Basic Linux Network Commands
Linux Network Command Examples
Useful Network commands
Below are some of the basic networking commands you can use on any Linux system to help you understand your configurations and aid with problem determination. The commands here are for retrieving and displaying information only, therefore, they will not alter your systems settings. Commands to alter your network configurations will be covered in a separate section.
What's my ip address?
There are quite a few commands and utilities that can be used for displaying your ip address. Here are some examples of these in use:
ip address show
john@john-desktop:~$ ip address show 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:11:11:88:4f:44 brd ff:ff:ff:ff:ff:ff inet 192.168.0.14/24 brd 192.168.0.255 scope global eth0 inet6 fe80::211:11ff:fe88:4f44/64 scope link valid_lft forever preferred_lft forever 3: vboxnet0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000 link/ether 0a:00:27:00:00:00 brd ff:ff:ff:ff:ff:ff
From this output we can see that there are various devices configured. The one we are mostly interested in is device "eth0".
From the output we can see that the ip address "192.168.0.14" is in use and the device "eth0" is in a state "UP".
The command can be shortened to "ip a s". Note, it is the interface that has been assigned the IP address and not the host.
Another command that will show you your IP address is the "ifconfig" command:
john@john-desktop:~$ ifconfig eth0 eth0 Link encap:Ethernet HWaddr 00:11:11:88:4f:44 inet addr:192.168.0.14 Bcast:192.168.0.255 Mask:255.255.255.0 inet6 addr: fe80::211:11ff:fe88:4f44/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:21991 errors:0 dropped:0 overruns:0 frame:0 TX packets:9874 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:8751404 (8.7 MB) TX bytes:1388258 (1.3 MB)
As you can see the output from this command is more verbose. If you didn't know which device you were using you can issue "ifconfig -a". This will show you all devices.
Your devices may be named differently to the ones listed above. If you are using a wifi (wireless connection), you will probably see an interface with the name "wlan0" or something similar.
Example "ip a s" issued on a wireless system
john@fuduntu ~ $ ip a s 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN qlen 1000 link/ether 00:00:e2:90:a1:05 brd ff:ff:ff:ff:ff:ff 3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0f:66:59:18:59 brd ff:ff:ff:ff:ff:ff inet 192.168.0.15/24 brd 192.168.0.255 scope global wlan0 inet6 fe80::20f:66ff:fe59:1859/64 scope link valid_lft forever preferred_lft forever
In the above example, we can see that the IP address "192.168.0.15" has been issued to interface "wlan0"
dig - Domain Information Groper
This very useful command allows you to query DNS servers for various information. The tool is very useful when working with DNS issues because of its flexibility. If you do not specify a particular DNS server, dig will use the entries from your "/etc/resolv.conf" file Below are some basic examples of the dig command in use:
john@john-desktop:~$ dig www.johnreed.co.uk ; <<>> DiG 9.8.1-P1 <<>> www.johnreed.co.uk ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37762 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.johnreed.co.uk. IN A ;; ANSWER SECTION: www.johnreed.co.uk. 300 IN A 126.96.36.199 ;; Query time: 126 msec ;; SERVER: 188.8.131.52#53(184.108.40.206) ;; WHEN: Thu Feb 21 10:06:04 2013 ;; MSG SIZE rcvd: 52 john@john-desktop:~$ dig @220.127.116.11 www.johnreed.co.uk ; <<>> DiG 9.8.1-P1 <<>> @18.104.22.168 www.johnreed.co.uk ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31765 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.johnreed.co.uk. IN A ;; ANSWER SECTION: www.johnreed.co.uk. 300 IN A 22.214.171.124 ;; Query time: 562 msec ;; SERVER: 126.96.36.199#53(188.8.131.52) ;; WHEN: Thu Feb 21 10:06:17 2013 ;; MSG SIZE rcvd: 52
In the first example of the dig command we didn't specify a DNS server to query. This resulted in my local ISP's DNS server being queried as this is the first entry in mu "/etc/resolv.conf" file. The last example specifies the DNS server by supplying the "@184.108.40.206". In this case "220.127.116.11" is a public DNS server provided by Google.
nslookup - nameserver lookup command
This is an alternative command to the dig command. Both essentially carry out the same service, however, dig has for more functionality and flexibility.
john@john-desktop:~$ nslookup www.johnreed.co.uk Server: 18.104.22.168 Address: 22.214.171.124#53 Non-authoritative answer: Name: www.johnreed.co.uk Address: 126.96.36.199
The ping command is used to send an ICMP echo request to a remote server and then report how long it takes to receive a corresponding echo request back. Ping is probably one of the most used command as it can quickly identify if a server is active on a network. It is also useful to look at the response times back as these can often be an indication that there may be issues or congestion on the network.
Under Linux you have to provide a count parameter otherwise the "ping" command will continue to execute until you press "ctrl + c". The last example uses "-q" as an option. This will only display a summary after the ping command has finished. You should also be aware that many organisations will disable ICMP packet requests as part of their security policy.
john@john-desktop:~$ ping -c 4 www.google.co.uk PING www.google.co.uk (188.8.131.52) 56(84) bytes of data. 64 bytes from wi-in-f94.1e100.net (184.108.40.206): icmp_req=1 ttl=48 time=45.3 ms 64 bytes from wi-in-f94.1e100.net (220.127.116.11): icmp_req=2 ttl=48 time=48.1 ms 64 bytes from wi-in-f94.1e100.net (18.104.22.168): icmp_req=3 ttl=48 time=25.3 ms 64 bytes from wi-in-f94.1e100.net (22.214.171.124): icmp_req=4 ttl=48 time=25.2 ms --- www.google.co.uk ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3004ms rtt min/avg/max/mdev = 25.265/36.026/48.145/10.780 ms john@john-desktop:~$ ping -q -c 4 www.google.co.uk PING www.google.co.uk (126.96.36.199) 56(84) bytes of data. --- www.google.co.uk ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3004ms rtt min/avg/max/mdev = 24.442/28.516/38.034/5.524 ms
The traceroute command is a useful tool that allows you to track the route taken by a packet of data from your device to a remote host. By default you do not need to pass a parameter to this command apart from the hostname or IP address of the remote server.
john@john-desktop:~$ traceroute 188.8.131.52 traceroute to 184.108.40.206 (220.127.116.11), 30 hops max, 60 byte packets 1 10.7.104.1 (10.7.104.1) 15.958 ms 15.037 ms 14.950 ms 2 wolv-core-2a-ae9-614.network.virginmedia.net (18.104.22.168) 18.597 ms 18.567 ms 18.535 ms 3 manc-bb-1c-ae12-0.network.virginmedia.net (22.214.171.124) 32.002 ms 31.930 ms 31.911 ms 4 manc-bb-1d-ae2-0.network.virginmedia.net (126.96.36.199) 31.907 ms 31.877 ms 31.787 ms 5 brhm-bb-1c-ae9-0.network.virginmedia.net (188.8.131.52) 54.461 ms 54.387 ms 54.371 ms 6 tcl5-ic-2-ae0-0.network.virginmedia.net (184.108.40.206) 31.655 ms 18.579 ms 18.565 ms 7 linx1.uk.othellotech.net (220.127.116.11) 23.353 ms 20.752 ms 22.306 ms 8 gw2-cpanel.hosting.astutium.com (18.104.22.168) 28.886 ms 22.284 ms 28.828 ms
On its own the netstat command will display a list of active connections to your computer. There are many other flags that you can use in conjunction with the netstat command. Some of the most command are:
netstat -tl - Display tcp ports listening for connections on this computer
netstat -ntl - Displays tcp ports listening for connections in numeric ip address format
netstat -s - Displays a statistical summary of all protocols (example below has been shortened..)
netstat -r - Displays routing information
netstat -na | grep "3001" - Displays information relating to port 3001.
john@john-desktop:~$ netstat -tl Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 localhost:ipp *:* LISTEN tcp 0 0 *:3001 *:* LISTEN tcp6 0 0 ip6-localhost:ipp [::]:* LISTEN john@john-desktop:~$ netstat -ntl Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:3001 0.0.0.0:* LISTEN tcp6 0 0 ::1:631 :::* LISTEN john@john-desktop:~$ netstat -s Ip: 199710 total packets received 2 with invalid addresses 0 forwarded 0 incoming packets discarded 198254 incoming packets delivered 99875 requests sent out 30 dropped because of missing route Icmp: 226 ICMP messages received 67 input ICMP message failed. ICMP input histogram: destination unreachable: 11 timeout in transit: 194 echo replies: 21 67 ICMP messages sent 0 ICMP messages failed ICMP output histogram: destination unreachable: 12 echo request: 55 john@john-desktop:~$ netstat -r Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface default 192.168.0.1 0.0.0.0 UG 0 0 0 eth0 link-local * 255.255.0.0 U 0 0 0 eth0 192.168.0.0 * 255.255.255.0 U 0 0 0 eth0
lsof command - what's using port
Another very useful command as it gives you the ability to quickly identify what process is listening on a given port.
lsof -i :port - Display processes listening on a specified port
john@john-desktop:~$ lsof -i :21 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME ftp 5146 john 3u IPv4 120628 0t0 TCP john-desktop.local:55339->server01.ukservers.net:ftp (ESTABLISHED) ftp 5146 john 4u IPv4 120628 0t0 TCP john-desktop.local:55339->server01.ukservers.net:ftp (ESTABLISHED) ftp 5146 john 5u IPv4 120628 0t0 TCP john-desktop.local:55339->server01.ukservers.net:ftp (ESTABLISHED)
In the above example we looked at who was using port 21. Here we can see a ftp session has been established by the user john.
The netcat utility is a very versatile command that has multiple functionality. netcat can listen on ports and carry out port scans.
One useful function is to use netcat to determine what is on the end of a given port. You can even interrogate remote servers and ports.
sles01:~ # netcat -v -v -z ls001a 3181 ls001a [192.168.0.24] 3181 (bmcpatrolagent) open sent 0, rcvd 0
In the above example we requested information from remote server ls001 and asked what is on port 3181. Here we can see that a process bmcpatrolagent is active on this port.
The route command is used to display and configure the IP routing table. The main purpose of this command is to configure a static route from a device to a specific host or network. An example of the route command:
The output from the command is defined as:
The destination network or destination host.
The gateway address or '*' if none set.
Genmask is the generic network mask.
U - (route is up)
H - (target is a host)
G - (use gateway)
R - (reinstate route for dynamic routing)
D - (dynamically installed by daemon or redirect)
M - (modified from routing daemon or redirect)
A - (installed by addrconf)
C - (cache entry)
! - (reject route)
Network Configuration file locations
On many desktop systems today your IP address will be obtained automatically from your router when you plug your device into a network. When an IP address is obtained automatically, this is known as using dhcp. Here you are leased an IP address for a period of time. Many servers prefer to have a dedicated IP address (known as static). This IP address will not change by reboot or over a given time period.
The files that contain these configurations can generally be found in the following locations:
Debian GNU/Linux Based systems : /etc/network/interfaces
SUSE/SLES : /etc/sysconfig/network
Red Hat - CentOS- Fedora : /etc/sysconfig/network-scripts
Static and DHCP configuration example
The following example will shows the basic difference between a DHCP configuration and that of a Static IP configuration (Red Hat based distribution:
The file we will be looking at is called "ifcfg-eth0".
DEVICE=eth0 BOOTPROTO=static HWADDR=00:00:00:00:00:00 IPADDR=xxx.xxx.xxx.xxx NETMASK=xxx.xxx.xxx.xxx ONBOOT=yes
DEVICE=eth0 BOOTPROTO=dhcp HWADDR=00:00:00:00:00:00 ONBOOT=yes
If you are changing from static to dhcp or dhcp to static, you will need to restart your network to pick up your changes. T His can normally be done by issuing the following command:
service network restart
Alternatively, you can issue the following:
Remember if you make a change you can quickly check your IP address with the "ip a s" command.