Linux is the kernel of an operating system. It was developed by Linus Torvalds completely from scratch. However, it is a UNIX clone. It is developed as open-source software which is inherently very robust and secure. Anybody can install Linux and can make changes to it, creating their own Linux version. These versions of Linux are officially called "distros" or "distributions". Some of the popular Linux versions are:
The unmatched security and stability of the Linux kernel, coupled with the open source nature of it, makes it one of the extensively used software.
Linux is used both in software development and in servers. Most of the devices and embedded systems in the world implement one or the other distribution of Linux. About 90% of the internet servers across the world are Linux servers. And, about 80% of the smartphones in the world run Linux kernel.
Every system in the world is now connected through a network. Networking amongst systems is essential for the exchange of information. Networking in computers speaks about networking both within the network and across the internet. A network can be as small and simple as a home network or as complex as a network for a space station.
Networking includes network configuration and troubleshooting. In this module, we are learning about the Linux networking commands and network troubleshooting.
Linux networking commands are used extensively to inspect, analyze, maintain and troubleshoot the network/s connected to the system.
Let us first know the list of the basic networking commands used in Linux followed by a detailed explanation of each.
Linux ifconfig stands for interface configurator. It is one of the most basic commands used in network inspection.
ifconfig is used to initialize an interface, configure it with an IP address and enable or disable it. It is also used to display the route and the network interface.
Basic information displayed upon using ifconfig are:
This picture shows the IP address of 3 networks, Ethernet, local network and WLAN.
Using this command, you can get details of a specific interface. This is shown below.
ifconfig eth0 ifconfig lo ifconfig wlan0
This command can also be used to assign IP address and Gateway to an interface. However, these details will be reset after the system reboot.
ifconfig eth0 <address> netmask <address>
ifconfig can be used to enable or disable an interface.
To enable an interface
By default, MTU has a size of 1500. This can be however set externally by the user using ifconfig.
Ifconfig eth0 mtu xxxx
xxxx can be replaced by the size of your choice.
This is the latest and updated version of ifconfig command.
This command gives the details of all networks like ifconfig.
This command can also be used to get the details of a specific interface.
ip a show eth0 ip a show lo ip a show wlan0
Linux traceroute is one of the most useful commands in networking. It is used to troubleshoot the network. It detects the delay and determines the pathway to your target. It basically helps in the following ways:
If you don't have the traceroute service installed in your system, you can install it using the following command:
sudo apt-get install inetutils-traceroute
$ traceroute google.com
The output provides the following information:
$ traceroute -n google.com
The output indicates the network delays. The asterisks shown in the output indicates a potential problem in reaching that host. They indicate the packet loss during communication to the network.
Generally, the traceroute command sends UDP packets. It can as well send TCP or ICMP packets.
$ sudo traceroute -I google.com
To send a variant of TCP, use this,
$ sudo traceroute -T google.com
Linux tracepath is similar to traceroute command. It is used to detect network delay. However, it doesn't require root privileges.
It is installed in Ubuntu by default.
It traces the route to the specified destination and identifies each hop in it. If your network is weak, it recognizes the point where the network is weak.
Linux ping is one of the most used network troubleshooting commands. It basically checks for the network connectivity between two nodes.
ping stands for Packet INternet Groper.
The ping command sends the ICMP echo request to check the network connectivity.
It keeps executing until it is interrupted.
Use Ctrl+C Key to interrupt the execution.
$ ping google.com
The ping shows a successful connection to google.com
You can also use the IP address to ping directly.
You can limit the number of packets by including "-c" in the ping command.
ping -c <number> <destination>
You can specify the c count and limit the response packets to that.
The command is used to measure the average response. If there is no response for ping command, you can assume one of the following issues with the network:
Note: The response rate of the ping command will be affected by the connection at your system and also the location of the server you are pinging to. So expect a delay in the response if the connection at your point is weak.
Linux netstat command refers to the network statistics.
It provides statistical figures about different interfaces which includes open sockets, routing tables and connection information.
Observe the output displaying all the open sockets.
Variations in netstat command
Below are few variations of the netstat command used.
1) To display the programs
This displays the programs associated with the open socket.
2) To get the details of the ports
This gives detailed statistics of all the ports.
3) To get the information of the routing table
This gives information related to the routing table.
Linux ss command is the replacement for netstat command. It is regarded as a much faster and more informative command than netstat.
The faster response of ss is possible as it fetches all the information from within the kernel userspace.
This command gives information about all TCP, UDP, and UNIX socket connections.
You can use -t , -u, -x in the command respectively to show TCP/UDP or UNIX sockets. You can combine each of this with "a" to show the connected and listening sockets.
ss -ta ss -ua ss -xa
If you want to see only the listening sockets of TCP/UDP or UNIX sockets, combine it with "l"
ss -lt ss -lu ss -lx
$ ss -t4 state established
$ ss -t4 state closed
$ ss dst XXX.XXX.XXX.XXX
Linux dig command stands for Domain Information Groper. This command is used in DNS lookup to query DNS name server. It is also used to troubleshoot DNS related issues.
It is mainly used to verify DNS mappings, MX Records, host addresses and all other DNS records for a better understanding of the DNS topography.
This command is an improvised version of nslookup command.
$ dig google.com
dig command outputs the A records by default. If you want to specifically search for MX or NS type, use the syntax below.
$ dig google.com MX
$ dig google.com ANY
The dig command does the query on the servers listed in /etc/resolv.conf.
Linux nslookup is also a command used for DNS related queries. It is the older version of dig.
As we see in the output above, it displays the record information relating to
Linux route command displays and manipulates the routing table existing for your system.
A router is basically used to find the best way to send the packets across to a destination.
The above output displays all the existing routing table entries for the system. It says that if the destination address is within the network range of 10.0.0.0 to 10.0.0.255, then the gateway is *, which 0.0.0.0. This is a special address which indicates a non-existent destination.
The packets which lie outside this network range will be forwarded to the default gateway, which is further routed.
You can use -n in the option in the syntax to display the output in complete numerical form.
The packets that are not within the range are forwarded to the specific gateway. You can specify the gateway address using the following command.
route add default gw <IP address>
The kernel maintains all the routing cache information in a table for faster routing. To list the routing cache information, use the following command,
Linux host command displays the domain name for a given IP address and IP address for a given hostname. It is also used to fetch DNS lookup for DNS related query.
host javatpoint.com host 188.8.131.52
You can combine the host command with -t, and get DNS resource records like SOA, NS, A, PTR, CNAME, MX, SRV.
host -t <resourceName>
Linux arp command stands for Address Resolution Protocol. It is used to view and add content to kernel's ARP table.
All the systems maintain a table of IP addresses and their corresponding MAC addresses. This table is called the ARP Lookup table. When a destination is requested to connect through IP address, your router will check for the MAC address in this table. If it is cached, the table will not be used.
By default, arp displays the hostnames. You can get the IP addresses, by using :
$ arp -n
You can also delete the entries from the arp table, as shown below.
$ arp -d HWADDR
Linux iwconfig is used to configure the wireless network interface. It is used to set and view the basic WI-FI details like SSID and encryption. To know more about this command, refer to the man page.
Linux hostname is the simple command used to view and set the hostname of a system.
Use the syntax below to set the hostname.
sudo hostname <newName>
The hostname set through this command is not permanent. It will be reset to the name in hostname file back when the system reboots.
In order to permanently set a hostname, you have to re-write the hostname in hostname file, present on the server. Once set, you have to reboot the box.
In Ubuntu, /etc/hostname file is used.
In RHEL, /etc/sysconfig/network is used.
Linux curl and wget commands are used in downloading files from the internet through CLI. The curl command has to be used with an option "O" to fetch the file, while the wget command is used directly.
Below are the syntax and the example for the two commands.
curl -O <fileLink>
curl -O google.com/doodles/childrens-day-2014-multiple-countries
Linux mtr command is a combination of ping and the traceroute command. It continuously displays information regarding the packets sent with the ping time of each hop. It is also used to view the network issues.
$ mtr google.com
You can use mtr with –report option. It sends 10 packets to each hop that is found on the way.
$ mtr --report <path>
Linux whois command is used to fetch all the information related to a website. You can get all the information about a website including the registration and the owner information.
Linux ifplugstatus command is used to check if a cable is plugged into the network interface. This command is not directly available on Ubuntu. You can install this using the command below:
sudo apt-get install ifplugd
In the output above, "link beat detected" means that the cable is plugged in.
Linux iftop command is used in traffic monitoring.
Use the following command to download iftop on your system.
$ wget http://www.ex-parrot.com/pdw/iftop/download/iftop-0.17.tar.gz
This will give a zip file. To extract it, use the following command,
$ tar zxvf iftop-0.17.tar.gz
You can compile this using,
$ cd iftop-0.17 $ ./configure $ make $ make install
Now, run the tool as a root user,
$ sudo iftop -I <interface>
You can view the ports using the -P option in command like this,
$ sudo iftop -P
You can use -B command to get the data in bytes, instead of bits (which is shown by default).
$ iftop -B
Linux tcpdump command is the most used command in network analysis among other Linux network commands. It captures the traffic that is passing through the network interface and displays it.
This kind of access to the packet will be crucial when troubleshooting the network.
$ tcpdump -i <network_device>
You can also specify the protocol (TCP, UDP, ICMP, and others) in the command like this,
$ tcpdump -i <network_device> tcp
To specify the port, use the command,
$ tcpdump -i <network_device> port 80
tcpdump command keeps executing and sending packets unless canceled. Hence you can specify the number of events to be captured to control the continuous execution.
$ tcpdump -c 20 -i <network_device>
You can also specify the IP you are capturing from, using the tag src or dst.
$ tcpdump -c 20 -i <network_device> src XXX.XXX.XXX.XXX
You can save the network traffic captured at an instant, into a file and use it later. This can be done using the command below,
a) Save into a file
$ tcpdump -w /path/ -i <network_device>
b) Read from the file
$ tcpdump -r /path
These were the most essential network commands in Linux that are used frequently for network analysis and troubleshooting.
|Red Hat Certified Engineer||Linux Security Fundamentals|
|Linux Networking||Linux Administration|
|Linux Cluster||IBM LinuxONE|
Free Demo for Corporate & Online Trainings.