Network Commands on Linux

A list of useful network commands and how to use them.

Commands

tcpdump

Use tcpdump to dump all the packets that are coming through a network interface.
Capture all packets on an interface.

tcpdump -i eth0
tcpdump -i enp0s31f6

ip

Replaces ifconfig, route, netstat, and more. It's a versatile command for network interface and routing configurations.

ip addr show    # List all interfaces and their IP addresses
ip route show   # Display routing table

ifconfig

Deprecated in favor of ip.

Used for configuring network interfaces.

ifconfig -a # List all interfaces and their status

route

Deprecated in favor of ip route.

Used to view and manipulate the IP routing table.

route -n # Display the routing table

netstat

Considered deprecated in favor of ss.

Shows network status, listening ports, and routing tables.

netstat -tulnp # Show listening TCP and UDP ports with process IDs

ss

Replaces netstat. Used to display various network socket statistics.

ss -tulnp # List listening TCP and UDP ports

ping

Sends ICMP ECHO_REQUEST packets to network hosts.

ping -c 4 google.com # Ping google.com 4 times

traceroute

Prints the route packets take to a network host.

traceroute google.com

mtr

Combines the functionality of traceroute and ping. It provides continuous traceroute and ping statistics.

mtr google.com

nc (netcat)

Swiss army knife for TCP/IP. Used for reading/writing across network connections using TCP or UDP.

nc -l 1234          # Listen on port 1234
nc example.com 1234 # Connect to example.com on port 1234

curl

Tool to transfer data from or to a server. Supports various protocols.

curl https://example.com
curl -o ~/downloaded_file.txt https://example.com/file.txt # Download file.txt

# Silently download file.txt
curl -s -o ~/downloaded_file.txt https://example.com/file.txt 

# Silently download file.txt, and be silent if it fails
curl -sf -o ~/downloaded_file.txt https://example.com/file.txt 

# Follow redirects (like if the file has moved), and be silent even when it fails
curl -sfL -o ~/downloaded_file.txt https://example.com/file.txt 

# Follow redirects (like if the file has moved), fail silently but output error messages if it fails
curl -sfSL -o ~/downloaded_file.txt https://example.com/file.txt 

wget

Similar to curl, used to download files from the web.

wget https://example.com/file.txt  # Download file.txt
wget -O remote_file.txt https://example.com/file.txt # save the file to remote_file.txt

dig

DNS lookup utility.

dig @8.8.8.8 example.com +short

nslookup

Query Internet domain name servers. dig is more powerful, but nslookup is widely used for quick queries.

nslookup example.com

nsupdate

Used for dynamically updating DNS records. Useful for DDNS (Dynamic DNS) services.

# Usage requires a properly configured environment and key.
nsupdate -v update.txt

host

DNS lookup utility, simpler than dig.

host example.com

iperf3

Network speed testing tool.
One machine (server) needs to be ready to receive packets, while another machine (client) sends packets.
Default port used is 5201.
Default packet type is TCP. Use -u for UDP.

# Start an iperf3 server
iperf3 -s
# or
iperf3 --server
iperf3 -c 192.168.4.11 -u -n 20G

• -c: The address to the iperf3 server.
• -u: Use UDP rather than TCP.
• -n: The number of bytes to transmit.
  • Can be K (KB), M (MB), G (GB), or T (TB).
• -P: Allow parallel streams.

Choosing Which Tool to Use

• For modern systems, prefer using ip over ifconfig and route, and ss over netstat for updated functionalities.

  • Replacement for ifconfig is ip addr
  • Replacement for netstat is ss.
  • Replacement for netstat -i: ip -s link.
  • Replacement for netstat -g is ip maddr.

• DNS Troubleshooting: Use dig, host, and nslookup for diagnosing DNS issues.

  • dig is more detailed, while host and nslookup are more straightforward for quick lookups.

• Network Testing: ping, traceroute, and mtr are essential for testing network reachability and path.

  • mtr provides a more detailed path analysis over time.

• Data Transfer and Testing: curl and wget are indispensable for downloading files or exploring HTTP APIs.

  • netcat is invaluable for more low-level TCP/UDP network testing or transferring data.

Files

cat /etc/resolv.conf

This file contains the DNS rules for the system.
This is symlinked to /run/systemd/resolve/stub-resolv.conf on some systems.
You shouldn't edit this file directly.

Using resolvectl status will display details about the uplink DNS servers that are currently in use.

/etc/nsswitch.conf

• https://www.man7.org/linux/man-pages/man5/nsswitch.conf.5.html

Contains the configuration for the Name Switch Service.

This file is responsible for determining the order in which sources are used to resolve names and look up information, such as:

• Hostname resolution
• User and group information (passwd, group)
• Authentication mechanisms
• Network service entries, etc.

The Name Switch Service specifies the order in which name service databases are queried for certain information, like user accounts and hostnames.

It allows the system to determine where to look for this information: local files, DNS (Domain Name System), or network services like NIS and LDAP.

• The first column in this file is the database name.
• The next columns specify service specifications.
• files, db, systemd, sss, nis
• Optional actions to perform if a result is obtained from the previous service.

---

Example from a rocky linux box:

passwd:     files sss systemd
group:      files sss systemd
netgroup:   sss files
automount:  sss files
services:   sss files

Each entry follows the same kind of procedure:

• passwd: files sss systemd
  • files Says to look in /etc/passwd for user account info first
  • sss: Then query the SSSD (System Security Services Daemon), typically used with LDAP or FreeIPA
  • systemd: Finally check the systemd user database (for runtime or transient user accounts)