Networking Basics for System Administrators

A NIC on a host (computer) is identified by a number called its IP address.  To send data from one host to another, the data is split into chunks called packets.  Each packet has a header, which includes both the source and destination host IP address.  The network will deliver each packet to the destination host.

When powered up, a NIC is not assigned any IP address.  These can be assigned manually (called a static address) or automatically (a dynamic address).  While servers rarely use dynamic addresses, most other hosts will.  DHCP is commonly used to configure a dynamic address on a host, as well as many other network parameters that must be set for networking to work.

People (and even software) rarely use the addresses directly.  Instead, a name is used.  Such names must be translated to a number before they can be used.  One way to do this is to set up the file /etc/hosts with names and addresses.  Another way is to use the domain name system (DNS).

IP addresses are 4 byte (32 bit) numbers usually written in dotted-decimal notation.  In dotted-decimal notation, you convert each byte to a decimal number and separate the four numbers with periods, for example “”.

These addresses are standard for IPv4 (version 4 of the IP suite of protocols).  A newer version, IPv6, uses 16 byte (128 bit) addresses and uses a different notation.

IP addresses have two parts: the left-most part of the address identifies a network.  The remaining bits on the right uniquely identify a host within that network.  The number of bits used for each part can vary.  A separate 32 bit number known as a mask (or sometimes subnet mask or netmask) is used to show how many bits are used for the network part and how many for the host part.  In the mask, a binary digit of 1 (one) means the corresponding bit in the address is part of the network number.  A 0 (zero) show the corresponding bit is part of the host number.  Consider the following address and mask:

IP address:    11000000 00000000 00000010 01010110
Mask: 11111111 11111111 11111111 00000000

Then the network number is “” and the host number is “86”.  The mask may be written in dotted-decimal notation.  A more convenient notation (“CIDR” notation) is simply to specify the length (in bits) of the network part.  You separate the mask from the address with a slash:


A NIC also has an “Ethernet” address (technically a “data link” address).  This is set by the manufacturer of the NIC.  It is completely independent of the IP address, which must be assigned by the administrator.  A protocol called ARP (Address Resolution Protocol) is used to translate between these as needed, automatically.

Port Numbers

An IP address alone is not enough.  Consider a web browser sending an HTTP request packet to a web server.  When a user clicks a link, the name is translated to an address.  But if the packet was sent with just that, how would the destination host know to deliver the packet to the web server and not the SSH server or print server or some other server?  Even if the OS on the destination host guesses to which daemon to deliver the packet, which program on the client should receive the reply?  (What if you have two web browser windows open; which should be updated?)

The answer is to associate a number with each program (client or server) called a port number.  Each packet will have a source and destination port number in the packet header, in addition to the IP addresses.  A program (client or server) tells the operating system “if you receive any packets for port number x then deliver them to me”.  This is called listening on a port.

There is nothing to tell a client what port number to use for some service, any more than there is a standard IP address to use.  While any program can listen on any port, there are standard port numbers for some common, well-known services.  A list of these is found in the file /etc/services.  This list is maintained by the IANA.  This file can be used in some cases to refer to a service by a name, rather than its port number.  Keep in mind any program can listen on any port number.  An SA must know some of the more common ones; use grep to guess the name of some service and find its port number.  Some to know: 22 (SSH), 25 (SMTP), 53 (DNS), 80 (HTTP), 443 (HTTPS), and others.

While service daemons generally use well-known port numbers, client programs generally ask the kernel to pick a port number for them.  Some unused (and not in the well-known list) port number is selected by the kernel and assigned to that client program.

So, when program A on host ONE wants to send some data to program B on host TWO, it sends the data to the kernel along with the destination IP address and the port number for host TWO and program B.  The kernel selects a port number for the client, and adds that (as well as the IP address for host ONE) to the header, breaks up the data into packets, and adds the header to each, then sends the packets to the NIC.  The packets look something like this:

 SRC_IP: SRC_port: 50123 DEST_IP: DEST_port: 80

When the packet is received at host TWO, it sends the packet to the program identified by the destination port number (“B”).  When “B” wants to send a reply back to “A” on host ONE, it just reverses the source and destination parts of the header:

 SRC_IP: SRC_port: 80 DEST_IP: DEST_port: 50123

(In reality, networking is more complex than this, and will be studied in a future course.  For now, you must understand basic IP addressing and port numbers, in order to configure services and system security.)