computer networks

Top 10 network commands and their uses

Today every computer is connected to some other computer through a network whether internally or externally to exchange some information. This network can be small as some computers connected in your home or office, or can be large or complicated as in large offices or the entire Internet.
Maintaining a system’s network is a task of the System/Network administrator.

Here is a list of 10 Networking commands that must be known to the network administrator/tech support engineer

  1. ifconfig
  2. ip
  3. ping
  4. traceroute
  5. netstat
  6. telnet
  7. dig
  8. netcat
  9. nmap
  10. Wireshark

1. ifconfig

ifconfig, will be one of the most used commands and for a long time it was the default command used to configure and troubleshoot network interface and issues on linux, ifconfig is a command-line interface tool for network interface configuration and is also used to initialize interfaces at system boot time.
It is also used to view the IP Address, Hardware / MAC address, as well as MTU (Maximum Transmission Unit) size of the currently active interfaces.

Running ifconfig without any arguments, lists all the interfaces which are currently in operation

ifconfig

To list all interfaces which are currently available, whether up or down, use the -a flag

[centos@midas ~]$ ifconfig -a
enp3s0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 192.168.1.152  netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 fe80::da72:6a96:b4cc:b4d6  prefixlen 64  scopeid 0x20<link>
        ether 00:e0:4d:1e:b3:1c  txqueuelen 1000  (Ethernet)
        RX packets 1443  bytes 111527 (108.9 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 124  bytes 10010 (9.7 KiB)
        TX errors 8  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 144  bytes 12836 (12.5 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 144  bytes 12836 (12.5 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wlp0s20u6: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.29.22  netmask 255.255.255.0  broadcast 192.168.29.255
        inet6 fe80::6ebc:877a:f6c0:885c  prefixlen 64  scopeid 0x20<link>
        inet6 2405:201:4019:91a2:d7c7:e3b2:ae40:468a  prefixlen 64  scopeid 0x0<global>
        ether 3c:33:00:60:48:f8  txqueuelen 1000  (Ethernet)
        RX packets 551536  bytes 105040791 (100.1 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 51404  bytes 5621067 (5.3 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Viewing the configuration of a specific interface

[centos@midas ~]$ ifconfig enp3s0
enp3s0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 192.168.1.152  netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 fe80::da72:6a96:b4cc:b4d6  prefixlen 64  scopeid 0x20<link>
        ether 00:e0:4d:1e:b3:1c  txqueuelen 1000  (Ethernet)
        RX packets 1443  bytes 111527 (108.9 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 124  bytes 10010 (9.7 KiB)
        TX errors 8  dropped 0 overruns 0  carrier 0  collisions 0

Configuring an interface

[root@midas ~]# ifconfig enp3s0  192.168.1.122 netmask 255.255.255.0 broadcast 192.168.1.255
[root@midas ~]# ifconfig enp3s0
enp3s0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 192.168.1.122  netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 fe80::da72:6a96:b4cc:b4d6  prefixlen 64  scopeid 0x20<link>
        ether 00:e0:4d:1e:b3:1c  txqueuelen 1000  (Ethernet)
        RX packets 1443  bytes 111527 (108.9 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 124  bytes 10010 (9.7 KiB)
        TX errors 8  dropped 0 overruns 0  carrier 0  collisions 0

2. IP

The IP command is the new default networking command for linux and has replaced ifconfig, it is a part of iproute2util package. IP command takes different flags and syntax than if config command. The ip command is more versatile and technically more efficient than ifconfig because it uses Netlink sockets, though the syntax can be more complex than ifconfig

To list all the all the interfaces we can use “”ip addr show”” or “”ip a”” for short

[root@midas ~]# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: enp3s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq_codel state DOWN group default qlen 1000
    link/ether 00:e0:4d:1e:b3:1c brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.122/24 brd 192.168.1.255 scope global noprefixroute enp3s0
       valid_lft forever preferred_lft forever
    inet6 fe80::da72:6a96:b4cc:b4d6/64 scope link noprefixroute
       valid_lft forever preferred_lft forever
3: wlp0s20u6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 3c:33:00:60:48:f8 brd ff:ff:ff:ff:ff:ff
    inet 192.168.29.22/24 brd 192.168.29.255 scope global dynamic noprefixroute wlp0s20u6
       valid_lft 15969sec preferred_lft 15969sec
    inet6 2405:201:4019:91a2:d7c7:e3b2:ae40:468a/64 scope global dynamic noprefixroute
       valid_lft 3596sec preferred_lft 3596sec
    inet6 fe80::6ebc:877a:f6c0:885c/64 scope link noprefixroute
       valid_lft forever preferred_lft forever

Add IP address

[root@midas ~]# ip a add 192.168.1.152/24 dev enp3s0

[root@midas ~]# ip a show  enp3s0
2: enp3s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq_codel state DOWN group default qlen 1000
    link/ether 00:e0:4d:1e:b3:1c brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.122/24 brd 192.168.1.255 scope global noprefixroute enp3s0
       valid_lft forever preferred_lft forever
    inet 192.168.1.152/24 brd 192.168.1.255 scope global secondary noprefixroute enp3s0
       valid_lft forever preferred_lft forever
    inet6 fe80::da72:6a96:b4cc:b4d6/64 scope link noprefixroute
       valid_lft forever preferred_lft forever

Enable or disable a network

ip commands uses the set sub command for this operation

ip link set enp3s0 up
ip link set enp3s0 down

3. Ping

Ping is a simple, widely used, cross-platform networking utility for testing if a host is reachable on an Internet Protocol (IP) network. It works by sending a series of Internet Control Message Protocol (ICMP)

ping is a very common and relatively simple command, but it also provides there are some great options and techniques that make the tool even better, to troubleshoot connectivity issues

[root@midas ~]# ping 192.168.29.1
PING 192.168.29.1 (192.168.29.1) 56(84) bytes of data.
64 bytes from 192.168.29.1: icmp_seq=1 ttl=64 time=1.59 ms
64 bytes from 192.168.29.1: icmp_seq=2 ttl=64 time=2.00 ms
64 bytes from 192.168.29.1: icmp_seq=3 ttl=64 time=1.30 ms
64 bytes from 192.168.29.1: icmp_seq=4 ttl=64 time=1.49 ms
^C
--- 192.168.29.1 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3004ms
rtt min/avg/max/mdev = 1.303/1.592/1.995/0.253 ms

ping -a <host>, adds audible cue, giving a system sound whenever the pings are successful

ping -c <host>, lets you adjust the number of pings

ping <hostname> also lets you display the ip address of the hostname

Output from ping

  • ping output provides some useful insights into the quality of the network, the most important metrics are packet loss, time,
    • whether the target host is reachable (active) or not,
    • to measure the amount of time it takes for packets to get to the target host and back to your computer
    • the packet loss, expressed as a percentage.
  • timeout message indicates that your machine believes it sent successful ping queries to the destination but it did not receive the replies in the specified time
  • TTL means “”time to live””.  It is a value on an ICMP packet and this value is decreased every time a router touches the packet. If the TTL ever reaches zero, the packet is discarded. It is a measure of the number of hops the packet took to reach the destination, if your initial value was 64 and now you see a value of 28 there are 36 hops between the originated and final destination
  • Time metric can also be used to assess the quality of the network and it provides insights into latency and jitter in the network, a high response time signifies high latency, where as a fluctuating time value in response signifies jitter.

4. Traceroute

Traceroute is a command-line utility for tracing the full path from your local system to another network system. It prints a number of hops (router IPs) in that path you travel to reach the end server. It is an easy-to-use network troubleshooting utility after the ping command

5. Netstat (network statistics

netstat (network statistics) is the command-line tool for monitoring network connections both incoming and outgoing as well as viewing routing tables, interface statistics, etc. It can be used for troubleshooting and for configuration.

Listing all ports

Note : we have used more to control the output, it is not necessary

[root@midas ~]# netstat -a | more
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 localhost:ipp           0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:ssh             0.0.0.0:*               LISTEN
tcp        0     96 midas.upspiroffice.:ssh 192.168.29.147:53980    ESTABLISHED
tcp6       0      0 [::]:ssh                [::]:*                  LISTEN
tcp6       0      0 localhost:ipp           [::]:*                  LISTEN
udp        0      0 0.0.0.0:mdns            0.0.0.0:*
udp        0      0 0.0.0.0:47053           0.0.0.0:*
udp        0      0 midas.upspiroffi:bootpc reliance.relianc:bootps ESTABLISHED
udp        0      0 localhost:323           0.0.0.0:*
udp6       0      0 [::]:mdns               [::]:*

List only TCP port connections

For listing only TCP (Transmission Control Protocol) port connections using netstat -at.

[root@midas ~]# netstat -at
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 localhost:ipp           0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:ssh             0.0.0.0:*               LISTEN
tcp        0    288 midas.upspiroffice.:ssh 192.168.29.147:53980    ESTABLISHED
tcp6       0      0 [::]:ssh                [::]:*                  LISTEN
tcp6       0      0 localhost:ipp           [::]:*                  LISTEN
[root@midas ~]#

Listing all active listening ports netstat -l

Listing all active listening UDP ports by using option netstat -lu

Showing network interface packet transactions including both transferring and receiving packets with MTU size

[root@midas ~]# netstat -i
Kernel Interface table
Iface             MTU    RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg
enp3s0           1500      133      0      0 0            38      5      0      0 BMRU
lo              65536       44      0      0 0            44      0      0      0 LRU
wlp0s20u6        1500      844      0      0 0           198      0      0      0 BMRU

6. Telnet

Telnet command is used to establish the connections between different machines. This command allows us to manage the remote devices using the CLI (command-line interface)

Open a connection with a remote host

[root@localhost centos]# telnet 192.168.1.22 80
Trying 192.168.29.22...
Connected to 192.168.29.22.
Escape character is '^]'.

If no port is specified, it uses TCP port 23 which is assigned to the telnet protocol

7. Nslookup

tool for testing and troubleshooting DNS servers (Domain Name Server). It is used to query specific DNS resource records (RR) as well

8. Dig (Domain Information Groper)

just like nslookup command, this command is used for querying and getting information of DNS (Domain Name System).

Dig stands for (Domain Information Groper) is a network administration command-line tool for querying Domain Name System (DNS) name servers.

[root@localhost centos]# dig yahoo.com

; <<>> DiG 9.16.23-RH <<>> yahoo.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26615
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;yahoo.com.                     IN      A

;; ANSWER SECTION:
yahoo.com.              561     IN      A       74.6.231.21
yahoo.com.              561     IN      A       74.6.231.20
yahoo.com.              561     IN      A       74.6.143.25
yahoo.com.              561     IN      A       98.137.11.163
yahoo.com.              561     IN      A       98.137.11.164
yahoo.com.              561     IN      A       74.6.143.26

;; Query time: 2 msec
;; SERVER: 192.168.29.1#53(192.168.29.1)
;; WHEN: Thu Sep 29 15:27:37 IST 2022
;; MSG SIZE  rcvd: 123

Dig command reads the /etc/resolv.conf file and querying the DNS servers listed there   

To query domain “A” record with +short

[root@localhost centos]# dig yahoo.com +short
98.137.11.164
74.6.143.26
74.6.231.21
74.6.231.20
74.6.143.25
98.137.11.163

9. Netcat

Netcat (or nc in short) is a simple yet powerful networking command-line tool used for performing any operation in Linux related to TCP, UDP, or UNIX-domain sockets.

Netcat can be used for port redirection, as a port listener (for incoming connections); it can also be used to open remote connections and so many other things. Besides, you can use it as a backdoor to gain access to a target server.

Here is an example, the -z option sets nc to simply scan for listening daemons, without actually sending any data to them. The -v option enables verbose mode and -w specifies a timeout for connection that can not be established.

10. Nmap

Network Mapper is an open-source and a very versatile tool for Linux system/network administrators. Nmap is used for exploring networks, performing security scans, network audit,s and finding open ports on the remote machine

Nmap allows you to scan your network, to discover not only what is connected to it but also a host of other information like what devices are listening on which ports, it comes with a large number of scanning techniques and filters.

Scan a System with Hostname and IP Address

to find out all open ports, services and MAC addresses on the system.

nmap hostname
nmap ipaddress
[root@midas centos]# nmap 192.168.29.44
Starting Nmap 7.91 ( https://nmap.org ) at 2022-09-29 15:42 IST
Nmap scan report for 192.168.29.44
Host is up (0.021s latency).
Not shown: 997 filtered ports
PORT     STATE  SERVICE
22/tcp   open   ssh
2049/tcp open   nfs
MAC Address: 80:86:F2:47:E4:C4 (Intel Corporate)

Nmap done: 1 IP address (1 host up) scanned in 10.53 seconds

….

…..

Author

Pravin Tewari
Senior Manager, Application and Cloud Support

Pravin is a visionary professional with over 11 years of experience in Technical Support, Cloud Infrastructure Management, and Customer Experience. He has hands-on experience in working across the lifecycle of project delivery and deployment, solution consulting, and support. He has deep experience in managing cloud deployments and implementing DevOps tools for automation to provide better uptime. Pravin has successfully led large product & cloud support teams, and coached & mentored a high-performing team that delivers high-quality service to customers.

Add a Comment

Your email address will not be published. Required fields are marked *