As system administrators, we deal with various Linux commands every day, among which network-related commands are very frequently involved. In this article, the author will share with you 6 commonly used network commands in Linux. It is strongly recommended to read them all. I believe most of you have used it.
1, ip
The ip command is one of the most fundamental commands every administrator uses in their day-to-day work, from setting up new systems and assigning IPs to troubleshooting existing systems. The ip command can display address information, routes, and display various devices, interfaces, and tunnels in the network.
The syntax is as follows:
ip <OPTIONS> <OBJECT> <COMMAND>
OBJECT is the most important part, supporting the following:
- Address: IPv4 or IPv6 address
- Tunnel: IP-based tunnel
- route: routing table entry
- rule: A rule in the routing policy database
- vrf: Manage virtual routing and forwarding devices
- xfrm: Manage IPSec policies
Display the IP addresses assigned to the interfaces on the server:
[root@wljslmz ~]# ip address show
Assign an IP to an interface, for example enps03:
[root@wljslmz ~]# ip address add 192.168.1.254/24 dev enps03
Delete the IP on the interface:
[root@wljslmz ~]# ip address del 192.168.1.254/24 dev enps03
Change the state of the interface by bringing the interface eth0 online:
[root@wljslmz ~]# ip link set eth0 up
Change the state of the interface by taking the interface eth0 offline:
[root@wljslmz ~]# ip link set eth0 down
Change the state of the interface by changing the MTU of eth0:
[root@wljslmz ~]# ip link set eth0 mtu 9000
Change the state of the interface by enabling promiscuous mode for eth0:
[root@wljslmz ~]# ip link set eth0 promisc on
Add a default route (for all addresses) via the local gateway 192.168.1.254 accessible on device eth0:
[root@wljslmz ~]# ip route add default via 192.168.1.254 dev eth0
Add a route to 192.168.1.0/24 via gateway 192.168.1.254:
[root@wljslmz ~]# ip route add 192.168.1.0/24 via 192.168.1.254
Add a route to 192.168.1.0/24 , accessible on device eth0:
[root@wljslmz ~]# ip route add 192.168.1.0/24 dev eth0
Remove the route for 192.168.1.0/24 via gateway 192.168.1.254:
[root@wljslmz ~]# ip route delete 192.168.1.0/24 via 192.168.1.254
Show the route taken for IP 10.10.1.4:
[root@wljslmz ~]# ip route get 10.10.1.4
2, mtr
mtr, the English full name Matt's traceroute, is used as a network diagnosis and troubleshooting tool, combining the functions of ping and traceroute commands.
The mtr command can display the route from a computer to a specified host, providing a lot of statistics about each hop, such as response time and percentage. Using the mtr command, you can get more information about Luyu and be able to view problematic devices along the way. If you see a sudden increase in response time or packet loss, then it’s clear that there is a bad link somewhere.
The syntax of the command is as follows:
mtr <options> hostname/IP
Let’s look at some common use cases.
The basic mtr command displays statistics, including time and percentage loss for each hostname:
[root@wljslmz ~]# mtr wljslmz.cn
Display numeric IP addresses (if you use -g, you will get the IP address (number) instead of the hostname):
[root@wljslmz ~]# mtr -g wljslmz.cn
Display numeric IP addresses and hostnames:
[root@wljslmz ~]# mtr -b wljslmz.cn
Set the number of pings to send:
[root@wljslmz ~]# mtr -c 10 wljslmz.cn
Get the mtr command result report:
[root@wljslmz ~]# mtr -r -c 10 wljslmz.cn > mtr-command-wljslmz-output
or:
[root@wljslmz ~]# mtr -rw -c 10 wljslmz.cn > mtr-command-wljslmz-output
Force use of TCP instead of ICMP:
[root@wljslmz ~]# mtr –tcp wljslmz.cn
Force the use of UDP instead of ICMP:
[root@wljslmz ~]# mtr –udp wljslmz.cn
Set the maximum number of hops:
[root@wljslmz ~]# mtr -m 35 216.58.223.78
Define the packet size:
[root@wljslmz ~]# mtr -r -s 50 wljslmz.cn
Print to CSV output:
[root@wljslmz ~]# mtr –csv wljslmz.cn
Print to XML output:
[root@wljslmz ~]# mtr –xml wljslmz.cn
3, tcpdump
The tcpdump command is used to capture and display packets.
You can install tcpdump with the following command:
[root@wljslmz ~]# dnf install -y tcpdump
Before starting any capture, you need to know which interfaces tcpdump can use:
[root@wljslmz ~]# tcpdump -D 1 eth0 2 nflog 3 nfqueue 4 usbmon1 5 any 6 lo (Loopback)
If you want to capture traffic on eth0, you can start it with tcpdump -i eth0 example output:
[root@wljslmz ~]# tcpdump -i eth0 [root@wljslmz ~]# tcpdump -i eth0 -c 10
Capture traffic to and from a host
You can filter out traffic from specific hosts. For example, to find traffic from and to 8.8.8.8, use the following command:
[root@wljslmz ~]# tcpdump -i eth0 -c 10 host 8.8.8.8
For traffic from 8.8.8.8, use:
[root@wljslmz ~]# tcpdump -i eth0 src host 8.8.8.8
For outbound traffic to 8.8.8.8, use:
[root@wljslmz ~]# tcpdump -i eth0 dst host 8.8.8.8
Capture traffic to and from the network
You can also capture traffic to and from a specific network with the following command:
[root@wljslmz ~]# tcpdump -i eth0 net 10.1.0.0 mask 255.255.255.0
or:
[root@wljslmz ~]# tcpdump -i eth0 net 10.1.0.0/24
You can also filter based on source or destination.
Based on source (traffic comes from):
[root@wljslmz ~]# tcpdump -i eth0 src net 10.1.0.0/24
Destination based (traffic to):
[root@wljslmz ~]# tcpdump -i eth0 dst net 10.1.0.0/24
Capture traffic to and from the port number
To capture only DNS port 53 traffic:
[root@wljslmz ~]# tcpdump -i eth0 port 53
For a specific host,
[root@wljslmz ~]# tcpdump -i eth0 host 8.8.8.8 and port 53
To capture only HTTPS traffic,
[root@wljslmz ~]# tcpdump -i eth0 -c 10 host www.wljslmz.cn and port 443
To capture all ports except ports 80 and 25,
[root@wljslmz ~]# tcpdump -i eth0 port not 53 and not 25
4, netstat
netstat A tool for printing network connections, routing tables, interface statistics, masquerading connections, and multicast memberships. This utility is part of the net-tool package, sort of like ifconfig, and in the new iproute2 package, the ss tool is used to achieve the same goal.
If netstat is not found on your system, install it with:
[root@wljslmz ~]# dnf install net-tools
Most usages of netstat are without any arguments:
[root@wljslmz ~]# netstat
For advanced usage, netstat extends the command with options:
netstat <options>
Or list the options one by one:
netstat <option 1> <option 2> <option 3>
To list all ports and connections, regardless of state or protocol, use:
[root@wljslmz ~]# netstat -a
List all TCP ports by running:
[root@wljslmz ~]# netstat -at
List all UDP ports:
[root@wljslmz ~]# netstat -au
To return a list of listen-only ports for all protocols, use:
[root@wljslmz ~]# netstat -l
List all listening TCP ports:
[root@wljslmz ~]# netstat -lt
Return only listening UDP ports by running:
[root@wljslmz ~]# netstat -lu
To list UNIX listening ports, use:
[root@wljslmz ~]# netstat -lx
Display statistics for all ports, regardless of protocol:
[root@wljslmz ~]# netstat -s
To list statistics for TCP ports only:
[root@wljslmz ~]# netstat -st
To see TCP connections with PID/program name listed, use:
[root@wljslmz ~]# netstat -tp
To find processes using a specific port number, run:
[root@wljslmz ~]# netstat -an | grep ':<port number>'
5, nslookup
Use the nslookup utility to interactively query Internet name servers, use it to perform DNS queries and receive domain names or IP addresses, or any other specific DNS records.
Find the A record for your domain:
[root@wljslmz ~]# nslookup wljslmz.cn
Check the domain’s NS records:
[root@wljslmz ~]# nslookup -type=ns wljslmz.cn
To find the MX record responsible for email exchange:
[root@wljslmz ~]# nslookup -query=mx wljslmz.cn
To find all available DNS records for a domain:
[root@wljslmz ~]# nslookup -type=any wljslmz.cn
To check the use of a specific DNS server (in this case, query with a specific name server ns1.nswljslmz.cn):
[root@wljslmz ~]# nslookup wljslmz.cn ns1.nswljslmz.cn
It’s common practice to check DNS A records to see a domain’s IP, but sometimes you need to verify that an IP address is associated with a particular domain, and for this, a reverse DNS lookup is required.
[root@wljslmz ~]# nslookup 10.20.30.40
6, ping
ping is a tool that verifies an IP-level connection to another TCP/IP computer by sending an Internet Control Message Protocol (ICMP) Echo Request message, which will display the corresponding Echo Reply message received and the round-trip time, ping is Key TCP/IP commands for troubleshooting connectivity, reachability, and name resolution.
The simple ping command only accepts one parameter: the host name or host IP address you want to verify. A simple ping example is as follows:
[root@wljslmz ~]# ping wljslmz.cn PING wljslmz.cn (216.58.206.174) 56(84) bytes of data. 64 bytes from sof02s27-in-f14.1e100.net (216.58.206.174): icmp_seq=1 ttl=56 time=10.7 ms 64 bytes from sof02s27-in-f14.1e100.net (216.58.206.174): icmp_seq=2 ttl=56 time=10.2 ms 64 bytes from sof02s27-in-f14.1e100.net (216.58.206.174): icmp_seq=3 ttl=56 time=10.4 ms 64 bytes from sof02s27-in-f14.1e100.net (216.58.206.174): icmp_seq=4 ttl=56 time=10.4 ms 64 bytes from sof02s27-in-f14.1e100.net (216.58.206.174): icmp_seq=5 ttl=56 time=17.3 ms ^C --- wljslmz.cn ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 4005ms rtt min/avg/max/mdev = 10.219/11.844/17.381/2.773 ms
Press CTRL+C to stop swiping, otherwise, it will keep pinging until you stop. After each ping command, it will display a summary report with the following information:
- Min: The minimum time it takes to get a response from the host you are pinging.
- Avg: The average time it took to get a response from the host you pinged.
- Max: The maximum time it takes to get a response from the host you are pinging.
Also, you’ll see TTL, which stands for Time to Live. Ping attempts to reach a given host computer through a routing path using a numeric TTL value. This is also known as a hop limit.
Normally, when you run a simple ping command without passing any other parameters, Linux will ping the host host indefinitely, if you want to ping the host ten times, use the following command:
[root@wljslmz ~]# ping -c 10 wljslmz.cn
Use option -q to see only ping statistics summary:
[root@wljslmz ~]# ping -c 10 wljslmz.cn
On systems with multiple interfaces, you can specify which interface the ping command to use, if the system has both eth0 and eth1 and I want to ping to use eth0:
[root@wljslmz ~]# ping -I eth0 wljslmz.cn
Or use the address on the interface, assuming interface 10.233.201.45 as IP:
[root@wljslmz ~]# ping -I 10.233.201.45 wljslmz.cn
You can also ping specifying the IP version as v4 or v6:
[root@wljslmz ~]# ping -4 wljslmz.cn [root@wljslmz ~]# ping -6 wljslmz.cn