in Resources

14 Useful Linux Networking Commands

Configuring, monitoring and managing networks is an essential part of a Linux system administrator‘s job. With its wide array of built-in networking capabilities and utilities, Linux offers numerous commands to help automate common networking tasks.

In this comprehensive guide, we will explore 14 of the most useful Linux networking commands that every sysadmin should know. Learning how to effectively leverage these commands will save you significant time while giving you greater control and visibility over your systems and network.

We‘ll provide a quick overview of each command along with examples demonstrating its usage. Let‘s get started!

1. ip

The ip command is used to manage network interfaces, routing tables, devices and routing in Linux. It replaces older utilities like ifconfig and route.

Here‘s a simple example displaying information for all network interfaces using ip:


$ ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 0a:1b:2c:3d:4e:5f brd ff:ff:ff:ff:ff:ff
inet 10.0.0.11/24 brd 10.0.0.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever

The ip command includes several subcommands like ip addr, ip link and ip route to manage different aspects of networking. Useful to replace deprecated tools.

2. ping

The ping command sends ICMP echo request packets to another host on the network to test connectivity. It will print output showing if packets were successfully transmitted/received or lost. This allows verifying basic network connectivity to another host.

Here‘s an example pinging google.com:


$ ping google.com
PING google.com (142.251.1.4) 56(84) bytes of data.
64 bytes from lga34s47-in-f4.1e100.net (142.251.1.4): icmp_seq=1 ttl=118 time=9.05 ms
64 bytes from lga34s47-in-f4.1e100.net (142.251.1.4): icmp_seq=2 ttl=118 time=11.0 ms
64 bytes from lga34s47-in-f4.1e100.net (142.251.1.4): icmp_seq=3 ttl=118 time=7.50 ms

Ping verifies basic network connectivity between hosts. Quick way to test if another host is reachable.

3. traceroute

Whereas ping checks connectivity between two points, traceroute tracks the path of packets step-by-step. It prints output displaying each node along the route to the destination.

Here‘s an example tracing the route to google.com:


$ traceroute google.com
traceroute to google.com (142.250.65.174), 30 hops max, 60 byte packets
1 gateway (10.0.0.1) 1.224 ms 1.856 ms 2.408 ms
2 onbox.net (10.10.56.1) 18.070 ms 18.503 ms 18.730 ms
3 core1.ash.net (198.51.100.129) 9.258 ms 9.799 ms 10.060 ms
4 212.73.249.130 (212.73.249.130) 17.183 ms 212.73.249.126 (212.73.249.126) 13.847 ms 13.666 ms

Traceroute maps out the path your packets take to reach the destination. Useful for network troubleshooting when connectivity fails.

4. nmap

Nmap allows scanning networks for connected devices, open ports, services running etc. It‘s extensively used for network discovery, port scanning, OS fingerprinting and more.

Below scans a host to determine which ports are open:


$ nmap 192.168.1.25

Starting Nmap 7.92 ( https://nmap.org ) at 2023-02-20 16:11 EST
Nmap scan report for mail.example.com (192.168.1.25)
Host is up (0.0019s latency).
Not shown: 997 closed tcp ports (conn-refused)
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
443/tcp open https

Nmap done: 1 IP address (1 host up) scanned in 1.94 seconds

Nmap gives infrastructure visibility and valuable input for security auditing. Frequently used in IT and infosec.

5. tcpdump

tcpdump captures network traffic going over the system‘s NICs. It can record all traffic or apply filters to zoom in on specific hosts, protocols, packet sizes etc. Captured data can then be analyzed to diagnose issues.

Below captures HTTP traffic on the eth0 interface:


$ tcpdump -i eth0 port 80 -w capture.pcap
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
^C32 packets captured
32 packets received by filter
0 packets dropped by kernel

tcpdump creates powerful network traffic captures to debug connectivity or performance issues. Also useful for security teams.

6. netstat

netstat prints information about network connections, routing tables, interface statistics and more. Use it to examine connections or troubleshoot routing issues.

Show active TCP connections:


$ netstat -at
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 :ssh : LISTEN
tcp 0 148 10.10.1.10:ssh 10.10.1.100:52492 ESTABLISHED
tcp6 0 0 [::]:ipv6-icmp [::]: LISTEN

Inspect listening UDP sockets:


$ netstat -au
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
udp 0 0 :bootpc :
udp 0 0 localhost:ntp :
udp 0 0 :ntp :

Netstat analyzes important details about network connections and state. Handy for connectivity/routing troubleshooting.

7. dig

dig performs DNS lookups by querying name servers and retrieving DNS records. It works like nslookup or host but with far more flexibility and options.

Lookup an A record:


$ dig mcngmarketing.com

; <<>> DiG 9.16.6 <<>> mcngmarketing.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39586
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;mcngmarketing.com. IN A

;; ANSWER SECTION:
mcngmarketing.com. 293 IN A 104.21.62.54

;; Query time: 19 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Mon Feb 20 16:19:31 EST 2023
;; MSG SIZE rcvd: 59

dig has tons of advanced DNS analysis options. Very versatile for troubleshooting DNS issues.

8. ssh

ssh securely logs you into remote Linux/Unix systems over an encrypted tunnel. All data sent is securely encrypted between client and host.


$ ssh user@host
user@host‘s password: ****

Last logged in as user on host

SSH replaces insecure remote login protocols like telnet or rlogin. Essential for remote server administration and automation.

9. scp

scp copies files over SSH similar to the Unix cp command. All data transfer is encrypted via SSH‘s transport layer encryption

Secure copy file from local system to remote host:


$ scp /path/to/local_file user@remotehost:/remote/directory

Copy file from remote system to local:


$ scp user@remotehost:/remote/file /local/directory

scp is more secure alternative to insecure file transfer protocols like FTP.

10. sftp

sftp is a secure file transfer program that uses SSH to transfer files. It offers an interactive shell for securely moving files, similar to Unix ftp.


$ sftp user@host
user@host‘s password: ****
sftp> put local_file
Uploading local_file to /home/user/local_file

Handy for scripts/automation needing to securely transfer files on remote servers.

11. host

host queries DNS servers to perform name lookups and print human-readable DNS information. Offers basic DNS lookup functionality much like nslookup and dig.


$ host mcngmarketing.com
mcngmarketing.com has address 198.58.125.182

Quick and simple way to check DNS records when you don‘t need advanced analysis.

12. iptables

iptables manage rules for filtering/processing network packets. Useful for configuring Linux firewall policies, NAT forwarding, packet filtering and more.

List firewall rules:


$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

Iptables creates powerful packet filtering and firewall functionality built into Linux.

13. mtr

mtr combines functionality of traceroute and ping into one tool. It continuously tests connection routing while also monitoring packet loss at each step.


$ mtr google.com
Start: 2023-02-20T16:25:44+0000
HOST: Loss% Snt Last Avg Best Wrst StDev
1.|-- router.local 0.0% 10 0.6 0.8 0.6 1.2 0.2
2.|-- 10.10.0.1 0.0% 10 5.0 10.3 4.9 25.3 7.4
3.|-- core2.ash.net 0.0% 10 7.0 8.3 6.8 11.5 1.6
4.|-- google.com 0.0% 10 6.9 7.4 6.9 8.4 0.5

mtr tracks packet loss and latency at each step along the route path. Very useful when troubleshooting connections.

14. ss

ss dumps socket statistics to show active connections. Replaces older netstat command with faster parsing and filtering capabilities.

View current TCP connections:


$ ss -at
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 527 10.0.1.101:45820 10.0.1.20:5672

ss delivers extremely flexible socket stats analysis. Surpasses legacy netstat usage.

Summary

We‘ve covered 14 must-know Linux networking commands that will equip you with the knowledge to manage routes, test connectivity, securely transfer files, capture packets, filter firewall rules and much more across your infrastructure.

Referring back to this guide as you work will save you invaluable time instead of having to search around when you need to run an analysis. These examples demonstrate practical real-world usage for each networking tool.

Hopefully this overview sparks your interest – there is still so much more that can be done with these utilities. Proficiency will come over time as you gain hands-on experience. The power is there at your fingertips – now go manage your network like a Linux pro!

AlexisKestler

Written by Alexis Kestler

A female web designer and programmer - Now is a 36-year IT professional with over 15 years of experience living in NorCal. I enjoy keeping my feet wet in the world of technology through reading, working, and researching topics that pique my interest.