Linux

25 Essential Linux Commands for Setting Up, Monitoring, and Troubleshooting Computer Networks

Paul Nixer

Paul Nixer

9 min read
25 Essential Linux Commands for Setting Up, Monitoring, and Troubleshooting Computer Networks
Photo by Lee Lawson / Unsplash

Why terminal is not legacy and command line skills still matter

Many new people in tech think that the terminal is something old-fashioned from the 70s or 80s and should be replaced by a UI with a bunch of flashy buttons. Reality is different, as it often happens. Console is a must in system and network administration and many tools do not have GUI (Graphical User Interface) versions. Scripting languages like Bash or Python are very important because they can be used to create simple console applications for performing repetitive tasks, data analysis, visualization, and more. Command line skills are essential for DevOps professionals who need to automate and manage software development and deployment processes on local machines, dedicated servers, clusters, and cloud environments. Many legacy systems still rely on command line interfaces for maintenance and administration.

Lost connection - how to debug it in Linux and help ISP support fix the problem faster

The typical situation when you have a video call, an interview, or just a job to do and your Internet connection is down. Of course, the easiest solution is to call your ISP and they will send a support guy or girl to your home to see what happened. But at best you will have to wait a few hours, at worst a day or two. To speed things up, let's provide your ISP with additional technical information and help them solve the problem more effectively.

First point to start - the pure classic of tech support: "Turn your equipment off and on". If this does not help, it is time to dig deeper. Console tools are super helpful here, even if you don't understand all the details, don't worry, they'll all be explained later in this post.

  • ping 1.1.1.1 - check if Cloudflare DNS answers to ping. Why? Cloudflare serves half of the internet under their CDN, so make sure your connection is working and this is not a failed connection with current website in your browser. If ping is OK, you have nothing to worry about.

  • ip route show - routing table should contain default route, check the label "default" in the output.

  • DEFAULT_GATEWAY=$(ip -4 route show default | awk '{print $3}') && ping $DEFAULT_GATEWAY - here we ping your default gateway. If you are using IPv6, repeat the previous command with the -6 flag. In most cases, the default gateway is your Wi-Fi router or modem, so if the ping doesn't work, replace it or connect your desktop or laptop directly.

  • dig nixsanctuary.com @1.1.1.1 - this command checks if your DNS are OK. If everything is fine, you will get IP addresses of this beautiful outstanding blog, if not - the error. The possible workaround is to change your default ISP DNS to 1.1.1.1. The instructions depend on your Linux distribution, so check the official documentation.

  • traceroute 1.1.1.1 - let's trace the path to the failure point and make a note of it.

  • tcpdump -i eth0 -nnvvS - get the traffic dump with source and destination IP addresses, TCP/UDP ports, and message payloads.

As you can see, there is nothing fancy or super complex about these commands. Write it all down in a file and send it to your ISP and they will be able to solve the problem faster. And we will find out what these and other useful network administration commands do.

Network Setting commands

ethtool - wired network interface setup tool

Well-known tool to check the current NIC speed (10, 100, 1000 Mbps) and increase it if necessary.

Useful examples:

  • ethtool eth0 - show current settings for interface "eth0".
  • ethtool --show-features eth0 - show all supported features.
  • ethtool -s eth0 speed 1000 duplex full autoneg on - enable full duplex, gigabit per second speed and autonegotiation for interface "eth0".
  • ethtool --identify eth0 2 - make the LED flash for 2 seconds.

iproute2/ip - must-have mega-tool for setting up devices, routing, policies and even tunnels.

Probably the most important tool for Linux network setup, you need to know it 100% 'cause this is real Swiss knife in Linux world. There are several tools available: ip, lnstat, nstat, rdma, rtacct, rtmon, rtstat, ss, tc, tipc, vdpa, ifstat, genl, devlink, dcb, ctstat, bridge. In this chapter we will observe the `ip' command - probably the most powerful of the subset.

  • ip address or ip a - show all interface details with their IP addresses.
  • ip link set eth0 up - enable the eth0 interface.
  • ip route or ip r - display the routing table.
  • ip route add default via 10.0.0.1 dev eth0 - add the default route 10.0.0.1 for the interface "eth0".
  • ip neighbour or ip n - show the neighbors (reachable network devices around).
  • ip addr add 10.1.1.2/32 dev eth1 - add IP address to interface "eth1".
  • ip addr del 10.1.1.2/32 dev eth2 - remove the IP address from interface "eth2".

ifconfig - legacy ip command alternative

This is a legacy tool, but it's still widely available on many different network devices, and there's reason to know the basics:

  • ifconfig -a - show information about all available interfaces.
  • ifconfig eth0 up - enablethe "eth0" interface.
  • ifconfig eth1 down - disable the "eth1" interface.
  • ifconfig eth0 192.168.1.2 - set the IP address for interface "eth0".

nmcli - the Network Manager cli tool

NetworkManager is the de facto standard tool for network management in Linux and is available in GUI, console and TUI (pseudo-graphical mode in console) modes. There are competitors from Netplan (Ubuntu) and systemd-networkd, but their popularity is radically lower.

You already know how to manage network interfaces with ip and ifconfig, but what about Wi-Fi? No problem for NetworkManager.

  • nmcli device wifi list - show available Wi-Fi access points.
  • nmcli device wifi connect myAP password mypassw - connect to the protected wifi network "myAP".
  • nmcli -p -f general,wifi-properties device show wlan0 - list general information about the interface "wlan0".
  • nmcli --ask con up my-vpn-con - enable VPN connection and ask for password.
  • Add network interface "my-con" and configure IPv4/IPv6 addresses:
nmcli con add con-name my-con ifname em1 type ethernet \
      ip4 192.168.100.100/24 gw4 192.168.100.1 ip4 192.168.100.200 ip6 abbe::cafe
nmcli con mod my-con ipv4.dns "8.8.8.8 8.8.4.4"
nmcli con mod my-con +ipv4.dns 1.2.3.4
nmcli con mod my-con ipv6.dns "2001:4860:4860::8888 2001:4860:4860::8844"
nmcli -p con show my-con

tc - traffic control

tc` is another tool in the iproute2 suite. It is very useful for traffic control - for example, you can set the traffic limits of your parents' devices to 5 Kbps, so they will not be able to sit all night watching Netflix 😄.

  • tc qdisc add dev eth0 root netem delay 100ms - add 100 ms delay to outbond packages.
  • tc qdisc add dev eth0 root netem delay 100ms 100ms - set normal distributed network delay to outbound packages.
  • tc qdisc add dev eth0 root netem corruption|loss|duplication effect_percentage% - enable package corruption/loss/duplication to a portion of packages.
  • tc qdisc add dev eth0 root tbf rate 1mbit burst 100kbit latency 200ms - limit bandwidth to 1 Mbps, burst rate to 100 Kbps and max latency 200 ms.
  • tc qdisc show dev eth0 - show control policies.
  • tc qdisc del dev eth0 - delete all control rules.

Nftables -the Iptables alternative

New modern Iptables alternative: chains, tables, rules - all as usual, but with a modern, fashionable look.

  • nft list ruleset - view the current configuration
  • nft add table inet filter - add net filter table
  • nft add chain inet filter input \{ type filter hook input priority 0 \; policy accept \} - accept all ingress
  • nft add rule inet filter input tcp dport \{ telnet, ssh, http, https \} accept - accept all ports for telnet, ssh, http, https
  • nft --handle --numeric list chain family table chain - show chain rules
  • nft delete rule inet filter input handle 3 - delete the rule 3
  • nft list ruleset > /etc/nftables.conf - save current configuration.

Network Monitoring commands

Ping & Arping - tests network connectivity

"Hey buddy, are you alive?" Ping does just that - it sends the ICMP ECHO_REQUEST to the host you want to check.

  • ping google.com - typical ping request.
  • ping -c 10 localhost - ping the targed only 10 times to be sure.
  • ping -i 100 - ping with 100 seconds interval
  • ping -s 1280 - ping with MTU packet size 1280
  • ping -a - ping and ring the bell when package is received.

Arping is very similar, but uses the ARP protocol:

  • arping IP - ping by ARP request packets.
  • arping -I eth0 - ping host on interface "eth0".
  • arping -U IP - broadcast ARP request packets to update neighbors' ARP caches.

Traceroute - displays network routing information

Print the packet route to the destination with additional information.

  • traceroute nixsanctuary.com - print the route to this cool blog.
  • traceroute --wait=2.5 - set the wait time in seconds.
  • traceroute --queries=5 - number of queries per hop.
  • traceroute --icmp - use ICMP instead of UDP.
  • traceroute --mtu - print MTU of destination.

Netstat - displays network socket information

  • netstat --listening - print all listening ports.
  • netstat -nltpua - show all listening sockets with local and remote addresses, states and program names.

Lsof - shows open files and sockets

  • lsof -i - print all applications that are listening to posts.
  • lsof -i :3000 - find who's listening port 3000.
  • lsof -i6TCP:port -sTCP:LISTEN -n -P - find who is listening on a local IPv6 TCP port and don't convert network or port numbers.

Iftop - displays network interface traffic information

  • iftop - show the table of processes and their bandwidth.
  • iftop -i eth0 - show the statistics on the eth0 interface.

Nethogs/Iptraf/Iftop/Ntop - displays network interface traffic information

  • nethogs eth0 -t 2 - monitor bandwidth on interface "eth0" with interval 2 seconds.
  • iptraf -i eth0 -g -t 5 - show traffic monitoring of interface "eth0" with interval 5 seconds.
  • iftop -i eth0 -P monitor bandwidth on interface "eth0" and show the bandwidth usage with port information.
  • ntop -t 5 protocols="HTTP=http|www|https|3128,FTP=ftp" -w 8080 - monitor HTTP and FTP protocols with a timeout of 5 seconds.

Iperf - speed benchmarking tool

To measure the network bandwidth speed between computers, we need to install iperf as a client on one machine and as a server on another.

  • iperf -u -s -p 5001 - run server using UDP mode on port 5001.
  • iperf -u -c SERVER_IP -P 4 - run iperf in client mode using UDP and connect to the "SERVER_IP" with 4 parallel threads.

Network Troubleshooting commands

Tcpdump - captures and displays network traffic

Tcpdump is a very useful tool that allows you to capture network traffic to a file and analyze it.

  • tcpdump -i eth0 - capture all traffic from the "eth0" interface.
  • tcpdump host nixsanctuary.com -A tcp - capture all TCP traffic between hose and this website.
  • tcpdump -i eth0 src 10.1.1.1 and dst 10.1.1.2 and dst port 80 - capture the traffic between two IP addresses on port 80.
  • tcpdump net 10.0.0.1/24 -w dumpfile.pcap - dump the all subnet traffic to a file.

Tshark - TUI version of Wireshark

We got the traffic dump from tcpdump, now it's time to analyze it with the tshark command.

  • tshark -f 'udp port 53' - analyze DNS traffic only
  • tshark -Y 'http.request.method == "PUT"' - show only packets with PUT request only.
  • tshark -T fields|ek|json|pdml -e http.request.method -e ip.src - show only specific output fields.

Dig - performs DNS lookups

This tool is very good for manually testing DNS with running queries.

  • dig +short google.com - show the IP of google.com domain.
  • dig +tls @9.9.9.9 apple.com - use an alternate DNS server.
  • dig -x 1.1.1.1 - run the reverse DNS query.

Mtr - combines ping and traceroute for network monitoring

Great for troubleshooting, shows hosts with problematic connections.

  • mtr --report-wide google.com - generate extended report.
  • mtr --interval 10 --show-ips linux.com - 10 second timeout for network queries, also show IP addresses.

Whois - shows tons of info about domains

  • whois domain.com - show info about domain name.
  • whois 1.1.1.1 - show info about IP address.

Mitmproxy - spy on SSL connections of browsers or other applications

Sometimes you need to look under the hood of an encrypted TLS connection for debugging purposes, and this is the tool for the job.

  • mitmproxy --listen-host IP --listen-port PORT - run the proxy on "IP:PORT".
  • mitmproxy --scripts script.py - use the Python script for automation.

Nmap - tool for scanning TCP and UDP ports

Probably on of the most popular tool here and doesn't need an intro.

  • nmap -v3 example.com - start verbose scan.
  • nmap -A -iL hosts.txt - enable OS & version detection, script scanning and traceroute to all targets from hosts.txt.
  • nmap --script "default and safe" target.com - enable careful scan mode.

Netcat - like the classic cat tool, but for TCP and UDP connections

Surprisingly, many people still don't know about this powerful command. It can be useful to test open ports, port redirections, file transfers and many other things.

  • nc -u 10000 - start listening on port 10000.
  • nc -v host.com 10000 - connect to port 10000 from another host.
  • nc -z -v 8.8.8.8 2000-3000 - start open port scanning on range 2000-3000.
  • nc -l 7777 > file on host1 and nc host1.com 77777 < file_name on host2 - transfer file from host1 to host2.
  • nc -l 3333 on host1 and nc host1.com 3333 on host2 - create the chat between host1 and host2.
  • printf "GET /nc.1 HTTP/1.1\nHost: example.com\n\n" | nc example.com 80- make HTTP request to example.com.

Final note

That's all for now, if anything from this post makes your life easier, we'll be very happy!
If you can suggest any other tips and tricks - feel free to comment below. Thanks for reading.

Read more