█
LastWrite
  • > Curriculum
  • > Pricing
  • > For Educators
  • > About
  • > Contact
Log InGet Started

Questions, concerns, bug reports, or suggestions? We read every message, write to us at [email protected].

More ways to reach us →
LastWrite

Structured computer science lessons for aspiring developers and security professionals.

[email protected]

(201) 785-7951

Mon–Fri, 9 AM–5 PM EST

Learn

  • Curriculum
  • Pricing

Company

  • About
  • For Educators & Schools
  • Contact Us

Legal

  • Terms of Service
  • Privacy Policy
© 2026 LastWrite. All rights reserved.
Curriculum/DevOps and Infrastructure/Linux and the Command Line/Networking from the CLI
35 minIntermediate

Networking from the CLI

After this lesson, you will be able to: Diagnose connectivity with ping, curl, wget, netstat, ss, and Nmap basics; read /etc/hosts.

When 'the app is down' the first question is usually 'can the server even reach the network?'. These commands answer it.

Prerequisites:Processes and systemd

Connectivity smoke tests

Each tool answers a different question.

tsx
ping example.com # is the host reachable? (ICMP)
ping -c 4 example.com # 4 packets then stop
# DNS lookup
dig example.com # full DNS output
dig +short example.com # just the IP
nslookup example.com # older alternative
# HTTP request (the ops Swiss army knife)
curl https://example.com
curl -I https://example.com # HEAD request, headers only
curl -v https://example.com # verbose: see the whole TCP+TLS+HTTP
curl -X POST -d 'foo=bar' https://example.com/api
curl -H 'Authorization: Bearer xyz' https://api.example.com/me
wget https://example.com/file.tar.gz # download a file

What's listening on this server?

ss is the modern netstat; both answer 'who's listening on what port?'.

tsx
ss -tlnp # listening TCP ports + the process bound
ss -tunlp # also UDP
ss -s # summary stats
# netstat (older but still everywhere)
netstat -tlnp
netstat -anp | grep 8080 # find what's on port 8080
# What's connected to me right now?
ss -t state established

Nmap basics (use only on systems you own / are authorised for)

Nmap maps open ports; review the cs-pentest-ethics lesson before running anywhere else.

tsx
nmap localhost # scan your own machine
nmap -sV 192.168.1.10 # version detection
nmap -p 22,80,443 host.example # specific ports
nmap -sn 192.168.1.0/24 # discover live hosts on a /24
# Don't scan random IPs on the internet without permission

/etc/hosts: the local override file

Maps hostnames to IPs BEFORE DNS is consulted. Use for testing, dev, and overrides.

tsx
# /etc/hosts
127.0.0.1 localhost
127.0.1.1 myhostname
# Pin staging to a specific IP for local testing
10.0.5.42 staging.example.com
# Block a domain by sending it to localhost
0.0.0.0 ads.example.com
# After editing, no daemon to reload; changes take effect immediately.

Common mistakes only experienced engineers avoid

Trusting `ping` to verify HTTPS works. ICMP and HTTPS are different stacks; ping can fail while HTTPS works (firewall blocks ICMP). Running netstat on a busy server with thousands of connections; it's slow. Use `ss` instead. Scanning third-party servers with nmap and being surprised by abuse complaints. Editing `/etc/hosts` for production routing. It works for one machine; doesn't scale. Forgetting that DNS is cached. `dig` shows live; the OS / browser may have stale results.

Quick Check

Your web server returns 502 Bad Gateway. What FIRST diagnostic do you run on the server?

Pick the highest-signal first check.

Sign in and purchase access to unlock this lesson.

Sign in to purchase
←Processes and systemd
Back to Linux and the Command Line
Shell Scripting→