Understanding Network Interfaces with ip Command for LFCS

Welcome to Part 15 of the LFCS Certification - Phase 1 series! You've conquered the documentation systems. Now we're entering the exciting world of Linux networking. In this post, you'll master network interfaces and the powerful ip command.

💡

🎯 What You'll Learn: In this comprehensive guide, you'll master:

What network interfaces are and why they matter
Understanding interface naming conventions (eth0, enp0s3, ens33, lo)
The ip command structure and subcommands
Using ip addr (ip a) to view IP addresses
Using ip link to view and manage interfaces
Reading interface output (states, MAC addresses, IPs)
Bringing interfaces UP and DOWN
Understanding the loopback interface (lo)
Interface states: UP, DOWN, UNKNOWN
Temporary network changes vs permanent
20+ comprehensive practice labs with solutions

Series: LFCS Certification Preparation - Phase 1 (Post 15 of 52) Previous: Part 14 - Exploring /usr/share/doc and tldr Next: Part 16 - Managing Hostnames with hostname and hostnamectl

What Are Network Interfaces?

Network interfaces are the connection points between your Linux system and networks. Think of them as the "ports" through which your computer communicates with the outside world.

Types of Network Interfaces

Interface Type	Common Names	Purpose
Loopback	`lo`	System talking to itself (127.0.0.1)
Ethernet	`eth0`, `enp0s3`, `ens33`	Wired network connection
Wireless	`wlan0`, `wlp3s0`	WiFi connection
Virtual	`docker0`, `virbr0`, `veth*`	Container/VM networking

Understanding Interface Naming

Old naming scheme (predictable but deprecated):

eth0 - First ethernet interface
eth1 - Second ethernet interface
wlan0 - First wireless interface

New naming scheme (systemd predictable network names):

enp0s3 - en=ethernet, p0=PCI bus 0, s3=slot 3
ens33 - en=ethernet, s=hotplug slot 33
wlp3s0 - wl=wireless, p3=PCI bus 3, s0=slot 0

💡

💡 Why the change? The new naming scheme ensures interface names remain consistent across reboots and hardware changes. eth0 today might become eth1 tomorrow if you add hardware. enp0s3 will always be the same physical port.

The ip Command

The ip command is the modern, powerful tool for network configuration in Linux. It replaced older commands like ifconfig, route, and arp.

Basic ip Command Structure

ip [OPTIONS] OBJECT COMMAND

Common OBJECTS:

addr (or address) - IP addresses
link - Network interfaces
route - Routing tables
neigh (or neighbour) - ARP cache

Why ip Command Matters for LFCS

Advantages over old tools:

More powerful and flexible
Consistent syntax across all network operations
Shows more detailed information
Required knowledge for LFCS exam
Standard on all modern Linux distributions

Old vs New commands:

ifconfig → ip addr
ifconfig eth0 up → ip link set eth0 up
route -n → ip route
arp -a → ip neigh

⚠️

⚠️ Deprecation Notice: ifconfig, route, and arp are deprecated and may not be installed by default on modern systems. Learn ip command for LFCS success!

Viewing Network Interfaces with ip addr

The ip addr command (shortened as ip a) displays all network interfaces and their IP addresses.

Basic Usage

# Full command
ip addr show

# Common shorthand
ip a

Example output:

[centos9@vm1 ~]$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 08:00:27:3c:80:d2 brd ff:ff:ff:ff:ff:ff
    inet 192.168.100.154/24 brd 192.168.100.255 scope global dynamic noprefixroute enp0s3
       valid_lft 85743sec preferred_lft 85743sec
    inet6 fe80::9b6f:96bb:eae6:4030/64 scope link noprefixroute
       valid_lft forever preferred_lft forever
3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 08:00:27:f0:59:b0 brd ff:ff:ff:ff:ff:ff
    inet 10.0.3.15/24 brd 10.0.3.255 scope global dynamic noprefixroute enp0s8
       valid_lft 85743sec preferred_lft 85743sec
    inet6 fe80::375d:8fe6:b0ba:6f0f/64 scope link noprefixroute
       valid_lft forever preferred_lft forever

Understanding the Output (Line by Line)

Let's break down the first interface:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000

Field by field:

1: - Interface index number
lo: - Interface name (loopback)
<LOOPBACK,UP,LOWER_UP> - Flags/states (more on this below)
mtu 65536 - Maximum Transmission Unit (packet size)
qdisc noqueue - Queuing discipline (traffic control)
state UNKNOWN - Operational state
qlen 1000 - Transmit queue length

Next line - Link layer info:

    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

link/loopback - Link layer type
00:00:00:00:00:00 - MAC address (all zeros for loopback)
brd ff:ff:ff:ff:ff:ff - Broadcast address

Next line - IPv4 address:

    inet 127.0.0.1/8 scope host lo

inet - IPv4 address follows
127.0.0.1/8 - IP address and subnet mask (CIDR notation)
scope host - Address scope (only accessible from this host)
lo - Interface name

Next line - Lifetime:

       valid_lft forever preferred_lft forever

valid_lft - How long the address is valid
preferred_lft - How long the address is preferred for use
forever - No expiration

Understanding Interface Flags

The angle brackets show interface flags:

Flag	Meaning	Importance
`UP`	Interface is administratively enabled	Interface can function
`LOWER_UP`	Physical link is connected	Cable plugged in or connection active
`BROADCAST`	Supports broadcasting	Can send to all devices on network
`MULTICAST`	Supports multicasting	Can send to multiple specific devices
`LOOPBACK`	Loopback interface	For local communication only
`NO-CARRIER`	No physical connection detected	Cable unplugged or link down

Understanding Interface States

The state field shows the operational state:

Common states:

UP - Interface is active and working
DOWN - Interface is disabled
UNKNOWN - State cannot be determined (common for loopback)

Troubleshooting with states:

UP + LOWER_UP = Everything working ✅
UP + no LOWER_UP = Interface enabled but cable unplugged ⚠️
Just state DOWN = Interface administratively disabled ❌

Viewing Specific Interface

# View only one interface
ip addr show dev enp0s3

# Shorthand
ip a show dev enp0s3

Example output:

[centos9@vm1 ~]$ ip a show dev enp0s3
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 08:00:27:3c:80:d2 brd ff:ff:ff:ff:ff:ff
    inet 192.168.100.154/24 brd 192.168.100.255 scope global dynamic noprefixroute enp0s3
       valid_lft 85743sec preferred_lft 85743sec
    inet6 fe80::9b6f:96bb:eae6:4030/64 scope link noprefixroute
       valid_lft forever preferred_lft forever

Why this matters:

Faster than scrolling through all interfaces
Focus on troubleshooting specific interface
Essential for LFCS exam efficiency

Understanding the Loopback Interface (lo)

The loopback interface (lo) is a special virtual interface that always points back to the local machine.

Key Facts About Loopback

IP Address: Always 127.0.0.1 (IPv4) and ::1 (IPv6) Purpose: Local communication within the system State: Should always be UP

Why it exists:

Services listening on localhost (127.0.0.1)
Testing network applications locally
Inter-process communication
Diagnostic purposes

Example use cases:

# Database listening on localhost
mysql -h 127.0.0.1 -u root -p

# Web server running locally
curl http://localhost:8080

# SSH to yourself (testing)
ssh user@127.0.0.1

✅

💡 LFCS Tip: If you can't ping 127.0.0.1, your loopback interface is down or misconfigured. This is a critical system problem! The loopback interface should ALWAYS work.

Localhost vs 127.0.0.1

They're the same thing!

localhost is a hostname that resolves to 127.0.0.1
/etc/hosts file contains this mapping
Using either is fine

# These are equivalent
ping localhost
ping 127.0.0.1

Viewing Interfaces with ip link

The ip link command shows link layer information about network interfaces (without IP addresses).

Basic Usage

# Show all interfaces
ip link show

# Shorthand
ip link

Example output:

[centos9@vm1 ~]$ ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 08:00:27:3c:80:d2 brd ff:ff:ff:ff:ff:ff
3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 08:00:27:f0:59:b0 brd ff:ff:ff:ff:ff:ff

ip addr vs ip link

What's the difference?

Command	Shows	Use When
`ip addr`	Interfaces + IP addresses	Need to see IP addresses
`ip link`	Interfaces only (link layer)	Managing interface state (up/down)

When to use ip link:

Bringing interfaces up or down
Checking physical connection status
Viewing MAC addresses
Managing interface settings (MTU, etc.)

When to use ip addr:

Finding IP addresses
Troubleshooting network connectivity
Checking subnet configuration
Most everyday network viewing

Bringing Interfaces UP and DOWN

One of the most common network administration tasks is enabling or disabling interfaces.

Bringing an Interface DOWN

# Bring interface down (requires root/sudo)
sudo ip link set enp0s3 down

What happens:

Interface becomes unavailable
All network connections through that interface drop
IP address remains assigned but inactive
Physical link may stay connected

Example:

[centos9@vm1 ~]$ sudo ip link set enp0s3 down

[centos9@vm1 ~]$ ip a show dev enp0s3
2: enp0s3: <BROADCAST,MULTICAST> mtu 1500 qdisc fq_codel state DOWN group default qlen 1000
    link/ether 08:00:27:3c:80:d2 brd ff:ff:ff:ff:ff:ff
    inet 192.168.100.154/24 brd 192.168.100.255 scope global dynamic noprefixroute enp0s3
       valid_lft 85659sec preferred_lft 85659sec

Notice:

state DOWN - Interface is disabled
UP flag missing from angle brackets
IP address still listed but not usable

Bringing an Interface UP

# Bring interface up (requires root/sudo)
sudo ip link set enp0s3 up

What happens:

Interface becomes active
Network connectivity restored
DHCP may reassign IP address
Services can use the interface again

Example:

[centos9@vm1 ~]$ sudo ip link set enp0s3 up

[centos9@vm1 ~]$ ip a show dev enp0s3
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 08:00:27:3c:80:d2 brd ff:ff:ff:ff:ff:ff
    inet 192.168.100.154/24 brd 192.168.100.255 scope global dynamic noprefixroute enp0s3
       valid_lft 86397sec preferred_lft 86397sec

Notice:

state UP - Interface is enabled
UP,LOWER_UP - Both administratively up and physically connected
Network connectivity restored

Why You Need Sudo

# Without sudo - permission denied
[centos9@vm1 ~]$ ip link set enp0s3 down
RTNETLINK answers: Operation not permitted

Why?

Network configuration affects entire system
Could disconnect remote users
Security implications
Only root can modify network interfaces

⚠️

⚠️ Critical Warning: If you're connected via SSH, DO NOT bring down the network interface you're using! You'll disconnect yourself and might lock yourself out. Always have console access or use a different interface for management.

Temporary vs Permanent Network Changes

Important distinction:

Commands like ip link set and ip addr make TEMPORARY changes that don't survive reboots.

Temporary Changes (Lost on Reboot)

# These are temporary
sudo ip link set enp0s3 down
sudo ip link set enp0s3 up
sudo ip addr add 192.168.1.100/24 dev enp0s3

Characteristics:

Take effect immediately
Lost on reboot
Useful for testing
Good for troubleshooting

Permanent Changes (Survive Reboot)

For permanent changes, you need to modify configuration files:

RedHat/CentOS (NetworkManager):

# Use nmcli or nmtui
nmcli connection modify enp0s3 ipv4.method manual
nmcli connection modify enp0s3 ipv4.addresses 192.168.1.100/24

Or edit files in:

/etc/sysconfig/network-scripts/ (CentOS 7 and earlier)
/etc/NetworkManager/system-connections/ (modern systems)

Debian/Ubuntu:

Edit /etc/netplan/*.yaml (Ubuntu 18.04+)
Or edit /etc/network/interfaces (older systems)

💡

💡 LFCS Exam Tip: The exam will specify if changes should be permanent or temporary. For temporary changes, use ip commands. For permanent, use NetworkManager tools (nmcli) or edit config files. We'll cover permanent network configuration in depth in a future post!

Understanding MAC Addresses

Every network interface has a MAC address (Media Access Control address) - a unique hardware identifier.

What is a MAC Address?

Format: Six pairs of hexadecimal digits Example: 08:00:27:3c:80:d2

Structure:

First 3 bytes (08:00:27) - Manufacturer ID (OUI - Organizationally Unique Identifier)
Last 3 bytes (3c:80:d2) - Device-specific identifier

Finding MAC address:

# Using ip link
ip link show enp0s3

# Output shows:
# link/ether 08:00:27:3c:80:d2 brd ff:ff:ff:ff:ff:ff

Why MAC addresses matter:

Hardware identification
Network access control (MAC filtering)
DHCP reservations
Network troubleshooting
ARP (Address Resolution Protocol)

Common Network Interface Scenarios

Scenario 1: No Network Connectivity

Troubleshooting steps:

# Step 1: Check if interface is up
ip link

# Look for: UP,LOWER_UP flags
# If missing UP: interface is down
# If missing LOWER_UP: cable unplugged

# Step 2: Check if you have an IP address
ip addr

# If no inet line: no IP address assigned

# Step 3: Try bringing interface up
sudo ip link set enp0s3 up

Scenario 2: Interface Shows UP but No Connectivity

Possible causes:

IP address not assigned
Wrong subnet configuration
Gateway not set
DNS not configured

Scenario 3: Cable Unplugged

Symptoms:

enp0s3: <BROADCAST,MULTICAST,UP> mtu 1500 ...state DOWN...

Notice:

UP flag present (administratively enabled)
No LOWER_UP flag (physical connection missing)
state DOWN

Solution: Check physical cable connection

🧪 Practice Labs

Time to get hands-on! These labs will solidify your understanding of network interfaces and the ip command.

Lab 1: Viewing All Network Interfaces (Beginner)

Task 1.1: List all network interfaces on your system

ip addr

Solution & Explanation

[centos9@vm1 ~]$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 08:00:27:3c:80:d2 brd ff:ff:ff:ff:ff:ff
    inet 192.168.100.154/24 brd 192.168.100.255 scope global dynamic noprefixroute enp0s3
       valid_lft 85743sec preferred_lft 85743sec

What you see:

Interface 1: lo (loopback) - 127.0.0.1
Interface 2: enp0s3 (ethernet) - 192.168.100.154

Your output will differ based on your system's network configuration!

Task 1.2: Count how many network interfaces you have

ip link | grep "^[0-9]" | wc -l

Solution & Explanation

[centos9@vm1 ~]$ ip link | grep "^[0-9]" | wc -l
3

Command breakdown:

ip link - show all interfaces
| - pipe to next command
grep "^[0-9]" - match lines starting with numbers (interface lines)
wc -l - count lines

Result: This system has 3 network interfaces

Alternative method:

ip link show | grep -c "^[0-9]"

Task 1.3: List only interface names (no details)

ip -o link show | awk -F': ' '{print $2}'

Solution & Explanation

[centos9@vm1 ~]$ ip -o link show | awk -F': ' '{print $2}'
lo
enp0s3
enp0s8

Command breakdown:

ip -o link show - one-line output per interface
| - pipe to awk
awk -F': ' - use colon-space as field separator
'{print $2}' - print second field (interface name)

Simpler alternative:

ls /sys/class/net/

Lab 2: Examining Specific Interfaces (Beginner)

Task 2.1: View details of only the loopback interface

ip addr show dev lo

Solution & Explanation

[centos9@vm1 ~]$ ip addr show dev lo
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever

Key information:

Always named lo
Always 127.0.0.1 (IPv4)
Always ::1 (IPv6)
State should always be UP

Shorthand:

ip a s dev lo

Task 2.2: Find your primary ethernet interface's IP address

ip addr show | grep "inet " | grep -v "127.0.0.1"

Solution & Explanation

[centos9@vm1 ~]$ ip addr show | grep "inet " | grep -v "127.0.0.1"
    inet 192.168.100.154/24 brd 192.168.100.255 scope global dynamic noprefixroute enp0s3
    inet 10.0.3.15/24 brd 10.0.3.255 scope global dynamic noprefixroute enp0s8

Command breakdown:

ip addr show - show all addresses
grep "inet " - find IPv4 addresses (note the space after inet)
grep -v "127.0.0.1" - exclude loopback

Result: Shows all non-loopback IPv4 addresses

Better way to get just the first IP:

hostname -I | awk '{print $1}'

Task 2.3: Check if a specific interface (enp0s3) is UP

ip link show dev enp0s3 | grep -o "state [A-Z]*"

Solution & Explanation

[centos9@vm1 ~]$ ip link show dev enp0s3 | grep -o "state [A-Z]*"
state UP

Command breakdown:

ip link show dev enp0s3 - show link info for enp0s3
grep -o "state [A-Z]*" - extract "state" and following capital letters

Interpretation:

state UP - Interface is active ✅
state DOWN - Interface is disabled ❌
state UNKNOWN - State indeterminate (common for lo)

Alternative check:

ip link show dev enp0s3 | grep -q "state UP" && echo "UP" || echo "DOWN"

Lab 3: Understanding MAC Addresses (Intermediate)

Task 3.1: Find the MAC address of your primary ethernet interface

ip link show | grep -A 1 "^2:"

Solution & Explanation

[centos9@vm1 ~]$ ip link show | grep -A 1 "^2:"
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 08:00:27:3c:80:d2 brd ff:ff:ff:ff:ff:ff

MAC address: 08:00:27:3c:80:d2

Format explained:

6 pairs of hexadecimal digits
Separated by colons
First 3 bytes (08:00:27) = Manufacturer (Oracle VirtualBox in this case)

Better command for just MAC:

ip link show enp0s3 | grep link/ether | awk '{print $2}'

Output: 08:00:27:3c:80:d2

Task 3.2: List all MAC addresses on your system

ip link | grep "link/ether" | awk '{print $2}'

Solution & Explanation

[centos9@vm1 ~]$ ip link | grep "link/ether" | awk '{print $2}'
08:00:27:3c:80:d2
08:00:27:f0:59:b0
9e:18:e6:a7:bd:6e

What you see:

Each physical/virtual network interface has a unique MAC
Loopback doesn't have a MAC (it's link/loopback, not link/ether)

With interface names:

ip link | grep -B 1 "link/ether" | grep "^[0-9]" | awk '{print $2, "="}'

Task 3.3: Verify the MAC address format (should be 6 pairs of hex)

ip link show enp0s3 | grep -oP 'link/ether \K[a-f0-9:]{17}'

Solution & Explanation

[centos9@vm1 ~]$ ip link show enp0s3 | grep -oP 'link/ether \K[a-f0-9:]{17}'
08:00:27:3c:80:d2

Regex breakdown:

link/ether \K - match "link/ether " but don't include in output (\K)
[a-f0-9:] - hexadecimal digits and colons
{17} - exactly 17 characters (6 pairs + 5 colons)

Valid MAC format: XX:XX:XX:XX:XX:XX where X is hex digit (0-9, a-f)

Lab 4: Bringing Interfaces Up and Down (Intermediate)

⚠️

⚠️ Warning: Only do these labs on a system where you have console access! Don't practice on a remote SSH session or you'll disconnect yourself!

Task 4.1: Check current state of an interface before changing it

ip link show enp0s3 | grep -o "state [A-Z]*"

Solution & Explanation

[centos9@vm1 ~]$ ip link show enp0s3 | grep -o "state [A-Z]*"
state UP

Always check before modifying!

Confirms which interface you're working with
Verifies current state
Prevents mistakes

Full status:

ip -br link show enp0s3

Output: enp0s3 UP 08:00:27:3c:80:d2

Task 4.2: Bring an interface down (requires sudo)

sudo ip link set enp0s3 down

Solution & Explanation

[centos9@vm1 ~]$ sudo ip link set enp0s3 down

# Verify it's down
[centos9@vm1 ~]$ ip link show enp0s3
2: enp0s3: <BROADCAST,MULTICAST> mtu 1500 qdisc fq_codel state DOWN mode DEFAULT group default qlen 1000
    link/ether 08:00:27:3c:80:d2 brd ff:ff:ff:ff:ff:ff

What changed:

state DOWN instead of state UP
Missing UP flag in angle brackets
Missing LOWER_UP flag
Network connectivity lost on this interface

Command structure:

sudo - requires root privileges
ip link set - modify link properties
enp0s3 - interface name
down - desired state

Task 4.3: Bring the interface back up

sudo ip link set enp0s3 up

Solution & Explanation

[centos9@vm1 ~]$ sudo ip link set enp0s3 up

# Verify it's up
[centos9@vm1 ~]$ ip link show enp0s3
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 08:00:27:3c:80:d2 brd ff:ff:ff:ff:ff:ff

What changed:

state UP restored
UP,LOWER_UP flags back
Network connectivity restored
DHCP may have reassigned IP

Verify connectivity:

ping -c 3 8.8.8.8

Lab 5: Understanding Interface Flags (Intermediate)

Task 5.1: List all interfaces with their current flags

ip link | grep "^[0-9]"

Solution & Explanation

[centos9@vm1 ~]$ ip link | grep "^[0-9]"
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000

Flag analysis:

lo: LOOPBACK, UP, LOWER_UP - normal for loopback
enp0s3: BROADCAST, MULTICAST, UP, LOWER_UP - normal for ethernet
enp0s8: BROADCAST, MULTICAST, UP, LOWER_UP - normal for ethernet

Key flags to know:

UP = Administratively enabled
LOWER_UP = Physical link connected
BROADCAST = Can broadcast to all
MULTICAST = Can multicast

Task 5.2: Find interfaces that are UP but have no physical connection

ip link | grep -B 0 "state.*DOWN"

Solution & Explanation

[centos9@vm1 ~]$ ip link | grep -B 0 "state.*DOWN"
5: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default

Interpretation:

Interface is administratively UP
But physical state is DOWN
See NO-CARRIER flag
Common for virtual interfaces with no connections

Real-world example:

Docker bridge with no containers running
Ethernet interface with cable unplugged
Virtual interfaces not in use

Task 5.3: Check if loopback interface is properly UP

ip link show lo | grep -q "UP,LOWER_UP" && echo "Loopback OK" || echo "Loopback PROBLEM!"

Solution & Explanation

[centos9@vm1 ~]$ ip link show lo | grep -q "UP,LOWER_UP" && echo "Loopback OK" || echo "Loopback PROBLEM!"
Loopback OK

Command breakdown:

ip link show lo - show loopback
grep -q "UP,LOWER_UP" - quiet search for both flags
&& echo "Loopback OK" - if found, print OK
|| echo "Loopback PROBLEM!" - if not found, print problem

Why this matters:

Loopback should ALWAYS be UP
Critical for local services
If down, system has serious problems

Fix if down:

sudo ip link set lo up

Lab 6: Filtering and Searching (Advanced)

Task 6.1: Show only interfaces that are currently UP

ip -br link show | grep "UP"

Solution & Explanation

[centos9@vm1 ~]$ ip -br link show | grep "UP"
lo               UNKNOWN        00:00:00:00:00:00
enp0s3           UP             08:00:27:3c:80:d2
enp0s8           UP             08:00:27:f0:59:b0
docker_gwbridge  UP             9e:18:e6:a7:bd:6e

Command breakdown:

ip -br link show - brief output (one line per interface)
grep "UP" - show only lines with "UP"

Brief format fields:

Interface name
State
MAC address

More specific - only truly UP:

ip -br link show up

Task 6.2: Find your primary IP address (excluding loopback)

ip -4 addr show | grep inet | grep -v "127.0.0.1" | head -1 | awk '{print $2}'

Solution & Explanation

[centos9@vm1 ~]$ ip -4 addr show | grep inet | grep -v "127.0.0.1" | head -1 | awk '{print $2}'
192.168.100.154/24

Command breakdown:

ip -4 addr show - show only IPv4 addresses
grep inet - lines with inet (IPv4)
grep -v "127.0.0.1" - exclude loopback
head -1 - first result only
awk '{print $2}' - second field (the IP/mask)

To get just IP without subnet:

ip -4 addr show | grep inet | grep -v "127.0.0.1" | head -1 | awk '{print $2}' | cut -d/ -f1

Output: 192.168.100.154

Task 6.3: List all IPv6 addresses on the system

ip -6 addr show | grep inet6 | awk '{print $2}'

Solution & Explanation

[centos9@vm1 ~]$ ip -6 addr show | grep inet6 | awk '{print $2}'
::1/128
fe80::9b6f:96bb:eae6:4030/64
fe80::375d:8fe6:b0ba:6f0f/64

What you see:

::1/128 - IPv6 loopback (like 127.0.0.1 for IPv4)
fe80::... - Link-local IPv6 addresses

IPv6 address types:

::1 - Loopback
fe80:: - Link-local (local network only)
2xxx:: or 3xxx:: - Global unicast (internet routable)

Full details:

ip -6 addr show

Lab 7: Interface Statistics and Information (Advanced)

Task 7.1: Show brief status of all interfaces (one line each)

ip -br addr show

Solution & Explanation

[centos9@vm1 ~]$ ip -br addr show
lo               UNKNOWN        127.0.0.1/8 ::1/128
enp0s3           UP             192.168.100.154/24 fe80::9b6f:96bb:eae6:4030/64
enp0s8           UP             10.0.3.15/24 fe80::375d:8fe6:b0ba:6f0f/64
docker_gwbridge  UP             172.19.0.1/16 fe80::9c18:e6ff:fea7:bd6e/64
docker0          DOWN           172.17.0.1/16

Format:

Column 1: Interface name
Column 2: State
Column 3+: IP addresses (IPv4 and IPv6)

Why this is useful:

Quick overview of all interfaces
See state and IPs at a glance
Much more readable than full output

Color output:

ip -c -br addr show

Task 7.2: Get detailed statistics for an interface

ip -s link show enp0s3

Solution & Explanation

[centos9@vm1 ~]$ ip -s link show enp0s3
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 08:00:27:3c:80:d2 brd ff:ff:ff:ff:ff:ff
    RX: bytes  packets  errors  dropped missed  mcast
    4534234    32456    0       0       0       184
    TX: bytes  packets  errors  dropped carrier collsns
    876543     12345    0       0       0       0

Statistics explained:

RX - Receive (incoming)
- bytes - Total bytes received
- packets - Number of packets
- errors - Receive errors
- dropped - Dropped packets
TX - Transmit (outgoing)
- bytes - Total bytes sent
- packets - Number of packets sent
- errors - Transmission errors

Troubleshooting with stats:

High errors = Hardware or driver problem
High dropped = System overload or buffer issues
Zero packets = No traffic (check cables, config)

More detailed stats:

ip -s -s link show enp0s3  # Double -s for even more detail

Task 7.3: Find the MTU of all interfaces

ip link | grep mtu | awk '{print $2, $5}'

Solution & Explanation

[centos9@vm1 ~]$ ip link | grep mtu | awk '{print $2, $5}'
lo: 65536
enp0s3: 1500
enp0s8: 1500
docker_gwbridge: 1500

MTU explained:

Maximum Transmission Unit
Maximum packet size in bytes
Loopback: 65536 (very large, no physical limits)
Ethernet: Usually 1500 (standard)
Jumbo frames: 9000 (high-performance networks)

Why MTU matters:

Packets larger than MTU get fragmented
Wrong MTU causes performance issues
Some networks require specific MTU

Check if MTU needs adjustment: Usually 1500 is fine unless you're on a special network

Lab 8: Troubleshooting Network Issues (Advanced)

Task 8.1: Create a troubleshooting checklist script

cat << 'EOF' > check-network.sh
#!/bin/bash
echo "=== Network Interface Check ==="
echo "1. Loopback interface:"
ip link show lo | grep -o "state [A-Z]*"

echo -e "\n2. Primary interface:"
ip -br link show | grep -v lo | head -1

echo -e "\n3. IP Address:"
hostname -I

echo -e "\n4. Default route:"
ip route | grep default

echo "=== Check complete ==="
EOF

chmod +x check-network.sh
./check-network.sh

Solution & Explanation

[centos9@vm1 ~]$ ./check-network.sh
=== Network Interface Check ===
1. Loopback interface:
state UNKNOWN

2. Primary interface:
enp0s3           UP             08:00:27:3c:80:d2

3. IP Address:
192.168.100.154 10.0.3.15

4. Default route:
default via 192.168.100.1 dev enp0s3 proto dhcp metric 100
=== Check complete ===

What this script checks:

Loopback is up (should be UNKNOWN or UP for lo)
Primary interface status
IP addresses assigned
Default route exists

Use case:

Quick network health check
Troubleshooting connectivity
Before/after network changes

Expand this script:

Add ping test to gateway
Check DNS resolution
Test internet connectivity

Task 8.2: Diagnose a "down" interface

# Simulate the problem first
sudo ip link set enp0s3 down

# Now diagnose
echo "Interface status:"
ip link show enp0s3 | head -1

echo -e "\nLooking for issues..."
if ip link show enp0s3 | grep -q "state DOWN"; then
    echo "❌ Interface is DOWN"
    echo "Fix: sudo ip link set enp0s3 up"
fi

if ! ip link show enp0s3 | grep -q "LOWER_UP"; then
    echo "❌ No physical connection"
    echo "Fix: Check cable is plugged in"
fi

# Fix it
sudo ip link set enp0s3 up

Solution & Explanation

[centos9@vm1 ~]$ sudo ip link set enp0s3 down

[centos9@vm1 ~]$ echo "Interface status:"
Interface status:
[centos9@vm1 ~]$ ip link show enp0s3 | head -1
2: enp0s3: <BROADCAST,MULTICAST> mtu 1500 qdisc fq_codel state DOWN mode DEFAULT group default qlen 1000

[centos9@vm1 ~]$ if ip link show enp0s3 | grep -q "state DOWN"; then
    echo "❌ Interface is DOWN"
    echo "Fix: sudo ip link set enp0s3 up"
fi
❌ Interface is DOWN
Fix: sudo ip link set enp0s3 up

[centos9@vm1 ~]$ sudo ip link set enp0s3 up

Diagnostic process:

Check interface state
Identify specific problem
Suggest solution
Apply fix

Common issues:

state DOWN = Interface disabled → bring it up
No LOWER_UP = Cable issue → check physical connection
No IP address = DHCP/config issue → check network config

Task 8.3: Compare network state before and after a change

# Save before state
ip addr > /tmp/network-before.txt

# Make a change (bring interface down)
sudo ip link set enp0s3 down

# Save after state
ip addr > /tmp/network-after.txt

# Compare
echo "=== Changes ==="
diff /tmp/network-before.txt /tmp/network-after.txt

# Restore
sudo ip link set enp0s3 up

Solution & Explanation

[centos9@vm1 ~]$ ip addr > /tmp/network-before.txt
[centos9@vm1 ~]$ sudo ip link set enp0s3 down
[centos9@vm1 ~]$ ip addr > /tmp/network-after.txt
[centos9@vm1 ~]$ diff /tmp/network-before.txt /tmp/network-after.txt
2c2
< 2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
---
> 2: enp0s3: <BROADCAST,MULTICAST> mtu 1500 qdisc fq_codel state DOWN group default qlen 1000

What diff shows:

< = before state
> = after state
Line 2 changed: UP → DOWN
Flags changed: lost UP and LOWER_UP

Why this technique is useful:

Document changes
Troubleshooting
Before/after comparison
Rollback information

Better for automation:

# Just show if interface state changed
if ! diff <(ip link show enp0s3) <(sudo ip link set enp0s3 down && ip link show enp0s3); then
    echo "State changed"
fi

[centos9@vm1 ~]$ sudo ip link set enp0s3 up

Lab 9: Real-World Scenarios (Advanced)

Task 9.1: Find which interface is being used for internet access

ip route show default

Solution & Explanation

[centos9@vm1 ~]$ ip route show default
default via 192.168.100.1 dev enp0s3 proto dhcp metric 100

Interpretation:

Default route (internet traffic) uses enp0s3
Gateway is 192.168.100.1
Route learned via DHCP
Metric 100 (priority)

What this tells you:

Which interface connects to internet
What your gateway IP is
How the route was configured

Get just the interface name:

ip route show default | awk '{print $5}'

Output: enp0s3

Task 9.2: Identify your gateway (router) IP address

ip route | grep default | awk '{print $3}'

Solution & Explanation

[centos9@vm1 ~]$ ip route | grep default | awk '{print $3}'
192.168.100.1

Gateway explained:

The router that connects you to other networks
First hop for internet traffic
Usually your home/office router

Test connectivity to gateway:

ping -c 3 $(ip route | grep default | awk '{print $3}')

If ping fails:

Gateway is down
Network cable issue
Wrong gateway configuration

Task 9.3: Prepare network info for SSH troubleshooting

cat << 'EOF' > network-info.sh
#!/bin/bash
echo "=== SSH Connection Info ==="
echo "Hostname: $(hostname)"
echo "IP Addresses: $(hostname -I)"
echo "Default Interface: $(ip route show default | awk '{print $5}')"
echo "Gateway: $(ip route show default | awk '{print $3}')"
echo "MAC Address: $(ip link show $(ip route show default | awk '{print $5}') | grep link/ether | awk '{print $2}')"
echo ""
echo "SSH command to connect:"
echo "ssh $(whoami)@$(hostname -I | awk '{print $1}')"
EOF

chmod +x network-info.sh
./network-info.sh

Solution & Explanation

[centos9@vm1 ~]$ ./network-info.sh
=== SSH Connection Info ===
Hostname: vm1
IP Addresses: 192.168.100.154 10.0.3.15
Default Interface: enp0s3
Gateway: 192.168.100.1
MAC Address: 08:00:27:3c:80:d2

SSH command to connect:
ssh centos9@192.168.100.154

Why this is useful:

Quick network summary
SSH connection details
Share with others for remote access
Document your setup

Save to file:

./network-info.sh > my-network-config.txt

Use case:

Setting up remote access
Documenting servers
Troubleshooting guides

Lab 10: Creating Network Monitoring Aliases (Challenge)

Task 10.1: Create helpful aliases for network commands

# Add to your ~/.bashrc
cat << 'EOF' >> ~/.bashrc

# Network monitoring aliases
alias myip='hostname -I | awk "{print \$1}"'
alias myips='ip -br addr show'
alias netstat-simple='ip -br link show'
alias check-net='ping -c 3 8.8.8.8'
alias check-gateway='ping -c 3 $(ip route | grep default | awk "{print \$3}")'
alias show-routes='ip route show'

EOF

# Reload bashrc
source ~/.bashrc

# Test the aliases
myip
myips

Solution & Explanation

[centos9@vm1 ~]$ source ~/.bashrc

[centos9@vm1 ~]$ myip
192.168.100.154

[centos9@vm1 ~]$ myips
lo               UNKNOWN        127.0.0.1/8 ::1/128
enp0s3           UP             192.168.100.154/24 fe80::9b6f:96bb:eae6:4030/64
enp0s8           UP             10.0.3.15/24 fe80::375d:8fe6:b0ba:6f0f/64

[centos9@vm1 ~]$ netstat-simple
lo               UNKNOWN        00:00:00:00:00:00
enp0s3           UP             08:00:27:3c:80:d2
enp0s8           UP             08:00:27:f0:59:b0

[centos9@vm1 ~]$ check-net
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=116 time=12.3 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=116 time=11.8 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=116 time=12.1 ms

Alias benefits:

Faster than typing full commands
Easy to remember
Consistent across sessions
Customizable to your workflow

Advanced aliases:

alias watch-net='watch -n 1 ip -br addr show'  # Monitor interfaces every second
alias list-interfaces='ls /sys/class/net/'      # Quick interface list

📚 Best Practices

Network Interface Management

1. Always verify before modifying

# Check current state first
ip link show enp0s3

# Then make changes
sudo ip link set enp0s3 down

2. Use brief output for quick checks

# Instead of: ip addr show
# Use: ip -br addr show

# Much more readable!

3. Never bring down your SSH interface

# Find which interface SSH uses
ip route get 8.8.8.8 | grep -oP 'dev \K\S+'

# DON'T bring that one down if you're SSH'd in!

4. Document your changes

# Before making changes
ip addr > /tmp/network-backup-$(date +%Y%m%d).txt

# Make changes

# If something breaks, you have a reference

For LFCS Exam

Speed tips:

Use ip a instead of ip addr show
Use ip -br for quick overview
Know ip link set DEV up/down by heart
Remember loopback is always lo and 127.0.0.1

Common exam tasks:

Identify interface names
Find IP addresses
Bring interfaces up/down
Verify network connectivity
Read interface states

Time savers:

# Quick IP check
hostname -I

# Quick interface check
ip -br link

# Quick route check
ip route show default

Troubleshooting Strategy

Step 1: Check physical layer

ip link show DEV | grep LOWER_UP
# If missing: cable or hardware problem

Step 2: Check administrative state

ip link show DEV | grep "state UP"
# If DOWN: bring it up

Step 3: Check IP address

ip addr show DEV | grep "inet "
# If missing: DHCP or config problem

Step 4: Check routes

ip route show
# Verify default route exists

🚨 Common Pitfalls to Avoid

Pitfall 1: Bringing Down Your SSH Interface

Problem: Disabling the interface you're SSH'd through.

# You're SSH'd in via enp0s3
sudo ip link set enp0s3 down  # ❌ YOU JUST DISCONNECTED YOURSELF!

Solution: Always use console access when practicing interface management, or use a different interface for management.

Pitfall 2: Assuming eth0 is Always Available

Problem: Using hardcoded eth0 in scripts.

# This might fail on modern systems
ip link show eth0  # ❌ Interface might be named enp0s3

Solution: Find interface names dynamically:

# Get primary interface name
PRIMARY=$(ip route show default | awk '{print $5}')
ip link show $PRIMARY

Pitfall 3: Forgetting Changes are Temporary

Problem: Thinking ip command changes survive reboot.

sudo ip link set enp0s3 down  # Temporary!
# After reboot: interface will be UP again

Solution: Remember - ip commands are temporary. For permanent changes, use NetworkManager or config files (covered in future posts).

Pitfall 4: Confusing ip addr and ip link

Problem: Using the wrong subcommand.

# Want to see IP addresses but use:
ip link  # ❌ Doesn't show IP addresses!

# Should use:
ip addr  # ✅ Shows IP addresses

Solution:

ip link = interface info (MAC, state)
ip addr = interface info + IP addresses

Pitfall 5: Not Checking Both IPv4 and IPv6

Problem: Only checking IPv4.

# Only sees IPv4
ip -4 addr show

# Missing IPv6 configuration issues!

Solution: Check both:

ip addr show  # Shows both IPv4 and IPv6
# Or specifically:
ip -4 addr show  # IPv4 only
ip -6 addr show  # IPv6 only

Pitfall 6: Ignoring Interface Flags

Problem: Not reading the flags in angle brackets.

enp0s3: <BROADCAST,MULTICAST,UP> mtu 1500 state DOWN
# Has UP flag but state is DOWN - missing LOWER_UP!
# This means cable is unplugged!

Solution: Always check both flags and state:

UP = administratively enabled
LOWER_UP = physically connected
state UP = fully operational

📝 Command Cheat Sheet

Viewing Interfaces

# Show all interfaces with IPs
ip addr
ip addr show
ip a                    # Shorthand

# Show only link layer info (no IPs)
ip link
ip link show

# Show brief one-line format
ip -br addr show
ip -br link show

# Show only IPv4
ip -4 addr show

# Show only IPv6
ip -6 addr show

# Show specific interface
ip addr show dev enp0s3
ip a s dev enp0s3       # Shorthand

# Show interface statistics
ip -s link show enp0s3
ip -s -s link show enp0s3  # Even more detail

# Show colored output
ip -c addr show

Managing Interfaces

# Bring interface down (requires sudo)
sudo ip link set enp0s3 down

# Bring interface up (requires sudo)
sudo ip link set enp0s3 up

# Set MTU
sudo ip link set enp0s3 mtu 9000

# Change MAC address (advanced)
sudo ip link set enp0s3 address aa:bb:cc:dd:ee:ff

Quick Information

# Get your IP address
hostname -I
hostname -I | awk '{print $1}'  # Just first IP

# Get interface names
ls /sys/class/net/
ip -o link show | awk -F': ' '{print $2}'

# Get default gateway
ip route show default
ip route | grep default | awk '{print $3}'

# Get default interface
ip route show default | awk '{print $5}'

# Get MAC address
ip link show enp0s3 | grep link/ether | awk '{print $2}'

# Check if interface is UP
ip link show enp0s3 | grep -q "state UP" && echo "UP" || echo "DOWN"

Filtering and Searching

# Show only UP interfaces
ip -br link show up

# Show only DOWN interfaces
ip -br link show down

# Find IPv4 addresses (excluding loopback)
ip -4 addr | grep inet | grep -v 127.0.0.1

# Find all MAC addresses
ip link | grep link/ether | awk '{print $2}'

# Count interfaces
ip link | grep -c "^[0-9]"

🎯 Key Takeaways

Let's summarize what you've mastered:

About Network Interfaces:

Interfaces are connection points to networks
Named with predictable scheme (enp0s3, ens33, etc.)
Loopback (lo) is always 127.0.0.1
Each interface has a unique MAC address

About the ip Command:

ip addr - Show interfaces and IP addresses
ip link - Show interfaces (link layer only)
ip -br - Brief one-line output
Modern replacement for ifconfig

About Interface States:

UP flag = Administratively enabled
LOWER_UP flag = Physically connected
state UP = Fully operational
Both flags needed for working interface

Managing Interfaces:

sudo ip link set DEV up - Enable interface
sudo ip link set DEV down - Disable interface
Changes are temporary (lost on reboot)
Never disable your SSH interface remotely!

For LFCS Success:

Master ip addr and ip link commands
Understand interface naming
Read and interpret interface flags
Know how to troubleshoot connectivity
Practice on local system first

✅

🎉 Congratulations! You now understand Linux network interfaces and the ip command. You can view, analyze, and manage network interfaces like a professional Linux administrator. This knowledge is fundamental for LFCS and real-world system administration!

🚀 What's Next?

In Part 16, we'll continue with networking by exploring Managing Hostnames with hostname and hostnamectl. You'll learn:

Understanding hostnames and their importance
Using hostname command to view/set hostname
Using hostnamectl for modern hostname management
Transient vs static vs pretty hostnames
The /etc/hostname file
FQDN (Fully Qualified Domain Names)
And much more!

Recommended practice before next post:

Work through all 20 practice labs
Practice on your own system
Bring interfaces up and down (with console access!)
Create the network monitoring aliases
Memorize the key ip commands for speed

Continue your LFCS journey:

Previous: Part 14 - Exploring /usr/share/doc and tldr
Next: Part 16 - Managing Hostnames with hostname and hostnamectl

💡

📖 Networking Journey Begins: You've completed the first networking post! Network interfaces are the foundation of all network configuration. Next, we'll explore hostnames, then dive deeper into routing, DNS, and more advanced networking topics. 🚀

What Are Network Interfaces?

Types of Network Interfaces

Understanding Interface Naming

The ip Command

Basic ip Command Structure

Why ip Command Matters for LFCS

Viewing Network Interfaces with ip addr

Basic Usage

Understanding the Output (Line by Line)

Understanding Interface Flags

Understanding Interface States

Viewing Specific Interface

Understanding the Loopback Interface (lo)

Key Facts About Loopback

Localhost vs 127.0.0.1

Viewing Interfaces with ip link

Basic Usage

ip addr vs ip link

Bringing Interfaces UP and DOWN

Bringing an Interface DOWN

Bringing an Interface UP

Why You Need Sudo

Temporary vs Permanent Network Changes

Temporary Changes (Lost on Reboot)

Permanent Changes (Survive Reboot)

Understanding MAC Addresses

What is a MAC Address?

Common Network Interface Scenarios

Scenario 1: No Network Connectivity

Scenario 2: Interface Shows UP but No Connectivity

Scenario 3: Cable Unplugged

🧪 Practice Labs

Lab 1: Viewing All Network Interfaces (Beginner)

Lab 2: Examining Specific Interfaces (Beginner)

Lab 3: Understanding MAC Addresses (Intermediate)

Lab 4: Bringing Interfaces Up and Down (Intermediate)

Lab 5: Understanding Interface Flags (Intermediate)

Lab 6: Filtering and Searching (Advanced)

Lab 7: Interface Statistics and Information (Advanced)

Lab 8: Troubleshooting Network Issues (Advanced)

Lab 9: Real-World Scenarios (Advanced)

Lab 10: Creating Network Monitoring Aliases (Challenge)

📚 Best Practices

Network Interface Management

For LFCS Exam

Troubleshooting Strategy

🚨 Common Pitfalls to Avoid

Pitfall 1: Bringing Down Your SSH Interface

Pitfall 2: Assuming eth0 is Always Available

Pitfall 3: Forgetting Changes are Temporary

Pitfall 4: Confusing ip addr and ip link

Pitfall 5: Not Checking Both IPv4 and IPv6

Pitfall 6: Ignoring Interface Flags

📝 Command Cheat Sheet

Viewing Interfaces

Managing Interfaces

Quick Information

Filtering and Searching

🎯 Key Takeaways

🚀 What's Next?

Written by Owais

Get Job-Ready in Emerging Tech

Related Articles

Exploring /usr/share/doc and tldr for LFCS Certification

Exploring /usr/share/doc and tldr for LFCS Certification

Using info, pinfo, and --help for LFCS Certification

More Reading

Mastering man Pages Part 2: Sections and Advanced Usage for LFCS