Basic Linux Network Commands

Linux Network Command Examples

Useful Network commands


Below are some of the basic networking commands you can use on any Linux system to help you understand your configurations and aid with problem determination. The commands here are for retrieving and displaying information only, therefore, they will not alter your systems settings. Commands to alter your network configurations will be covered in a separate section.



What's my ip address?


There are quite a few commands and utilities that can be used for displaying your ip address. Here are some examples of these in use:


ip address show



john@john-desktop:~$ ip address show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:11:11:88:4f:44 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.14/24 brd 192.168.0.255 scope global eth0
    inet6 fe80::211:11ff:fe88:4f44/64 scope link
       valid_lft forever preferred_lft forever
3: vboxnet0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
    link/ether 0a:00:27:00:00:00 brd ff:ff:ff:ff:ff:ff

From this output we can see that there are various devices configured. The one we are mostly interested in is device "eth0". From the output we can see that the ip address "192.168.0.14" is in use and the device "eth0" is in a state "UP".
The command can be shortened to "ip a s". Note, it is the interface that has been assigned the IP address and not the host.


ifconfig


Another command that will show you your IP address is the "ifconfig" command:

ifconfig eth0



john@john-desktop:~$ ifconfig eth0
eth0      Link encap:Ethernet  HWaddr 00:11:11:88:4f:44
          inet addr:192.168.0.14  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::211:11ff:fe88:4f44/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:21991 errors:0 dropped:0 overruns:0 frame:0
          TX packets:9874 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:8751404 (8.7 MB)  TX bytes:1388258 (1.3 MB)

As you can see the output from this command is more verbose. If you didn't know which device you were using you can issue "ifconfig -a". This will show you all devices.

Your devices may be named differently to the ones listed above. If you are using a wifi (wireless connection), you will probably see an interface with the name "wlan0" or something similar.

Example "ip a s" issued on a wireless system



john@fuduntu ~ $ ip a s
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN qlen 1000
    link/ether 00:00:e2:90:a1:05 brd ff:ff:ff:ff:ff:ff
3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0f:66:59:18:59 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.15/24 brd 192.168.0.255 scope global wlan0
    inet6 fe80::20f:66ff:fe59:1859/64 scope link 
       valid_lft forever preferred_lft forever

In the above example, we can see that the IP address "192.168.0.15" has been issued to interface "wlan0"


dig - Domain Information Groper


This very useful command allows you to query DNS servers for various information. The tool is very useful when working with DNS issues because of its flexibility. If you do not specify a particular DNS server, dig will use the entries from your "/etc/resolv.conf" file Below are some basic examples of the dig command in use:



john@john-desktop:~$ dig www.johnreed.co.uk

; <<>> DiG 9.8.1-P1 <<>> www.johnreed.co.uk
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37762
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.johnreed.co.uk.		IN	A

;; ANSWER SECTION:
www.johnreed.co.uk.	300	IN	A	217.10.138.186

;; Query time: 126 msec
;; SERVER: 194.168.4.100#53(194.168.4.100)
;; WHEN: Thu Feb 21 10:06:04 2013
;; MSG SIZE  rcvd: 52

john@john-desktop:~$ dig @8.8.8.8 www.johnreed.co.uk

; <<>> DiG 9.8.1-P1 <<>> @8.8.8.8 www.johnreed.co.uk
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31765
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.johnreed.co.uk.		IN	A

;; ANSWER SECTION:
www.johnreed.co.uk.	300	IN	A	217.10.138.186

;; Query time: 562 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Thu Feb 21 10:06:17 2013
;; MSG SIZE  rcvd: 52

In the first example of the dig command we didn't specify a DNS server to query. This resulted in my local ISP's DNS server being queried as this is the first entry in mu "/etc/resolv.conf" file. The last example specifies the DNS server by supplying the "@8.8.8.8". In this case "8.8.8.8" is a public DNS server provided by Google.


nslookup - nameserver lookup command


This is an alternative command to the dig command. Both essentially carry out the same service, however, dig has for more functionality and flexibility.



john@john-desktop:~$ nslookup www.johnreed.co.uk
Server:		194.168.4.100
Address:	194.168.4.100#53

Non-authoritative answer:
Name:	www.johnreed.co.uk
Address: 217.10.138.186

ping command


The ping command is used to send an ICMP echo request to a remote server and then report how long it takes to receive a corresponding echo request back. Ping is probably one of the most used command as it can quickly identify if a server is active on a network. It is also useful to look at the response times back as these can often be an indication that there may be issues or congestion on the network. Under Linux you have to provide a count parameter otherwise the "ping" command will continue to execute until you press "ctrl + c". The last example uses "-q" as an option. This will only display a summary after the ping command has finished. You should also be aware that many organisations will disable ICMP packet requests as part of their security policy.



john@john-desktop:~$ ping -c 4 www.google.co.uk
PING www.google.co.uk (173.194.67.94) 56(84) bytes of data.
64 bytes from wi-in-f94.1e100.net (173.194.67.94): icmp_req=1 ttl=48 time=45.3 ms
64 bytes from wi-in-f94.1e100.net (173.194.67.94): icmp_req=2 ttl=48 time=48.1 ms
64 bytes from wi-in-f94.1e100.net (173.194.67.94): icmp_req=3 ttl=48 time=25.3 ms
64 bytes from wi-in-f94.1e100.net (173.194.67.94): icmp_req=4 ttl=48 time=25.2 ms

--- www.google.co.uk ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3004ms
rtt min/avg/max/mdev = 25.265/36.026/48.145/10.780 ms

john@john-desktop:~$ ping -q -c 4 www.google.co.uk
PING www.google.co.uk (173.194.67.94) 56(84) bytes of data.

--- www.google.co.uk ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3004ms
rtt min/avg/max/mdev = 24.442/28.516/38.034/5.524 ms

traceroute command


The traceroute command is a useful tool that allows you to track the route taken by a packet of data from your device to a remote host. By default you do not need to pass a parameter to this command apart from the hostname or IP address of the remote server.



john@john-desktop:~$ traceroute 80.76.216.3
traceroute to 80.76.216.3 (80.76.216.3), 30 hops max, 60 byte packets
 1  10.7.104.1 (10.7.104.1)  15.958 ms  15.037 ms  14.950 ms
 2  wolv-core-2a-ae9-614.network.virginmedia.net (80.3.144.89)  18.597 ms  18.567 ms  18.535 ms
 3  manc-bb-1c-ae12-0.network.virginmedia.net (213.105.159.141)  32.002 ms  31.930 ms  31.911 ms
 4  manc-bb-1d-ae2-0.network.virginmedia.net (62.253.174.93)  31.907 ms  31.877 ms  31.787 ms
 5  brhm-bb-1c-ae9-0.network.virginmedia.net (62.253.174.129)  54.461 ms  54.387 ms  54.371 ms
 6  tcl5-ic-2-ae0-0.network.virginmedia.net (212.250.15.210)  31.655 ms  18.579 ms  18.565 ms
 7  linx1.uk.othellotech.net (195.66.224.244)  23.353 ms  20.752 ms  22.306 ms
 8  gw2-cpanel.hosting.astutium.com (80.76.216.3)  28.886 ms  22.284 ms  28.828 ms


netstat command


On its own the netstat command will display a list of active connections to your computer. There are many other flags that you can use in conjunction with the netstat command. Some of the most command are:

netstat -tl - Display tcp ports listening for connections on this computer

netstat -ntl - Displays tcp ports listening for connections in numeric ip address format

netstat -s - Displays a statistical summary of all protocols (example below has been shortened..)

netstat -r - Displays routing information

netstat -na | grep "3001" - Displays information relating to port 3001.



john@john-desktop:~$ netstat -tl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 localhost:ipp           *:*                     LISTEN
tcp        0      0 *:3001                  *:*                     LISTEN
tcp6       0      0 ip6-localhost:ipp       [::]:*                  LISTEN

john@john-desktop:~$ netstat -ntl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:3001            0.0.0.0:*               LISTEN
tcp6       0      0 ::1:631                 :::*                    LISTEN

john@john-desktop:~$ netstat -s
Ip:
    199710 total packets received
    2 with invalid addresses
    0 forwarded
    0 incoming packets discarded
    198254 incoming packets delivered
    99875 requests sent out
    30 dropped because of missing route
Icmp:
    226 ICMP messages received
    67 input ICMP message failed.
    ICMP input histogram:
        destination unreachable: 11
        timeout in transit: 194
        echo replies: 21
    67 ICMP messages sent
    0 ICMP messages failed
    ICMP output histogram:
        destination unreachable: 12
        echo request: 55

john@john-desktop:~$ netstat -r
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
default         192.168.0.1     0.0.0.0         UG        0 0          0 eth0
link-local      *               255.255.0.0     U         0 0          0 eth0
192.168.0.0     *               255.255.255.0   U         0 0          0 eth0

lsof command - what's using port


Another very useful command as it gives you the ability to quickly identify what process is listening on a given port. lsof -i :port - Display processes listening on a specified port



john@john-desktop:~$ lsof -i :21
COMMAND  PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
ftp     5146 john    3u  IPv4 120628      0t0  TCP john-desktop.local:55339->server01.ukservers.net:ftp (ESTABLISHED)
ftp     5146 john    4u  IPv4 120628      0t0  TCP john-desktop.local:55339->server01.ukservers.net:ftp (ESTABLISHED)
ftp     5146 john    5u  IPv4 120628      0t0  TCP john-desktop.local:55339->server01.ukservers.net:ftp (ESTABLISHED)

In the above example we looked at who was using port 21. Here we can see a ftp session has been established by the user john.


netcat command


The netcat utility is a very versatile command that has multiple functionality. netcat can listen on ports and carry out port scans. One useful function is to use netcat to determine what is on the end of a given port. You can even interrogate remote servers and ports.



sles01:~ # netcat -v -v -z ls001a 3181
ls001a [192.168.0.24] 3181 (bmcpatrolagent) open
 sent 0, rcvd 0 

In the above example we requested information from remote server ls001 and asked what is on port 3181. Here we can see that a process bmcpatrolagent is active on this port.


route


The route command is used to display and configure the IP routing table. The main purpose of this command is to configure a static route from a device to a specific host or network. An example of the route command:


route

The output from the command is defined as:

Destination
The destination network or destination host.

Gateway
The gateway address or '*' if none set.

Genmask
Genmask is the generic network mask.

Flags

U - (route is up)
H - (target is a host)
G - (use gateway)
R - (reinstate route for dynamic routing)
D - (dynamically installed by daemon or redirect)
M - (modified from routing daemon or redirect)
A - (installed by addrconf)
C - (cache entry)
! - (reject route)


Network Configuration file locations


On many desktop systems today your IP address will be obtained automatically from your router when you plug your device into a network. When an IP address is obtained automatically, this is known as using dhcp. Here you are leased an IP address for a period of time. Many servers prefer to have a dedicated IP address (known as static). This IP address will not change by reboot or over a given time period.

The files that contain these configurations can generally be found in the following locations:

Debian GNU/Linux Based systems : /etc/network/interfaces

SUSE/SLES : /etc/sysconfig/network

Red Hat - CentOS- Fedora : /etc/sysconfig/network-scripts


Static and DHCP configuration example


The following example will shows the basic difference between a DHCP configuration and that of a Static IP configuration (Red Hat based distribution:

The file we will be looking at is called "ifcfg-eth0".

Static Configuration



DEVICE=eth0
BOOTPROTO=static
HWADDR=00:00:00:00:00:00
IPADDR=xxx.xxx.xxx.xxx
NETMASK=xxx.xxx.xxx.xxx
ONBOOT=yes


DHCP Configuration



DEVICE=eth0
BOOTPROTO=dhcp
HWADDR=00:00:00:00:00:00
ONBOOT=yes

If you are changing from static to dhcp or dhcp to static, you will need to restart your network to pick up your changes. T His can normally be done by issuing the following command:
service network restart

Alternatively, you can issue the following:

/etc/init.d/network restart

Remember if you make a change you can quickly check your IP address with the "ip a s" command.