14 Useful Linux Networking Commands

Configuring, monitoring and securing networks are a vital a part of a system administrator’s job. With regards to managing Linux networks, there are numerous instructions and instruments out there.

Generally community programs fail. You as an administrator are required to diagnose and resolve points. Monitoring helps detect issues and repair them earlier than issues get out of hand. Monitoring safety and efficiency can be a vital a part of an administrator’s actions.

Right here we focus on some generally used instructions to handle Linux networks.

I p

The iproute2 package deal accommodates the IP command used for community and routing configuration. This replaces the normal one ifconfig And route assignments.

ip takes a second argument that specifies the item on which you wish to carry out a command and an motion comparable to add, take away, or present.

ip hyperlink

ip hyperlink is for configuring, including and eradicating community interfaces. Utilization ip hyperlink present command to checklist all community interfaces on the system:

$ ip hyperlink present
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
    hyperlink/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    hyperlink/ether 02:35:97:08:6b:2a brd ff:ff:ff:ff:ff:ff
3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    hyperlink/ether 08:00:27:6f:60:ff brd ff:ff:ff:ff:ff:ff

You’ll be able to view the person web page for ip hyperlink of:

$ man  ip-link

IP tackle

Use the IP Handle command to checklist addresses, bind a brand new tackle, or delete previous ones. The manpage ip tackle command is known as ip tackle.

For instance, the next command shows the IP tackle assigned to the community interface enp0s8:

ip tackle present dev enp0s8
3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    hyperlink/ether 08:00:27:6f:60:ff brd ff:ff:ff:ff:ff:ff
    inet brd scope world enp0s8

IP route

Use the IP path to print or view the routing desk. The next command shows the contents of the routing desk:

$ ip route present
default by way of dev enp0s3 dev enp0s8  proto kernel  scope hyperlink  src dev enp0s3  proto kernel  scope hyperlink  src


Though Nmap was utilized in many motion pictures, The matrix reloaded (Wikipedia, IMDB, Amazon) turned Nmap right into a film star!.

Nmap (“Community Mapper”) is a strong utility used for community discovery, safety audit, and administration. Many system directors use it to find out which of their programs are on-line, in addition to for OS detection and repair detection.

The usual Nmap scan reveals the ports, their standing (open/closed) and protocols. It sends a packet to the 1000 most typical ports and checks for response.

$ nmap

Beginning Nmap 7.01 ( https://nmap.org ) at 2020-09-07 10:32 UTC
Nmap scan report for
Host is up (0.00077s latency).
Not proven: 997 filtered ports
22/tcp   open   ssh
80/tcp   open   http
3306/tcp closed mysql

To verify which hosts are energetic in your community:

$ nmap -sn

Beginning Nmap 7.01 ( https://nmap.org ) at 2020-09-07 11:59 UTC
Nmap scan report for
Host is up (0.00084s latency).
Nmap scan report for
Host is up (0.0021s latency).
Nmap scan report for
Host is up (0.00026s latency).
Nmap accomplished: 256 IP addresses (3 hosts up) scanned in 2.61 seconds

Use the -O flag to establish which working system a number is utilizing.

$ sudo  nmap -O
Beginning Nmap 7.01 ( https://nmap.org ) at 2020-09-07 13:44 UTC
Nmap scan report for
Host is up (0.00053s latency).
Operating: Linux 3.X
OS CPE: cpe:/o:linux:linux_kernel:3
OS particulars: Linux 3.10 - 3.19
Community Distance: 1 hop
OS detection carried out. Please report any incorrect outcomes at https://nmap.org/submit/ .
Nmap accomplished: 1 IP tackle (1 host up) scanned in 21.95 seconds

A phrase of warning: nobody likes having their programs scanned over the Web. Subsequently, ask for permission earlier than doing this.

You too can use Nmap on Home windows, take a look at this set up information.


Use ping to see if a number remains to be alive. This tremendous easy command enables you to verify the standing of a number or community phase. Ping command sends an ICMP ECHO_REQUEST packet to the goal host and waits to see if it replies.

Nevertheless, some hosts block ICMP echo requests with a firewall. Some websites on the web may also do the identical.

By default, ping runs in an infinite loop. Use to ship a sure variety of packets -c flag.

$ ping -c 3 google.com 
PING google.com ( 56 knowledge bytes
64 bytes from icmp_seq=0 ttl=118 time=7.898 ms
64 bytes from icmp_seq=1 ttl=118 time=7.960 ms
64 bytes from icmp_seq=2 ttl=118 time=6.247 ms

--- google.com ping statistics ---
3 packets transmitted, 3 packets acquired, 0.0% packet loss
round-trip min/avg/max/stddev = 6.247/7.368/7.960/0.793 ms

-o closes the flag efficiently after receiving one response packet.

$ ping -o google.com
PING google.com ( 56 knowledge bytes
64 bytes from icmp_seq=0 ttl=118 time=7.540 ms

--- google.com ping statistics ---
1 packets transmitted, 1 packets acquired, 0.0% packet loss
round-trip min/avg/max/stddev = 7.540/7.540/7.540/0.000 ms

You should utilize -n flag to forestall reverse DNS lookups. The ICMP sequence quantity is especially essential. A break in sequence numbers signifies misplaced packets.

A failed ping could possibly be because of

  • community error
  • host isn’t alive
  • firewall that blocks ICMP ECHO requests

You too can run a web-based ping check to verify connectivity from completely different elements of the world.


Whereas ping verifies the supply of a number, iPerf helps analyze and measure the community efficiency between two hosts. With iPerf you open a connection between two hosts and ship some knowledge. iPerf then reveals the out there bandwidth between the 2 hosts.

You’ll be able to set up an iPerf utilizing your distribution package deal supervisor. For instance, on Ubuntu-based distributions you may set up like this:

$ sudo apt set up iperf -y

After putting in iPerf on each machines, begin the iPerf server on one of many machines. The next instance begins the iPerf server on a number with IP tackle

$ iperf -s
Server listening on TCP port 5001
TCP window dimension: 85.3 KByte (default)

On the second machine, launch iPerf with the -c flag. It connects to the server and sends some knowledge.

$ iperf -c
Shopper connecting to, TCP port 5001
TCP window dimension: 85.0 KByte (default)
[  3] native port 42177 linked with port 5001
[ ID] Interval       Switch     Bandwidth
[  3]  0.0-10.0 sec  1.13 GBytes   972 Mbits/sec

iPerf returns in a number of seconds with the bandwidth outcomes.


If ping reveals lacking packets, you will need to use traceroute to see which route the packets take. Traceroute reveals the sequence of gateways by which the packets journey to succeed in their vacation spot. For instance, traceroute from my machine to google.com reveals the next:

$ traceroute google.com
traceroute to google.com (, 64 hops max, 52 byte packets
 1  dlinkrouter.dlink (  5.376 ms  2.076 ms  1.932 ms
 2 (  5.190 ms  5.125 ms  4.989 ms
 3  broadband.actcorp.in (  7.165 ms  5.749 ms  5.755 ms
 4  broadband.actcorp.in (  5.918 ms *  8.483 ms
 9 (  6.359 ms
    del03s16-in-f14.1e100.web (  5.448 ms (  6.400 ms

Line 4 on this output reveals a * within the return occasions. This means that no response has been acquired. This may be for a number of causes: Because the traceroute ICMP packets have a low precedence, they are often dropped by a router. Or it might simply be congestion. In the event you see an * in all time fields for a specific gateway, the gateway could also be unavailable.

Many web-based route tracing instruments let you do a reverse traceroute, that’s, from a web site to your host. You’ll be able to verify these at traceroute.org or Geekflare Traceroute.


tcpdump is a packet sniffing software and could be a nice assist in troubleshooting community issues. It listens to community visitors and prints out packet info primarily based on the standards you outline.

For instance, you may study all packets despatched to or from a specific host, Ubuntu18 on this instance:

$ sudo tcpdump host ubuntu18 -n -c 5
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), seize dimension 262144 bytes
14:12:11.509092 IP > Flags [P.], seq 2991049004:2991049112, ack 2956233368, win 501, choices [nop,nop,TS val 292041322 ecr 405604219], size 108
14:12:11.509146 IP > Flags [P.], seq 108:252, ack 1, win 501, choices [nop,nop,TS val 292041322 ecr 405604219], size 144
14:12:11.509218 IP > Flags [P.], seq 252:288, ack 1, win 501, choices [nop,nop,TS val 292041322 ecr 405604219], size 36
14:12:11.509259 IP > Flags [P.], seq 288:500, ack 1, win 501, choices [nop,nop,TS val 292041322 ecr 405604219], size 212
14:12:11.509331 IP > Flags [P.], seq 500:768, ack 1, win 501, choices [nop,nop,TS val 292041322 ecr 405604219], size 268
5 packets captured
6 packets acquired by filter
0 packets dropped by kernel

By default, tcpdump resolves IP addresses to hostnames. Utilization -n flag, if you don’t need tcpdump to carry out title lookups.

tcpdump output prints one line for every packet. Utilization -c flag to restrict the output, 5 within the instance above.

tcpdump is beneficial for troubleshooting community issues and figuring out potential issues. It is a good suggestion to run a tcpdump in your community every now and then to verify every little thing is OK.


The Netstat command is used to look at community connections, routing tables, and numerous community settings and statistics.

Utilization -i flag to show the community interfaces in your system.

Here is an instance:

$ netstat -i
Kernel Interface desk
eth0       1500 0      4001      0      0 0          2283      0      0      0 BMRU
eth1       1500 0     27154      0      0 0        838962      0      0      0 BMRU
lo        65536 0         0      0      0 0             0      0      0      0 LRU

Utilizing -r flag shows the routing desk. This reveals the trail configured for sending community packets.

$ netstat -r
Kernel IP routing desk
Vacation spot     Gateway         Genmask         Flags   MSS Window  irtt Iface
default         UG        0 0          0 eth0        *        U         0 0          0 eth1        *        U         0 0          0 eth0

An asterisk within the final two strains signifies that no gateway is required to ship packets to a number on these networks. This host is immediately linked to the ten.0.0.0 and networks.

On the primary line, the vacation spot is the default vacation spot, which signifies that any packet destined for a community not listed on this desk shall be dealt with by router 10.0.2,2.

netstat command with none choices shows a listing of open sockets. Utilization -l flag to show solely listening connections, which aren’t displayed by default. You should utilize the -a flag to checklist listening and non-listening sockets. Here is an instance:

$ netstat -a
Lively Web connections (servers and established)
Proto Recv-Q Ship-Q Native Handle           International Handle         State      
tcp        0      0 *:ssh                   *:*                     LISTEN     
tcp        0     36           ESTABLISHED
tcp6       0      0 [::]:ssh                [::]:*                  LISTEN     
udp        0      0 *:bootpc                *:*                                
Lively UNIX area sockets (servers and established)
Proto RefCnt Flags       Kind       State         I-Node   Path
unix  3      [ ]         DGRAM                    8186     /run/systemd/notify

Extra examples of Netstat instructions might be discovered right here


Linux installations have many companies working by default. These needs to be disabled or ideally eliminated as this may assist cut back the assault floor. You’ll be able to see which companies are working with the netstat command. Whereas netstat remains to be out there, most Linux distributions are shifting to ss command.

use the ss command with -t And -a flags to checklist all TCP sockets. This reveals each listening and non-listening connections.

$ ss -t -a
State       Recv-Q Ship-Q            Native Handle:Port                Peer Handle:Port   
LISTEN      0      128                           *:sunrpc                         *:*       
LISTEN      0      128                           *:http                           *:*       
LISTEN      0      128                           *:ssh                            *:*       
LISTEN      0      128                           *:60031                          *:*       
ESTAB       0      0                         
ESTAB       0      0                         
LISTEN      0      128                          :::sunrpc                        :::*       
LISTEN      0      128                          :::http                          :::*       
LISTEN      0      128                          :::ssh                           :::*       
LISTEN      0      128                          :::54715                         :::*

To show solely TCP connections whose standing is about:

ss -a -t -o state established
Recv-Q Ship-Q                 Native Handle:Port                     Peer Handle:Port   
0      0                                    timer:(keepalive,23min,0)
0      0                                    timer:(keepalive,114min,0)


Ssh lets you securely connect with distant hosts over the Web. Beforehand, rlogin and telnet have been used to hook up with and handle distant hosts. Nevertheless, each have a elementary flaw: they transmit all info, together with login names and passwords, in clear textual content.

ssh permits safe communication over the web with the next two options:

  • It confirms that the distant host is who it says it’s.
  • It encrypts all communication between the hosts.

To hook up with a distant host, an OpenSSH server have to be working on the distant host. You’ll be able to set up it utilizing your distribution package deal supervisor. For instance, on Ubuntu you may set up it like this:

$ sudo apt set up openssh-server

Right here is an instance exhibiting how to hook up with the distant host utilizing the ssh command:

me@ubuntu-xenial:~$ ssh
The authenticity of host ' (' cannot be established.
ECDSA key fingerprint is SHA256:s2tNJQa/C1/W0SevGm7Rt3xoBZG1QL5yT3ff/+PMpnY.
Are you certain you wish to proceed connecting (sure/no)? sure

You get a message that the host can’t be authenticated, it’s because it’s the first time connecting to (server) and the ssh consumer has by no means had this distant host earlier than seen. Enter sure to proceed connecting. As soon as the connection is established, you can be prompted for a password:

Warning: Completely added '' (ECDSA) to the checklist of recognized hosts.
[email protected]'s password:

After getting into the proper password, you can be logged in to the distant host.

Welcome to Ubuntu 14.04.6 LTS (GNU/Linux 3.13.0-170-generic x86_64)
 * Documentation:  https://assist.ubuntu.com/

You’ll be able to exit this distant shell with the exit command.

You too can merely run a single command on the distant host utilizing ssh. For instance, to run df -h on the distant host:

$ ssh df -h
[email protected]'s password: 
Filesystem      Measurement  Used Avail Use% Mounted on
udev            241M   12K  241M   1% /dev
tmpfs            49M  384K   49M   1% /run
/dev/sda1        40G  1.6G   37G   5% /
none            224G  113G  111G  51% /vagrant

scp and sftp

scp (safe copy) may be very comparable cp command for copying recordsdata, with the addition that you could embrace distant hostnames within the supply or vacation spot pathnames. The host title and folder path are separated by a colon. This lets you copy recordsdata securely and encrypted over the community. The next command copies a.txt from the native machine to

me@ubuntu-xenial:~$ scp a.txt
[email protected]'s password: 
a.txt                                           100%    0     0.0KB/s   00:00

sftp (safe ftp) can be a file copying program much like ftp. Nevertheless, it makes use of an SSH-encrypted tunnel to repeat recordsdata, somewhat than sending every little thing in plaintext. As well as, you do not want an FTP server working on the distant host. You simply want an ssh server. Here is an instance session:

me@ubuntu-xenial:~$ sftp
[email protected]'s password: 
Linked to
sftp> put kali-linux-2020.3-installer-netinst-i386.iso
Importing kali-linux-2020.3-installer-netinst-i386.iso to /residence/me/kali-linux-2020.3-installer-netinst-i386.iso
kali-linux-2020.3-installer-netinst-i386.iso    100%  435MB  27.2MB/s   00:16    
sftp> bye


Often we use ifconfig command to verify the IP tackle assigned to the system.

[root@lab ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet  netmask  broadcast
        inet6 fe80::c035:b2ff:fe9d:72d5  prefixlen 64  scopeid 0x20<hyperlink>
        ether c2:35:b2:9d:72:d5  txqueuelen 1000  (Ethernet)
        RX packets 1333200  bytes 167143230 (159.4 MiB)
        RX errors 0  dropped 0  overruns 0  body 0
        TX packets 979666  bytes 93582595 (89.2 MiB)
        TX errors 0  dropped 0 overruns 0  service 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet  netmask
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Native Loopback)
        RX packets 16  bytes 1392 (1.3 KiB)
        RX errors 0  dropped 0  overruns 0  body 0
        TX packets 16  bytes 1392 (1.3 KiB)
        TX errors 0  dropped 0 overruns 0  service 0  collisions 0

[root@lab ~]#

to dig

dig (Area Data Groper) is a versatile software for querying DNS title servers.

It performs DNS lookups and shows the solutions returned by the title servers.

[root@lab ~]# dig geekflare.com

; <<>> DiG 9.11.13-RedHat-9.11.13-5.el8_2 <<>> geekflare.com
;; world choices: +cmd
;; Obtained reply:
;; ->>HEADER<<- opcode: QUERY, standing: NOERROR, id: 12310
;; flags: qr rd ra advert; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

; EDNS: model: 0, flags:; udp: 512
;geekflare.com.			IN	A

geekflare.com.		30	IN	A
geekflare.com.		30	IN	A

;; Question time: 12 msec
;; WHEN: Wed Sep 16 17:58:45 UTC 2020
;; MSG SIZE  rcvd: 74

[root@lab ~]#


telnet join the host and port of the vacation spot by a telnet protocol if a connection is established, it signifies that the connectivity between two hosts is working correctly.

[root@lab ~]# telnet gf.dev 443
Linked to gf.dev.
Escape character is '^]'.


nslookup is a program to question area title servers and resolve IP addresses.

[root@lab ~]# nslookup relicflare.com

Non-authoritative reply:
Title:	relicflare.com

[root@lab ~]#


Networking in Linux is an unlimited subject, with a lot of instructions and utilities. On this article, we have lined some widespread instructions that we hope will aid you handle and safe your community.

Rate this post
Leave a Comment