Setting up Routes: Commands ip route, netstat, ss

1. The Concept of Routing

Today, we’re diving even deeper: we'll set up routes, analyze network connections, and figure out ports. This is where the real magic of network admin starts – understanding where and how packets run around, and why it’s important to be "in charge of the routes".

Routing isn’t some overly complicated thing; it’s the foundation of modern networks. Imagine this: your computer is a tourist wanting to reach another computer (a hotel), and routes are the roads and signs. If there aren’t any routes, the tourist will wander around, asking for directions from passersby (and those passersby could be DNS servers, but that’s a topic for another time) or just stay home.

Why Routes Are Needed

Every device in a network needs to know how to reach other devices. For example, if your computer wants to send a request to the site example.com, it needs to know:

1. Where to send the packets.
2. Through which gateway or interface to do it.

There are two types of routes:

• Local Routes: directions for devices within your subnet (e.g., your computer and a printer).
• External Routes: directions for devices outside your subnet (e.g., a resource on the internet).

---

2. Routing Table

The routing table is a set of rules that determines where to send packets based on their IP addresses. Think of it like Google Maps for your computer: "If you wanna get there, take this gateway."

Try displaying your routing table:

ip route show

Sample output:

default via 192.168.1.1 dev eth0 proto dhcp metric 100
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.100 metric 100

What it means:

• default via 192.168.1.1: if the packet doesn’t have a specific destination, send it through the gateway with the address 192.168.1.1.
• dev eth0: we use the interface eth0.
• 192.168.1.0/24: this is the route for the entire subnet 192.168.1.0/24. Packets stay "home" in the local network.
• proto and metric – additional parameters, more on these later.

---

3. Command ip route

Viewing routes

To view the routing table, we've already used ip route show. You can add filters, for example, to define a route only for the local network:

ip route show match 192.168.1.0/24

Adding routes

You can add a static route – it’s like putting up a road sign yourself. For instance, to redirect all requests to the subnet 10.0.0.0/24 through a specific gateway:

sudo ip route add 10.0.0.0/24 via 192.168.1.1 dev eth0

Let's break it down:

• 10.0.0.0/24 – destination subnet.
• via 192.168.1.1 – the gateway through which packets are sent.
• dev eth0 – the interface through which packets leave.

Deleting routes

If you no longer want a route to exist, delete it with the command:

sudo ip route del 10.0.0.0/24

---

4. Practice: Static Route Setup

1. Make sure you have access to another subnet.
2. Add a route:

sudo ip route add 192.168.2.0/24 via 192.168.1.1 dev eth0

3. Check the routing table:

ip route show

4. Delete the route if you no longer need it.

---

5. The netstat Command

When it comes to analyzing current connections, netstat is an old trusty friend of the sysadmin (though there's a more modern alternative – ss, which we'll talk about later).

Checking active connections

netstat -tun

What it means:

• -t – show TCP connections.
• -u – show UDP connections.
• -n – use numerical addresses (instead of hostnames).

Example output:

Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 192.168.1.100:22        192.168.1.50:50240      ESTABLISHED

What it means:

• Local address 192.168.1.100:22 – your computer is listening on port 22 (SSH).
• Foreign address 192.168.1.50:50240 – the remote host that is connected to your port.
• ESTABLISHED – an active connection, data is being transferred.

Listening ports

To see which ports are "listening" on your computer:

netstat -ltn

The flag -l shows only listening ports, and -t and -n we've already covered.

---

6. Command ss

If netstat is a dinosaur, then ss is the DeLorean machine from the future: it works faster and gives more info.

Checking active connections

ss -tun

The output is similar to netstat, but with more speed and detail.

Listening to ports

ss -tln

Same as with netstat, but working with ss is easier and more modern.

---

7. Monitoring Connections

1. Use netstat or ss to check which ports your computer is listening to.
2. Open an SSH connection on another device and check if it shows up in the list of connections.
3. Try to interpret the output of the commands.

We’ve dived into the world of routing and connection monitoring: now you can use ip route to manage the routing table, and netstat/ss to analyze network connections. These tools are your Swiss Army knife for solving the trickiest network issues. Want to help a friend who's complaining that "the internet doesn't work"? Whip out your new skills and show them who's boss!

The next lecture will be even cooler: we’ll dive into DNS and its magic. For now, practice with ip route and check out how packets find their way home.