Table of Contents
Introduction
Networking fundamentals in Linux are about understanding how your system communicates with others. At this stage you already know basic command line skills and general system concepts. Here you will see how Linux represents network connections, how it addresses other machines, and how it routes traffic. Detailed configuration files, specific tools, and advanced protocols are covered in the child chapters that follow, so this chapter focuses on a conceptual foundation and the Linux specific view of networking.
What Networking Means for a Linux System
From the perspective of a Linux machine, networking is simply the exchange of packets between interfaces and the kernel. Applications do not directly talk to the physical network. Instead, they use system calls to ask the kernel to send and receive data. The kernel then handles details such as routing, fragmentation, and interfacing with network hardware.
A network on Linux is built from a few basic ideas. There are interfaces, which are the points where the system connects to networks. There are addresses, which identify the system on those networks. There are routes, which describe how to reach other addresses. Finally there are protocols, which define the rules for how data is formatted and transmitted.
Network Interfaces
Linux represents every network connection as a network interface. You will see these as names like eth0, enp3s0, wlan0, or lo. Each name corresponds to a logical interface in the kernel. Some are backed by physical hardware such as an Ethernet card, and some are virtual such as tunnels or the loopback interface.
The loopback interface is special and is almost always named lo. It allows the system to talk to itself using networking protocols. This might sound unnecessary, but many services and applications use loopback to communicate internally even when no physical network is attached. Traffic to the loopback interface never leaves the machine.
Linux does not require an interface to be physical. Virtual machines, containers, VPNs, and other features use virtual interfaces that behave like real ones from the perspective of the IP stack. Understanding that all of these are just interfaces with addresses will help you when you later work with container networking and advanced routing.
IP Addresses on Linux
To identify itself on a network, a Linux machine uses IP addresses. Modern systems typically use IPv4 and IPv6 together. Linux treats these as separate protocols that can both be active on the same interface.
An IPv4 address is four bytes, usually written as four numbers separated by dots, like 192.168.1.10. An IPv6 address is longer, 16 bytes, and written as eight groups of hexadecimal numbers separated by colons, such as 2001:db8::1. The kernel stores these addresses in binary form and exposes them through its networking subsystem.
Every IP address has an associated prefix length. This describes how many of the leftmost bits belong to the network part, and how many belong to the host part. For example, the notation 192.168.1.10/24 means that the first 24 bits describe the network and the remaining 8 bits can vary for hosts on that network.
A network with prefix length $/n$ has $2^{32-n}$ IPv4 addresses in total.
For IPv4, the number of host addresses in a network is often approximated as:
$$\text{hosts} \approx 2^{32-n}$$
Keep in mind that some addresses in a network are reserved and cannot be assigned to hosts.
Linux itself does not care if an address is public or private. Addresses like 192.168.x.x or 10.x.x.x are called private and are typically used inside local networks behind routers. Public addresses are reachable from the wider internet. The kernel just routes packets according to addresses and routes, and relies on the surrounding network infrastructure to handle separation between private and public spaces.
Ports and Protocols
Once a packet reaches the right host, it still needs to be delivered to the correct application. Linux uses port numbers combined with transport layer protocols for this. The most common transport protocols are TCP and UDP. TCP is connection oriented and reliable. UDP is connectionless and does not guarantee delivery.
A port is a 16 bit number, so it can range from 0 to 65535. Ports from 0 to 1023 are called well known ports and are usually reserved for system services such as web servers, SSH, and mail servers. By convention, user applications use higher port numbers. On Linux, only privileged processes can bind to ports below 1024 by default.
At the kernel level, an application does not just open “port 80.” It opens a combination of protocol, address, and port. For example, a web server might listen on TCP, address 0.0.0.0, port 80. The special address 0.0.0.0 means “all local IPv4 addresses.” When a packet arrives that matches the same protocol, destination address, and destination port, the kernel delivers it to that process.
Basic Routing Concepts
Routing is the process by which Linux decides where to send packets that are leaving the machine. Each outgoing packet has a destination IP address. The kernel looks up that address in its routing table and selects the best matching route.
A single host rarely connects directly to every other host. Instead, it sends packets to a gateway if the destination is outside its local network. The routing table usually contains a default route that points to this gateway. The default route tells the system, “if you do not have a more specific route for this destination, send the packet here.”
The decision is based on prefix matching. Routes are typically stored as networks plus a prefix length, for example 192.168.1.0/24. If the destination address matches multiple routes, the kernel chooses the route with the longest prefix length. This is called longest prefix match and ensures that the most specific route wins.
Routing decisions use longest prefix match:
- Convert destination address and route networks to binary form.
- Compare destination address with each route prefix.
- Select the route with the greatest prefix length that still matches.
If no route matches, and there is no default route, the packet cannot be delivered and the kernel reports a “network unreachable” error.
Linux also supports multiple routing tables and advanced policies, but these are used for more complex setups. For simple systems, there is usually a single main table with a few entries such as local networks, loopback, and the default route.
DNS in a Linux Context
Humans prefer names such as example.com over numerical addresses. DNS is the system that maps names to addresses. A Linux system does not implement the global DNS system itself. Instead, it acts as a DNS client that queries upstream servers, usually provided by routers or internet providers.
When an application needs to reach a name, it asks the system resolver to translate that name into one or more IP addresses. The resolver library then talks to DNS servers defined in the system configuration. If the query is successful, the application receives the address and can initiate network connections.
Linux can also use local configuration to override DNS results. This is often done for development, testing, or small internal networks. The details of how hostnames and DNS configuration are stored and modified on disk are covered in the dedicated DNS and hostnames chapter.
The Role of Network Tools
Linux exposes networking through kernel interfaces and user space tools. Most modern distributions rely on the ip command to interact with the kernel’s networking stack. This command can show and change addresses, interfaces, and routes. Other commands exist for testing connectivity, such as sending echo packets or checking open connections.
At a high level, every network tool communicates with the kernel, not directly with the hardware. For example, a tool that lists active connections asks the kernel for information about sockets and routing entries. A tool that tests reachability constructs and sends packets through the kernel, which then decides how to send them over interfaces.
When you study the later chapters on networking tools and configuration files, it will help to remember that they all work with the same underlying concepts. They manage interfaces, assign addresses, adjust routes, query name resolution, or inspect sockets. The commands differ, but the foundational model is always the same.
Summary
From Linux’s point of view, networking is the combination of interfaces, IP addresses, ports, routes, and name resolution that together allow processes to talk to each other across machines. Interfaces connect the system to networks, addresses identify it, ports distinguish applications, routes decide how packets leave, and DNS turns names into addresses. The subsequent chapters will show you how to work with specific configuration tools, how to inspect and test network connectivity, and how to adjust low level details such as routing and DNS files.