Frequently Asked Question

What is the TCP/IP stack and how does it map to the tools I use?

The TCP/IP stack is a four-layer model that describes how data moves between two programs on different machines. The link layer (Ethernet, Wi-Fi) carries raw frames between physically adjacent hosts; the internet layer (IPv4, IPv6, ICMP) routes packets between networks; the transport layer (TCP, UDP) gives you ports, ordering, and reliability; the application layer (HTTP, SSH, DNS, SMTP) is whatever your program actually speaks. Every packet that arrives is handed up through these layers and every packet you send is wrapped on the way down.

Each Linux tool you reach for lives at one of these layers, and knowing which one is half the battle when something breaks. ip link is the link layer. ip addr, ip route, ping, and traceroute operate at the internet layer. ss, netstat, and tcpdump straddle the transport and application layers. dig, curl, wget, and ssh are firmly at the top.