocol suite is the set of communications protocols used for the Internet and similar networks, and generally the most popular protocol stack for wide area networks. It is commonly known as TCP/IP, because of its most important protocols: Transmission Control Protocol (TCP) and Internet Protocol (IP)
  5. IP — the Internet Protocol (IP) is the principal communications protocol used for relaying datagrams (also known as network packets) across an internetwork using the Internet Protocol Suite.
  6. IP address — an Internet Protocol address. Example: 10.0.2.15
  7. Port — application-specific or process-specific software construct serving as a communications endpoint in a computer's host operating system. Example: 22
  8. Network socket — an endpoint of an inter-process communication flow across a computer network. Today, most communication between computers is based on the Internet Protocol; therefore most network sockets are Internet sockets.
  9. Local socket address — local IP address and port number, example: 10.0.2.15:22.
  10. Remote socket address — remote IP address and port number, only for established TCP sockets. Example: 10.0.2.2:52173.
  11. Socket pair — communicating local and remote sockets, only TCP protocol. Example: (10.0.2.15:22, 10.0.2.2:52173).
  12. Subnet mask — logically visible subdivision of an IP network. Example: /24 or, in another notation, 255.255.255.0.
  13. Routing — the process of selecting paths in a network along which to send network traffic.
  14. Default gateway — in computer networking, a gateway is a node (a router) on a TCP/IP network that serves as an access point to another network. A default gateway is the node on the computer network that the network software uses when an IP address does not match any other routes in the routing table. Example: 10.0.2.2.
  15. Broadcast address — logical address at which all devices connected to a multiple-access communications network are enabled to receive datagrams. A message sent to a broadcast address is typically received by all network-attached hosts, rather than by a specific host. Example: 10.0.2.255.
  16. ICMP — Internet Control Message Protocol, example usage: ping 10.0.2.2.
  17. TCP — Transmission Control Protocol. Establishes connection before data can be exchanged, therefore reliable by design. Example users: SSH, HTTP.
  18. UDP — User Datagram Protocol. Transfers data without establishing connection, therefore unreliable by design. Example users: DNS.

If some of this concepts are not familiar to you, no worries.

  1. Read corresponding Wikipedia articles until you achieve at least superfluous understanding (but good old hardcore grinding is of course better).
  2. Watch this videos from http://www.visualland.net.cn/:
    1. Expand IP Address tree node in the left of the site and work you way through it.
    2. Expand TCP tree node and do the same.
  3. Read Linux networking concepts introduction. This guide is good because it even acknowledges that The Internet is for porn.

Let us continue. This is list of Linux network-related commands:

  1. ifconfig — configure and view status of network interface.
  2. netstat — print network connections, routing tables, interface statistics, masquerade connections, and multicast memberships.
  3. ip — show / manipulate routing, devices, policy routing and tunnels.
  4. ss — another utility to investigate sockets.

Now let us examine what information each command can show us. We will start with ifconfig. 

user1@vm1:~$ sudo ifconfig
 
eth0      Link encap:Ethernet  HWaddr 08:00:27:d4:45:68               # (1), (2), (3)
          inet addr:10.0.2.15  Bcast:10.0.2.255  Mask:255.255.255.0   # (4), (5), (6), (7)
          inet6 addr: fe80::a00:27ff:fed4:4568/64 Scope:Link          # (8), (9), (10)
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1          # (11), (12), (13), (14), (15), (16)
          RX packets:35033 errors:0 dropped:0 overruns:0 frame:0      # (17), (18), (19), (20), (21), (22)
          TX packets:28590 errors:0 dropped:0 overruns:0 carrier:0    # (23), (24), (25), (26), (27), (28)
          collisions:0 txqueuelen:1000                                # (29), (30)
          RX bytes:6360747 (6.0 MiB)  TX bytes:21721365 (20.7 MiB)   # (31), (32)
 
lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:8 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:560 (560.0 B)  TX bytes:560 (560.0 B)

We can see that there are two network interfaces in vm1, eth0 and lo. lo is a loopback interface, which is used to connect to client-server programs on the same machine.

Let us see what information we have on eth0, which is a VirtualBox pseudo network interface:

Field Description Field Description
(1) Link Physical options (17) RX Receive (abbreviation)
(2) encap Encapsulation type (18) packets Total number of packets
(3) Hwaddr MAC-address (19) errors Total number of packets with errors
(4) inet Address family (IPv4) (20) dropped Dropped packets (low system memory?)
(5) addr IPv4 address (21) overruns Packets come faster than they can be processed
(6) Bcast Broadcast address (22) frame Invalid frames received
(7) Mask Network mask (23) TX Transmit (abbreviation)
(8) inet6 Address family (IPv6) (24) packets Total number of packets
(9) addr IPv6 address (25) errors Total number of packets with errors
(10) Scope Address scope (host, link, global) (26) dropped Dropped packets (low system memory?)
(11) UP Interface is functioning (27) overruns An app sends packes very fast? (I am not sure)
(12) BROADCAST It can send traffic to all hosts at once (28) carrier Loss of link carrier wave
(13) RUNNING It is ready to accept data (I am not sure) (29) collisions Packed collision did occur
(14) MULTICAST It can send and receive multicast packets (30) txqueuelen Transmin queue length for outgoing packets
(15) MTU Its Maximum transfer unit (31) RX bytes Total received bytes
(16) Metric Route cost (not used in Linux) (32) TX bytes Total sent bytes

That sure is a lot. But then again, for now only important fields are:

  1. (5) addr — IPv4 address.
  2. (6) Bcast — Broadcast address.
  3. (7) Mask — Network mask.
  4. (11) UP — Interface is functioning.
  5. (13) RUNNING — It is ready to accept data.
  6. (19) errors and (25) errors — if there is something different from zero here, we have problems.

Now let us see what netstat can show us. 

user1@vm1:~$ sudo netstat -ap
Active Internet connections (servers and established)
#(1)  (2)    (3)    (4)                     (5)                     (6)         (7)
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 *:sunrpc                *:*                     LISTEN      580/portmap
tcp        0      0 *:ssh                   *:*                     LISTEN      900/sshd
tcp        0      0 localhost:smtp          *:*                     LISTEN      1111/exim4
tcp        0      0 *:36286                 *:*                     LISTEN      610/rpc.statd
tcp        0      0 10.0.2.15:ssh           10.0.2.2:52191          ESTABLISHED 12023/sshd: user1 [
tcp        0      0 10.0.2.15:ssh           10.0.2.2:48663          ESTABLISHED 11792/sshd: user1 [
tcp6       0      0 [::]:ssh                [::]:*                  LISTEN      900/sshd
tcp6       0      0 ip6-localhost:smtp      [::]:*                  LISTEN      1111/exim4
udp        0      0 *:bootpc                *:*                                 843/dhclient
udp        0      0 *:sunrpc                *:*                                 580/portmap
udp        0      0 *:52104                 *:*                                 610/rpc.statd
udp        0      0 *:786                   *:*                                 610/rpc.statd
#(8)  (9)    (10)        (11)       (12)          (13)     (14)                (15)
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags       Type       State         I-Node   PID/Program name    Path
unix  2      [ ACC ]     STREAM     LISTENING     3452     786/acpid           /var/run/acpid.socket
unix  6      [ ]         DGRAM                    3407     751/rsyslogd        /dev/log
unix  2      [ ]         DGRAM                    1940     214/udevd           @/org/kernel/udev/udevd
unix  2      [ ]         DGRAM                    88528    30939/sudo
unix  3      [ ]         STREAM     CONNECTED     68565    12023/sshd: user1 [
unix  3      [ ]         STREAM     CONNECTED     68564    12026/1
unix  2      [ ]         DGRAM                    68563    12023/sshd: user1 [
unix  3      [ ]         STREAM     CONNECTED     66682    11792/sshd: user1 [
unix  3      [ ]         STREAM     CONNECTED     66681    11794/0
unix  2      [ ]         DGRAM                    66680    11792/sshd: user1 [
unix  2      [ ]         DGRAM                    3465     843/dhclient
unix  2      [ ]         DGRAM                    3448     786/acpid
unix  3      [ ]         DGRAM                    1945     214/udevd
unix  3      [ ]         DGRAM                    1944     214/udevd

I used two parameters to modify netstat output. -a parameter told netstat to show us all connections, both established, like your current ssh session through which your are typing, and listening, like sshd daemon waiting for new connections. -p told netstat to show which program owns each connection.

Active Internet Connections (servers and established)
Field Description
(1) Proto The protocol (tcp, udp, raw) used by the socket.
(2) Recv-Q The count of bytes not copied by the user program connected to this socket.
(3) Send-Q The count of bytes not acknowledged by the remote host.
(4) Local Address Address and port number of the local end of the socket.
(5) Foreign Address Address and port number of the remote end of the socket.
(6) State ESTABLISHED, SYN_SENT, SYN_RECV, FIN_WAIT1, FIN_WAIT2, TIME_WAIT, CLOSE, CLOSE_WAIT, LAST_ACK, LISTEN, CLOSING, UNKNOWN
(7) PID Slash-separated pair of the process id (PID) and process name of the process that owns the socket.
Active UNIX domain sockets (servers and established)
Field Description
(8) Proto The protocol (usually unix) used by the socket.
(9) RefCnt The reference count (i.e. attached processes via this socket).
(10) Flags The flags displayed is SO_ACCEPTON (displayed as ACC), SO_WAITDATA (W) or SO_NOSPACE (N).
(11) Type SOCK_DGRAM, SOCK_STREAM, SOCK_RAW, SOCK_RDM, SOCK_SEQPACKET, SOCK_PACKET, UNKNOWN.
(12) State FREE, LISTENING, CONNECTING, CONNECTED, DISCONNECTING, (empty), UNKNOWN.
(13) I-Node I-Node of socket file.
(14) PID Process ID (PID) and process name of the process that has the socket open.
(15) Path This is the path name as which the corresponding processes attached to the socket.

Not all fields are actually important. Usually you have to look only in Active Internet Connections (servers and established) section, and use this fields:

  1. (1) Proto — The protocol (tcp, udp, raw) used by the socket.
  2. (4) Local Address — address and port number of the local end of the socket.
  3. (5) Foreign Address — address and port number of the remote end of the socket, only for socket pairs.
  4. (6) State — for now you should know only two states: LISTEN and ESTABLISHED. First means that you may connect to this socket, second means that this socket already is connected, and in this cases netstat shows you socket pair.

ip is a program similar to ifconfig with extended capabilities. It is from iproute2 suite which is intended to replace ifconfig some day. Example output: 

user1@vm1:~$ sudo ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
#        (1)        (2)      (3) (4)       (5)      (6)              (8)      (9)
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 08:00:27:d4:45:68 brd ff:ff:ff:ff:ff:ff      # (9),  (10), (11)
    inet 10.0.2.15/24 brd 10.0.2.255 scope global eth0      # (12), (13), (14)
    inet6 fe80::a00:27ff:fed4:4568/64 scope link            # (15), (16)
       valid_lft forever preferred_lft forever              # (17), (18), (19)

Again, let us see what information we have on eth0:

Field Description
(1) BROADCAST It can send traffic to all hosts at once
(2) MULTICAST It can send and receive multicast packets
(3) UP It is functioning, logical state
(4) LOWER_UP Driver signals L1 up (since Linux 2.6.17)
(5) MTU Maximum transfer unit
(6) qdisc Queueing discipline, basically traffic scheduler policy
(8) State Physical state (carrier sense?)
(9) qlen Transmin queue length for outgoing packets
(10) link Physical options
(11) ether Encapsulation type, MAC-address
(12) brd Data Link Layer (physical) broadcast address
(13) inet IPv4 address family address
(14) brd IPv4 boradcast
(15) scope IPv4 Address scope (host, link, global)
(16) inet6 IPv6 address family address
(17) scope IPv6 Address scope (host, link, global
(18) valid_lft IPv6 source address selection policy
(19) preffered_lft IPv6 source address selection policy

You already know which parameters are important (the same as in ifconfig).

ss is basically contemporary netstat with extended capabilities. This is its example output, interpretation of which is left as exercise for you: 

user1@vm1:~$ sudo ss -ap | cut -c1-200
State      Recv-Q Send-Q    Local Address:Port      Peer Address:Port
LISTEN     0      128                   *:sunrpc               *:*        users:(("portmap",580,5))
LISTEN     0      128                  :::ssh                 :::*        users:(("sshd",900,4))
LISTEN     0      128                   *:ssh                  *:*        users:(("sshd",900,3))
LISTEN     0      20                  ::1:smtp                :::*        users:(("exim4",1111,4))
LISTEN     0      20            127.0.0.1:smtp                 *:*        users:(("exim4",1111,3))
LISTEN     0      128                   *:36286                *:*        users:(("rpc.statd",610,7))
ESTAB      0      0             10.0.2.15:ssh           10.0.2.2:52191    users:(("sshd",12023,3),("sshd",12026,3))
ESTAB      0      0             10.0.2.15:ssh           10.0.2.2:48663    users:(("sshd",11792,3),("sshd",11794,3))

This is for working with interface, connetctions and interface addresses. But what about network routes? You can get information about them using several commands as well: 

user1@vm1:~$ sudo route -n
Kernel IP routing table
# (1)           (2)             (3)             (4)   (5)    (6)    (7) (8)
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.0.2.0        *               255.255.255.0   U     0      0        0 eth0
default         10.0.2.2        0.0.0.0         UG    0      0        0 eth0
user1@vm1:~$ sudo netstat -nr
Kernel IP routing table #                                           (9)
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
10.0.2.0        0.0.0.0         255.255.255.0   U         0 0          0 eth0
0.0.0.0         10.0.2.2        0.0.0.0         UG        0 0          0 eth0
user1@vm1:~$ sudo ip route show
# (10)      (11)      (12)          (13)        (14)
10.0.2.0/24 dev eth0  proto kernel  scope link  src 10.0.2.15
#(15)                (16)
default via 10.0.2.2 dev eth0

Let us work through fields onece more:

Field Description
(1) Destination The destination network or destination host.
(2) Gateway The gateway address or '*' if none set.
(3) Genmask The netmask for the destination net; '255.255.255.255' for a host destination and '0.0.0.0' for the default route.
(4) Flags Up, Host, Gateway, Reinstate, Dynamically installed, Modified, Addrconf, Cache entry, ! reject.
(5) Metric The 'distance' to the target (usually counted in hops). It is not used by recent kernels, but may be needed by routing daemons.
(6) Ref Number of references to this route. (Not used in the Linux kernel.)
(7) Use Count of lookups for the route.
(8) Iface Interface to which packets for this route will be sent.
(9) irtt Initial RTT (Round Trip Time). The kernel uses this to guess about the best TCP protocol parameters
without waiting on (possibly slow) answers.
(10) Net/Mask The destination network or destination host.
(11) dev Interface to which packets for this route will be sent.
(12) proto man ip /RTPROTO: redirect, kernel, boot, static, ra
(13) scope man ip /SCOPE_WALUE: global, site, link, host
(14) src The source address to prefer when sending to the destinations covered by the route prefix.
(15) default Gateway address for all addresses without explicitly assigned gateways
(15) dev Interface to which packets for this route will be sent.

The important field for now:

  1. (1) Destination — The destination network or destination host.
  2. (2) Gateway — The gateway address or '*' if none set. Default means that packets will be sent via this gateway if there is no explicitly specified gateway for packet destination address.
  3. (3) Genmask — The netmask for the destination net; '255.255.255.255' for a host destination and '0.0.0.0' for the default route.
  4. (8) Iface — Interface to which packets for this route will be sent.

Which field from netstat and route correspond to which from ip route show is left as an exercise for you once more. Well, that was awfully big! Take a deep breath and let us move to the practice.

Now you will learn how to create pseudo-interface, assign address to it and change it state.

Do this

 1: sudo aptitude install uml-utilities
 2: sudo tunctl -t tap0 -u user1
 3: ls -al /sys/devices/virtual/net/tap0
 4: sudo ifconfig tap0 10.1.1.1 netmask 255.255.255.0
 5: sudo ifconfig
 6: sudo route
 7: ping 10.1.1.1 -c 2
 8: sudo ifconfig tap0 down
 9: ping 10.1.1.1 -c 2
10: sudo ifconfig tap0 up
11: sudo ip a a 10.2.2.2/24 brd + dev tap0
12: sudo ifconfig
13: sudo route
14: ip a s
15: ip r s
16: ping 10.2.2.2 -c 2
17: sudo ip link set dev tap0 down
18: ip a s
19: ip r s
20: ping 10.2.2.2 -c 2
21: sudo tunctl -d tap0
22: ip a s
23: ls -al /sys/devices/virtual/net/tap0

What you should see

user1@vm1:~$ sudo aptitude install uml-utilities
The following NEW packages will be installed:
  libfuse2{a} uml-utilities
0 packages upgraded, 2 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B/205 kB of archives. After unpacking 737 kB will be used.
Do you want to continue? [Y/n/?]
Selecting previously deselected package libfuse2.
(Reading database ... 39616 files and directories currently installed.)
Unpacking libfuse2 (from .../libfuse2_2.8.4-1.1_amd64.deb) ...
Selecting previously deselected package uml-utilities.
Unpacking uml-utilities (from .../uml-utilities_20070815-1.1_amd64.deb) ...
Processing triggers for man-db ...
Setting up libfuse2 (2.8.4-1.1) ...
Setting up uml-utilities (20070815-1.1) ...
Starting User-mode networking switch: uml_switch.
user1@vm1:~$ sudo tunctl -t tap0 -u user1
Set 'tap0' persistent and owned by uid 1000
user1@vm1:~$ ls -al /sys/devices/virtual/net/tap0
total 0
drwxr-xr-x 4 root root    0 Jul 11 05:33 .
drwxr-xr-x 4 root root    0 Jul 11 05:33 ..
-r--r--r-- 1 root root 4096 Jul 11 05:33 address
-r--r--r-- 1 root root 4096 Jul 11 05:33 addr_len
-r--r--r-- 1 root root 4096 Jul 11 05:33 broadcast
-r--r--r-- 1 root root 4096 Jul 11 05:33 carrier
-r--r--r-- 1 root root 4096 Jul 11 05:33 dev_id
-r--r--r-- 1 root root 4096 Jul 11 05:33 dormant
-r--r--r-- 1 root root 4096 Jul 11 05:33 duplex
-r--r--r-- 1 root root 4096 Jul 11 05:33 features
-rw-r--r-- 1 root root 4096 Jul 11 05:33 flags
-r--r--r-- 1 root root 4096 Jul 11 05:33 group
-rw-r--r-- 1 root root 4096 Jul 11 05:33 ifalias
-r--r--r-- 1 root root 4096 Jul 11 05:33 ifindex
-r--r--r-- 1 root root 4096 Jul 11 05:33 iflink
-r--r--r-- 1 root root 4096 Jul 11 05:33 link_mode
-rw-r--r-- 1 root root 4096 Jul 11 05:33 mtu
-r--r--r-- 1 root root 4096 Jul 11 05:33 operstate
-r--r--r-- 1 root root 4096 Jul 11 05:33 owner
drwxr-xr-x 2 root root    0 Jul 11 05:33 power
-r--r--r-- 1 root root 4096 Jul 11 05:33 speed
drwxr-xr-x 2 root root    0 Jul 11 05:33 statistics
lrwxrwxrwx 1 root root    0 Jul 11 05:33 subsystem -> ../../../../class/net
-r--r--r-- 1 root root 4096 Jul 11 05:33 tun_flags
-rw-r--r-- 1 root root 4096 Jul 11 05:33 tx_queue_len
-r--r--r-- 1 root root 4096 Jul 11 05:33 type
-rw-r--r-- 1 root root 4096 Jul 11 05:33 uevent
user1@vm1:~$ sudo ifconfig tap0 10.1.1.1 netmask 255.255.255.0
user1@vm1:~$ sudo ifconfig
eth0      Link encap:Ethernet  HWaddr 08:00:27:d4:45:68
          inet addr:10.0.2.15  Bcast:10.0.2.255  Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:fed4:4568/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:64040 errors:0 dropped:0 overruns:0 frame:0
          TX packets:44578 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:19663646 (18.7 MiB)  TX bytes:25043918 (23.8 MiB)
 
lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:76 errors:0 dropped:0 overruns:0 frame:0
          TX packets:76 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:6272 (6.1 KiB)  TX bytes:6272 (6.1 KiB)
 
tap0      Link encap:Ethernet  HWaddr ee:d8:2e:f6:bc:f1
          inet addr:10.1.1.1  Bcast:10.1.1.255  Mask:255.255.255.0
          inet6 addr: fe80::ecd8:2eff:fef6:bcf1/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:1 overruns:0 carrier:0
          collisions:0 txqueuelen:500
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
 
user1@vm1:~$ sudo route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.0.2.0        *               255.255.255.0   U     0      0        0 eth0
10.1.1.0        *               255.255.255.0   U     0      0        0 tap0
default         10.0.2.2        0.0.0.0         UG    0      0        0 eth0
user1@vm1:~$ ping 10.1.1.1 -c 2
PING 10.1.1.1 (10.1.1.1) 56(84) bytes of data.
64 bytes from 10.1.1.1: icmp_req=1 ttl=64 time=0.070 ms
64 bytes from 10.1.1.1: icmp_req=2 ttl=64 time=0.027 ms
 
--- 10.1.1.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.027/0.048/0.070/0.022 ms
user1@vm1:~$ sudo ifconfig tap0 down
user1@vm1:~$ ping 10.1.1.1 -c 2
PING 10.1.1.1 (10.1.1.1) 56(84) bytes of data.
64 bytes from 10.1.1.1: icmp_req=1 ttl=64 time=0.030 ms
64 bytes from 10.1.1.1: icmp_req=2 ttl=64 time=0.024 ms
 
--- 10.1.1.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.024/0.027/0.030/0.003 ms
user1@vm1:~$ sudo ifconfig tap0 up
user1@vm1:~$ sudo ip a a 10.2.2.2/24 brd + dev tap0
user1@vm1:~$ sudo ifconfig
eth0      Link encap:Ethernet  HWaddr 08:00:27:d4:45:68
          inet addr:10.0.2.15  Bcast:10.0.2.255  Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:fed4:4568/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:64088 errors:0 dropped:0 overruns:0 frame:0
          TX packets:44609 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:19667480 (18.7 MiB)  TX bytes:25049771 (23.8 MiB)
 
lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:84 errors:0 dropped:0 overruns:0 frame:0
          TX packets:84 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:6944 (6.7 KiB)  TX bytes:6944 (6.7 KiB)
 
tap0      Link encap:Ethernet  HWaddr ee:d8:2e:f6:bc:f1
          inet addr:10.1.1.1  Bcast:10.1.1.255  Mask:255.255.255.0
          inet6 addr: fe80::ecd8:2eff:fef6:bcf1/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:9 overruns:0 carrier:0
          collisions:0 txqueuelen:500
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
user1@vm1:~$ sudo route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.2.2.0        *               255.255.255.0   U     0      0        0 tap0
10.0.2.0        *               255.255.255.0   U     0      0        0 eth0
10.1.1.0        *               255.255.255.0   U     0      0        0 tap0
default         10.0.2.2        0.0.0.0         UG    0      0        0 eth0
user1@vm1:~$ ip a s
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 08:00:27:d4:45:68 brd ff:ff:ff:ff:ff:ff
    inet 10.0.2.15/24 brd 10.0.2.255 scope global eth0
    inet6 fe80::a00:27ff:fed4:4568/64 scope link
       valid_lft forever preferred_lft forever
12: tap0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 500
    link/ether ee:d8:2e:f6:bc:f1 brd ff:ff:ff:ff:ff:ff
    inet 10.1.1.1/24 brd 10.1.1.255 scope global tap0
    inet 10.2.2.2/24 brd 10.2.2.255 scope global tap0
    inet6 fe80::ecd8:2eff:fef6:bcf1/64 scope link
       valid_lft forever preferred_lft forever
user1@vm1:~$ ip r s
10.2.2.0/24 dev tap0  proto kernel  scope link  src 10.2.2.2
10.0.2.0/24 dev eth0  proto kernel  scope link  src 10.0.2.15
10.1.1.0/24 dev tap0  proto kernel  scope link  src 10.1.1.1
default via 10.0.2.2 dev eth0
user1@vm1:~$ ping 10.2.2.2 -c 2
PING 10.2.2.2 (10.2.2.2) 56(84) bytes of data.
64 bytes from 10.2.2.2: icmp_req=1 ttl=64 time=0.081 ms
64 bytes from 10.2.2.2: icmp_req=2 ttl=64 time=0.025 ms
 
--- 10.2.2.2 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.025/0.053/0.081/0.028 ms
user1@vm1:~$ sudo ip link set dev tap0 down
user1@vm1:~$ ip a s
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 08:00:27:d4:45:68 brd ff:ff:ff:ff:ff:ff
    inet 10.0.2.15/24 brd 10.0.2.255 scope global eth0
    inet6 fe80::a00:27ff:fed4:4568/64 scope link
       valid_lft forever preferred_lft forever
12: tap0: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN qlen 500
    link/ether ee:d8:2e:f6:bc:f1 brd ff:ff:ff:ff:ff:ff
    inet 10.1.1.1/24 brd 10.1.1.255 scope global tap0
    inet 10.2.2.2/24 brd 10.2.2.255 scope global tap0
user1@vm1:~$ ip r s
10.0.2.0/24 dev eth0  proto kernel  scope link  src 10.0.2.15
default via 10.0.2.2 dev eth0
user1@vm1:~$ ping 10.2.2.2 -c 2
PING 10.2.2.2 (10.2.2.2) 56(84) bytes of data.
64 bytes from 10.2.2.2: icmp_req=1 ttl=64 time=0.037 ms
64 bytes from 10.2.2.2: icmp_req=2 ttl=64 time=0.024 ms
 
--- 10.2.2.2 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.024/0.030/0.037/0.008 ms
user1@vm1:~$ sudo tunctl -d tap0
Set 'tap0' nonpersistent
user1@vm1:~$ ip a s
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 08:00:27:d4:45:68 brd ff:ff:ff:ff:ff:ff
    inet 10.0.2.15/24 brd 10.0.2.255 scope global eth0
    inet6 fe80::a00:27ff:fed4:4568/64 scope link
       valid_lft forever preferred_lft forever
user1@vm1:~$ ls -al /sys/devices/virtual/net/tap0
ls: cannot access /sys/devices/virtual/net/tap0: No such file or directory
user1@vm1:~$

Explanation

  1. Install package for working with pseudo-(virtual)-interfaces.
  2. Create pseudo-interface tap0.
  3. Prints out contents of virtual directory created for this interfaces, containing its settings and statistics.
  4. Add to tap0 an IP address 10.1.1.1/24.
  5. Print out current interface status.
  6. Print out current routing table entries. Notice that Linux automatically added new route for tap0.
  7. Tests tap0 by sending ICMP echo request packet to it.
  8. Brings tap0 to DOWN state.
  9. Tests tap0 by sending ICMP echo request packet to it again. There will be an Extra credit for you to explain why this still works despite intercase being down?
  10. Brings tap0 to UP state.
  11. Adds additional IP address 10.2.2.2/24 to tap0. ip a a is abbreviated version of ip addr add. What this little + means you will find out on your own in Extra credit.
  12. Prints out current interface status. Notice how ifconfig is unable to list new IP address added using ip utility. Why? More Extra credit.
  13. Print out current routing table. Notice that Linux automatically added one more route for tap0.
  14. Prints out current interface status using ip utility. You are able to see newly added address here.
  15. Prints our routing tables using ip utility.
  16. Tests net tap0 IP address by sending ICMP echo request packet to it.
  17. Brings tap0 to DOWN state.
  18. Prints out current interface status.
  19. Print out current routing table entries. Notice that tap0 routes are remove automatically.
  20. Tests net tap0 IP address by sending ICMP echo request packet to it. This works. Why?
  21. Removes pseudo-interface tap0.
  22. Prints out current interface status. tap0 is absent.
  23. Shows us that tap0 virtual directory is now gone as well.

Extra Credit

  1. Familiarize yourself with man ifconfig, man ip, man netstat, man ss.
  2. Why ping worked when tap0 was is in down state?
  3. What brd + means?
  4. Why ifconfig is unable to list new address you added using ip?

Discussion

Navigation

Learn Linux The Hard Way