Networking Linux Commands

Networking Linux commands are used to manage, configure and troubleshoot network connections on a Linux system. 

Some common networking Linux commands are:

ifconfig

"ifconfig" is a command line tool used to configure a network interface on Linux-based systems. It displays the configuration of the network interface(s), such as IP address, netmask, broadcast address, etc. You can also use it to bring up or down an interface or to set the IP address, netmask, etc. for an interface. 

The command syntax is:

ifconfig [interface [addess]]

The "ifconfig" command in Linux is used to configure network interfaces. It can be used to display the status of current network interfaces, assign an IP address, configure the subnet mask, and broadcast address, and many other network-related tasks. Some common usage examples include: 

Displaying all interfaces and their details: ifconfig

username@Technoscience:~$ ifconfig

enp0s3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500

        inet 10.0.2.15  netmask 255.255.255.0  broadcast 10.0.2.255

        inet6 fe80::f334:f0f:6e7f:e4ac  prefixlen 64  scopeid 0x20<link>

        ether 08:00:27:7c:13:96  txqueuelen 1000  (Ethernet)

        RX packets 86589  bytes 121679140 (121.6 MB)

        RX errors 0  dropped 0  overruns 0  frame 0

        TX packets 39729  bytes 2460671 (2.4 MB)

        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536

        inet 127.0.0.1  netmask 255.0.0.0

        inet6 ::1  prefixlen 128  scopeid 0x10<host>

        loop  txqueuelen 1000  (Local Loopback)

        RX packets 306  bytes 28551 (28.5 KB)

        RX errors 0  dropped 0  overruns 0  frame 0

        TX packets 306  bytes 28551 (28.5 KB)

        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

username@Technoscience:~$

Displaying a specific interface: ifconfig <interface>

username@Technoscience:~$ ifconfig enp0s3

enp0s3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500

        inet 10.0.2.15  netmask 255.255.255.0  broadcast 10.0.2.255

        inet6 fe80::f334:f0f:6e7f:e4ac  prefixlen 64  scopeid 0x20<link>

        ether 08:00:27:7c:13:96  txqueuelen 1000  (Ethernet)

        RX packets 86589  bytes 121679140 (121.6 MB)

        RX errors 0  dropped 0  overruns 0  frame 0

        TX packets 39729  bytes 2460671 (2.4 MB)

        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

username@Technoscience:~$

Assigning an IP address to an interface: ifconfig <interface> <ip_address> netmask <subnet_mask>

username@Technoscience:~$ ifconfig enp0s3 10.0.2.33 netmask 255.255.255.0

Enabling or disabling an interface: ifconfig <interface> down

username@Technoscience:~$ ifconfig enp0s3 down

or ifconfig <interface> up

username@Technoscience:~$ ifconfig enp0s3 up

Note that the exact usage and options of ifconfig may vary depending on the distribution of Linux you are using.

ip

The "ip" command is used to configure and manage network interfaces in Linux. With "ip", you can:

• Display network interface information and configuration
• Set network interface IP addresses and routes
• Add/remove network addresses from interfaces
• Display/manage the ARP table
• Display/manage routing table information
• Display/manage TCP/IP statistics

Example usage:

Display network interface information: "ip addr show"

username@Technoscience:~$ ip addr show

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000

    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

    inet 127.0.0.1/8 scope host lo

       valid_lft forever preferred_lft forever

    inet6 ::1/128 scope host

       valid_lft forever preferred_lft forever

2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000

    link/ether 08:00:27:7c:13:96 brd ff:ff:ff:ff:ff:ff

    inet 10.0.2.15/24 brd 10.0.2.255 scope global dynamic noprefixroute enp0s3

       valid_lft 82081sec preferred_lft 82081sec

    inet6 fe80::f334:f0f:6e7f:e4ac/64 scope link noprefixroute

       valid_lft forever preferred_lft forever

username@Technoscience:~$

Display routing table information: "ip route show"

username@Technoscience:~$ ip route show

default via 10.0.2.2 dev enp0s3 proto dhcp metric 100

10.0.2.0/24 dev enp0s3 proto kernel scope link src 10.0.2.15 metric 100

username@Technoscience:~$

Set IP address for an interface: "ip addr add 192.168.1.100/24 dev eth0"

username@Technoscience:~$ ip addr add 192.168.1.100/24 dev eth0

Note: The "ip" command is more recent than "ifconfig" and provides more advanced features, so it is recommended to use "ip" instead of "ifconfig" in most cases.

ping

The ping command is a networking utility tool used to test the reachability of a network host and measure the round-trip time for packets to travel from the source host to the target host and back. 

The basic syntax for using ping is 

ping [OPTION] [HOSTNAME/IPADDRESS]

The following are some of the commonly used options with ping:

• -c count: specifies the number of echo request packets to be sent.
• -W timeout: sets the time-out value in seconds for waiting for a response.
• -I interface: specifies the network interface to be used.
• -s packetsize: sets the packet size in bytes.
• -v: verbose output.

Example usage:

Here's an example of pinging google.com :

username@Technoscience:~$ ping google.com

PING google.com (216.58.203.46) 56(84) bytes of data.

64 bytes from bom12s05-in-f14.1e100.net (216.58.203.46): icmp_seq=1 ttl=53 time=113 ms

64 bytes from bom12s05-in-f14.1e100.net (216.58.203.46): icmp_seq=2 ttl=53 time=106 ms

64 bytes from bom12s05-in-f14.1e100.net (216.58.203.46): icmp_seq=3 ttl=53 time=154 ms

64 bytes from bom12s05-in-f14.1e100.net (216.58.203.46): icmp_seq=4 ttl=53 time=110 ms

64 bytes from bom12s05-in-f14.1e100.net (216.58.203.46): icmp_seq=5 ttl=53 time=144 ms

64 bytes from bom12s05-in-f14.1e100.net (216.58.203.46): icmp_seq=6 ttl=53 time=108 ms

64 bytes from bom12s05-in-f14.1e100.net (216.58.203.46): icmp_seq=7 ttl=53 time=118 ms

^C

--- google.com ping statistics ---

8 packets transmitted, 7 received, 12% packet loss, time 7025ms

rtt min/avg/max/mdev = 106.357/122.401/154.978/17.864 ms

username@Technoscience:~$

The commands send a request to the server, and the server returns a response. "ping" keeps sending the request every second, by default, and will keep running until you stop it with ctrl + C unless you pass the number of times you want to try with the -c option: 

username@Technoscience:~$ ping -c 2 -W 2 google.com

PING google.com (216.58.203.46) 56(84) bytes of data.

64 bytes from hkg12s10-in-f46.1e100.net (216.58.203.46): icmp_seq=1 ttl=53 time=110 ms

64 bytes from hkg12s10-in-f46.1e100.net (216.58.203.46): icmp_seq=2 ttl=53 time=123 ms

--- google.com ping statistics ---

2 packets transmitted, 2 received, 0% packet loss, time 4017ms

rtt min/avg/max/mdev = 103.961/115.574/123.322/7.476 ms

username@Technoscience:~$

Once the "ping" is stopped, it will print some statistics about the results: the percentage of packages lost, and statistics about the network performance.

As you can see the screen prints the host IP address, and the time that it took to get the response back. Not all servers support pinging, in case of the requests time out.

Sometimes this is done on purpose, to "hide" the server, or just to reduce the load. The ping packets
can also be filtered by firewalls.

ping works using the ICMP protocol (Internet Control Message Protocol), a network layer protocol
just like TCP or UDP. The request sends a packet to the server with the ECHO_REQUEST message and the server returns an ECHO_REPLY message. I won't go into details, but this is the basic concept.

Pinging a host is useful to know if the host is reachable (supposing it implements ping), and how
distant it is in terms of how long it takes to get back to you. Usually the nearest the server is geographic, the less time it will take to return back to you, for simple physical laws that cause a longer distance introduces more delay in the cables.

traceroute

"traceroute" is a network diagnostic tool for displaying the route packets take to the network host or destination. It shows the intermediate hops and their IP addresses, RTT (Round Trip Time), and packet loss along the path to the destination. The command provides information about the path that data follows from source to destination, identifying any network congestion, slowdowns, or faults along the way.

Syntax: 

traceroute [options] hostname/IP address

Options:

• -I: use ICMP packets instead of UDP
• -m max_ttl: maximum number of hops to search for target
• -q nqueries: number of probes per hop
• -w wait_time: waiting time in seconds for the response
• -n: display hostnames and IP addresses as numbers, not hostnames.

Example: 

username@Technoscience:~$ traceroute google.com

traceroute to google.com (216.58.203.46), 30 hops max, 60 byte packets

 1  _gateway (10.0.2.2)  0.856 ms  0.821 ms  0.804 ms

 2  * * *

 3  * * *

 4  * * *

 5  * 

username@Technoscience:~$

This will show the hops, RTT, and IP addresses along the route to reach the destination google.com.

Not every router traveled returns our information. In this case, traceroute prints * * *. Otherwise, we can see the hostname, the IP address, and some performance indicators.

For every router, we can see 3 samples, which means the traceroute tries by default 3 times to get you a good indication of the time needed to reach it. This is why it takes this long to execute traceroute compared to simply doing a ping to that host.

You can customize this number with the -q option:

username@Technoscience:~$ traceroute -q google.com

Cannot handle `-q' option with arg `google.com' (argc 2)

username@Technoscience:~$ traceroute -q 1 google.com

traceroute to google.com (216.58.203.46), 30 hops max, 60 byte packets

 1  _gateway (10.0.2.2)  1.008 ms

 2  *

 3  *

 4  *

<SNIP>

17  *^C

username@Technoscience:~$

netstat

netstat is a Linux command used to display information about network connections, routing tables, and interface statistics. The command shows active TCP and UDP connections, open sockets, and information about the interfaces and protocols in use. The options available for netstat allow for detailed information about the network status to be displayed, including the IP addresses and ports in use, and the state of the connections. Some common options for netstat include:

• -a: Display all active connections, including listening sockets.
• -t: Display only TCP connections.
• -u: Display only UDP connections.
• -n: Display IP addresses and port numbers in numerical form, instead of resolving them to hostnames and service names.
• -l: Display only listening sockets, which are sockets waiting for incoming connections.
• -r: Display the system routing table.

By default, netstat only displays established connections. 

username@Technoscience:~$ netstat

Active Internet connections (w/o servers)

Proto Recv-Q Send-Q Local Address           Foreign Address         State

Active UNIX domain sockets (w/o servers)

Proto RefCnt Flags       Type       State         I-Node   Path

unix  2      [ ]         DGRAM                    20813    /run/user/1000/systemd/notify

unix  3      [ ]         DGRAM                    13544    /run/systemd/notify

unix  7      [ ]         DGRAM                    13556    /run/systemd/journal/socket

<SNIP>

username@Technoscience:~$

The output of netstat is useful for troubleshooting network issues, such as slow network performance, or for monitoring network usage.

nslookup

nslookup (name server lookup) is a command-line tool that helps to find the IP address of a domain name. It can be used to resolve the hostname to the IP address or vice versa. The complete usage of nslookup is as follows:

nslookup [options] [hostname/IP address]

Options: 

• -a: Display all information about the host. 
• -d: Print debugging information. 
• -r: Disable recursion. 
• -v: Display verbose output. 
• -t type: Specify the query type (e.g. -t MX, -t A, -t NS, etc.). 
• -x address: Reverse lookup of an IP address.

Examples:

To resolve a domain name to an IP address: nslookup google.com

username@Technoscience:~$ nslookup google.com

Server: 127.0.0.53

Address: 127.0.0.53#53

Non-authoritative answer:

Name: google.com

Address: 172.217.166.174

Name: google.com

Address: 2404:6800:4009:80f::200e

username@Technoscience:~$

To find the name server of a domain: nslookup -t ns google.com

username@Technoscience:~$ nslookup -t ns google.com

;; Connection to 2404:6800:4009:80f::200e#53(2404:6800:4009:80f::200e) for ns failed: network unreachable.

username@Technoscience:~$

To perform a reverse lookup of an IP address: nslookup -x 8.8.8.8

username@Technoscience:~$ nslookup -x 8.8.8.8

8.8.8.8.in-addr.arpa name = dns.google.

Authoritative answers can be found from:

username@Technoscience:~$

route

the "route" is a Linux command used to view and manipulate the IP routing table of a system. The IP routing table is a data structure used by the kernel to determine the path that network packets should take when they leave the local host. The route command is used to view the current routing table, add or delete routing table entries, and modify existing entries.

Here are some standard options and usage of the route command:

• route add: Adds a new entry to the routing table
• route delete: Deletes an entry from the routing table
• route show: Displays the current routing table
• route -n: Shows the routing table without performing hostname resolution
• route -net: Shows the routing table for a specific network

The route command can also be used to view and set the default gateway for a system. The default gateway is the IP address of the router that connects the local network to the Internet.

For more information and usage examples of the route command, refer to the man pages or online documentation for your specific operating system.

hostname 

The "hostname" command in Linux is used to display or set the hostname of the system.

Syntax: 

hostname [OPTION] [HOSTNAME]

Options: 

• -a, --alias: Display the alias name (if used) 
• -d, --domain: Display the name of the DNS domain 
• -f, --fqdn, --long: Display the fully qualified domain name 
• -A, --all-fqdns: Display all fully qualified domain names 
• -i, --ip-address: Display the IP address(es) associated with the hostname 
• -s, --short: Display the short hostname

Example usage:

To display the current hostname: hostname

username@Technoscience:~$ hostname

Technoscience

username@Technoscience:~$

To set a new hostname: hostname new_host_name

username@Technoscience:~$ sudo hostname newhost

username@Technoscience:~$ hostname

newhost

username@Technoscience:~$

Note: Changing the hostname requires superuser privileges.

dig

"dig" is a network administration command-line tool used for querying the Domain Name System (DNS). It performs DNS lookups and displays the answers that are returned from the DNS server(s) that were queried.

Syntax: 

dig [options] [domain-name | host-name] [@server]

Options: 

• -a, --address: display the IP address(es) of the host(s) 
• -A, --any: set query type to ANY 
• -c, --class=CLASS: query for a specific class (IN, CH, HS) 
• -C, --tcp: use TCP instead of UDP 
• -d, --debug enable debug output 
• -e, --edns=0|1: set EDNS version 0 or 1 
• -f, --file=FILE: specify a file containing the query 
• -h, --help: display usage and exit
• -i, --ignore: ignore truncation of responses 
• -k, --checknames: check names in the reply 
• -m, --msgarray: print out an array of raw message packets 
• -M, --dnssec: request DNSSEC records 
• -n, --ndots=NUMBER: set search NDOTS value 
• -p, --port=PORT: set destination port number 
• -q, --query=QUERY: set query type or class 
• -Q, --quote: quote names in the reply 
• -r, --recurse: set recursion desired 
• -t, --type=TYPE: query for a specific type (A, MX, NS, ...) 
• -u, --user=USER: set the username for TSIG 
• -v, --verbose: enable verbose output 
• -x, --reverse: reverse the lookups (PTR) 
• -y, --key=KEY: set TSIG key -4, 
• --ipv4: use IPv4 only -6, 
• --ipv6: use IPv6 only

Examples: 

dig example.com perform a lookup for example.com 

username@Technoscience:~$ dig google.com

; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> google.com

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53668

;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 65494

;; QUESTION SECTION:

;google.com.                 IN A

;; ANSWER SECTION:

google.com.         258 IN A 216.58.203.14

;; Query time: 179 msec

;; SERVER: 127.0.0.53#53(127.0.0.53)

;; WHEN: Fri Feb 03 00:51:19 IST 2023

;; MSG SIZE  rcvd: 55

username@Technoscience:~$

• dig example.com MX perform an MX record lookup for example.com 
• dig @8.8.8.8 example.com perform a lookup for example.com using the specified DNS server 
• dig -x IP_ADDRESS performs a reverse lookup for an IP address

ssh

Secure Shell (SSH) is a protocol used for secure communication over the internet. It provides secure encrypted communications between two untrusted hosts over an insecure network. SSH is used to log into a remote machine and execute commands, transfer files, or act as a secure SOCKS-based VPN. SSH typically uses port 22 and is based on the client-server architecture.

The client software establishes a secure connection with the server, authenticates the user, and then runs a shell session. SSH uses public-key cryptography to authenticate the remote computer and to secure the data that is being transmitted.

The ssh command is used to initiate an SSH connection in the terminal. You can connect to a remote host by specifying its hostname or IP address:

mrdev@kali:~$ ssh user@hostname

The scp command is used to securely copy files between hosts:

mrdev@kali:~$ scp file user@hostname:path

There are many other options and features available with SSH, including key-based authentication, port forwarding, X11 forwarding, and much more.