9 Network Commands for every Linux Admin
The ip command replaced the old ifconfig and route commands. The ip command allows you to configure, add, delete and view network interfaces. For example, if you issue the command ip a, you'll see all configurations for all of your network interfaces. That might be a bit overwhelming, so to get only the information you need, go with ip link show. This will still display information for all of your connected network interfaces, but it'll be more compact.
To view a specific interface, you could issue the command ip address show dev ens5, which will give you more detailed information, but for only the network interface named ens5.
You can also view the routing table with the command ip route.
The ip command also allows you to enable and disable network interfaces. To bring up interface ens5, the command would be:
sudo ip link set ens5 up
To bring down that same interface, the command would be:
sudo ip link set ens5 down
The netstat command allows you to examine network connections, routing tables, interface statistics, masquerade connections, multicast memberships and more. This is a very good tool to help you troubleshoot network issues. For example, you could use netstat to listen to all tcp ports with the command:
As traffic comes in, netstat will report it.
The netstat command can also be used to only display ports that are currently listening. This is done with the command:
You can also specify either listening TCP or UDP ports like so:
netstat -lt netstat -lu
To listen to all statistics for all ports:
To add process IDs (PIDs) to the output:
The nmap utility is used for network discovery, auditing, and administration. The more useful tasks nmap can take care of are what ports are open on a remote machine and OS/service detection.
To check and see what ports are open on a remote machine, issue the command:
Where SERVER is the IP address or domain of the remote server.
The output will list all open ports on the server, such as:
PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 443/tcp open https
You can also check to see what hosts are up on your network with the command:
nmap -sn 192.168.1.0/24
The output will display results like:
Nmap scan report for 192.168.1.1 Host is up (0.00096s latency). Nmap scan report for 192.168.1.35 Host is up (0.0038s latency). Nmap scan report for 192.168.1.42 Host is up (0.0032s latency). Nmap scan report for 192.168.1.50 Host is up (0.0051s latency). Nmap scan report for 192.168.1.53 Host is up (0.0031s latency). Nmap scan report for 192.168.1.60 Host is up (0.0038s latency). Nmap scan report for 192.168.1.67 Host is up (0.0035s latency). Nmap scan report for 192.168.1.108
To find out what operating systems are being used by a host, add the -O flag, such as:
sudo nmap -O 192.168.1.120
You should see something like:
Running: Linux 2.6.X OS CPE: cpe:/o:linux:linux_kernel:2.6.32 OS details: Linux 2.6.32
The output for this can be quite deceiving because the kernel on the host I scanned is 5.8.0-41. You can get more detailed information about that host with the command:
sudo nmap -A 192.168.1.120
If you use the ping command (which is a very basic network command every admin should already know) and it displays missing packets, you'll want to use traceroute to find the route those packets are taking. This is a very handy tool to find out which hop in a route is causing problems.
If you issue the command:
You'll see a list of every hop the packet takes from the current machine to google.com. You'll see listed the time (in milliseconds) it took from hop to hop or if there's a problem with a hop, you'll see where exactly the packets are failing.
The output of the above command shouldn't take much time. If it does, you know there's a problem and where the problem is.
If you see * * * listed in the route (where a hop should be), that's where the problem is.
tcpdump is a packet sniffing tool that will display network packets being transmitted over the network. The tcpdump command can either read contents in real-time or from a previously captured session.
To listen for network packets on all interfaces, issue the command:
sudo tcpdump -i any
The problem with such a command is that it will display quite a large amount of information. Because of that, you might want to capture the packets to a file, so you can view them later. To do this, the command would be (and run this from the /tmp directory, otherwise you'll get a permission-denied error when you try to read the file later):
sudo tcpdump -i any -w capture.pcap
After you feel like enough packets have been captured, you can stop the command with the [Ctrl]+[c] combination. To view the packets from the command, you'd issue:
tcpdump -r capture.pcap
If you have any intention of doing remote network administration, you'll be using Secure Shell (SSH). There are several ways to use this tool, but the basic usage is:
Where USER is the remote username and SERVER is either the IP address or domain of the remote server. If your server uses a non-standard port for SSH, the command would be:
ssh USER@SERVER -p PORT
Where USER is the remote username, SERVER is either the IP address or domain of the remote server, and PORT is the port number used by the SSH daemon on the remote server.
The wget command allows you to download files to your server. This is useful when that server doesn't have a GUI to make downloading files easier.
To download a file to the server with wget, the command would be:
Where SERVER is either the IP address or domain of the remote server and FILE is the file to be downloaded.
Netplan is the tool used on Ubuntu Server to test and apply network interface configurations. Netplan reads YAML files from the /etc/netplan directory. You can configure multiple interfaces and then test the configuration with the command:
sudo netplan try
If the test comes back OK, you can then apply the configuration (which will also bring the interface up) with the command:
sudo netplan apply
To find out how to configure a static IP address with netplan, read "How to configure a static IP address in Ubuntu Server 18.04."
Nmtui is an ncurses interface on Red Hat-based distributions that allows you to configure and bring up/take down network interfaces. This is a front end for the nmcli command, which is considerably easier to use. To find out how to use nmtui, read "How to edit a CentOS network connection from the command line."
And there you have it, 9 Linux network commands that should get you started with your first steps as a Linux systems/network administrator. With each of these tools, you can learn more by reading the man pages, as in man nmap.