Top Linux Networking Commands

List of the Top Networking Commands in Linux

Linux has a set of networking commands that can be used to configure network interfaces, troubleshoot network issues, monitor network traffic, and many more tasks. The following is a list of basic networking commands in Linux.

1. ifconfig
2. ip
3. traceroute
4. tracepath
5. ping
6. netstat
7. ss
8. dig
9. nslookup
10. route
11. host
12. arp
13. iwconfig
14. hostname
15. curl or wget
16. mtr
17. whois
18. ifplugstatus
19. iftop
20. tcpdum

Linux Networking Commands with Examples

1. ifconfig

In Linux, the command "ifconfig" stands for "interface configurator." It is a fundamental command for network inspection and management. The primary purpose of ifconfig is to initialize a network interface, configure it with an IP address, and enable or disable it as needed. It also provides information about the network route and details about the network interfaces present in the system.

When you use ifconfig, it displays essential information related to the network interface, including:

IP address: The IP address assigned to the interface, which identifies it on the network.

MAC address: The MAC (Media Access Control) address, also known as the hardware address or Ethernet address, is a unique identifier for the network interface.

MTU (Maximum Transmission Unit): MTU refers to the maximum packet size that can be transmitted over the network interface without fragmentation.

2. ip

This is the new and updated version of the ifconfig command. The "ip" command is a highly capable and flexible command-line tool in Linux that is used for network configuration, administration, and troubleshooting.

Syntax

3. traceroute

Traceroute in Linux is an invaluable networking command for troubleshooting network issues. It assists in identifying delays and establishing the route to a target destination, offering the following benefits:

Identification of Devices: It furnishes the names and recognizes each device along the path taken by the network packets.

Route Tracking: It traces the route followed by the packets to reach the intended destination, showing each intermediate hop.

Latency Detection: It helps determine the source of network latency or delays by reporting the time taken by packets to reach each hop.

Syntax

If the traceroute service is not installed on your system, you can install it by executing the following command:

Example

The output of the traceroute command includes the following details:

Specified Hostname: The hostname or IP address that was specified as the target destination.

Packet Size: The size of the packets being sent during the traceroute process. This helps determine the network's response to different packet sizes.

Maximum Number of Hops: The maximum number of hops or network devices that the traceroute command will attempt to reach before terminating. This parameter helps in setting a limit for the traceroute process.

IP Address: The IP address of each intermediate hop along the route to the destination. This provides information about the network devices that the packets traverse.

It will continue to execute until it is interrupted. To halt the execution, press Ctrl+C.

4. tracepath

Tracepath in Linux is comparable to the traceroute command and serves the purpose of identifying network delays. Unlike traceroute, tracepath does not necessitate root privileges for its execution. In Ubuntu, tracepath is pre-installed by default. Tracepath recognizes and highlights each hop along the way to a specified destination by tracing the path. Tracepath assists in determining the specific area where the network weakens or experiences latency when the network connection is substandard.

Syntax

It will continue to execute until it is interrupted. To halt the execution, press Ctrl+C.

5. ping

In Linux networking, the ping command is a utility that is used to evaluate the reachability and round-trip time (RTT) of a network host or IP address. It sends ICMP Echo Request packets to the given location and then waits for ICMP Echo Reply packets. Ping can determine network latency or delay by measuring the time it takes packets to travel to the destination and back. It essentially tests network connectivity between two nodes. The ping command in Linux is utilized to calculate the average response time. When no response is received from the ping command, it indicates potential issues with the network, which could be attributed to the following:

• Physical problems causing network loss.
• Dysfunctional or incorrect destination address.
• Blocking of ping requests by the target system.
• Potential problems with the routing table.

It's important to note that the response rate of the ping command can be affected by both the quality of the connection in your system and the location of the server being pinged. If the connection at your end is weak, you might experience delays in receiving responses. The basic syntax of the ping command is as follows:

Syntax

You can limit the number of packets sent by including "-c" in the ping command.

6. netstat

The Linux netstat command is used to display network statistics. It provides information about network connections, open sockets, routing tables, and various network interface statistics. By using netstat, you can obtain details about established connections, listening ports, network protocols in use, and other network-related information. It is a useful tool for monitoring and troubleshooting network activity on a Linux system.

Syntax

Here are some commonly used options:

-a or --all: Displays all listening and non-listening sockets, including those in the LISTEN and CLOSED states.

-t or --tcp: Shows TCP connections only.

-u or --udp: Displays UDP connections only.

-l or --listening: Shows only listening sockets.

-p or --program: Displays the process ID (PID) and name that corresponds to each socket.

-r or --route: Shows the kernel routing table.

-s or --statistics: Displays summary statistics for each protocol.

-c or --continuous: Updates the netstat display continuously, providing real-time information.

-i or --interfaces: Shows a list of network interfaces and their statistics.

You can refer to the netstat manual man netstat for a complete list of options and their descriptions.

7. ss

The ss command is considered a replacement for the netstat command in Linux and is often preferred due to its improved speed and more detailed output. The ss command stands for "socket statistics" and provides information about network sockets, connections, and network interface statistics.

Syntax

When no option is used ss displays a list of open non-listening sockets (e.g. TCP/UNIX/UDP) that have established connection.

Here are some commonly used options:

ss -t -a- Display all TCP sockets.

ss -t -a -Z-Display all TCP sockets with process SELinux security contexts.

ss -u -a-Display all UDP sockets.

You can refer to the netstat manual man ss for a complete list of options and their descriptions.

8. dig

The dig command is a versatile tool used to query DNS name servers. It performs DNS lookups and displays the responses received from the queried name servers. Dig is commonly used by DNS administrators to troubleshoot DNS issues due to its flexibility, user-friendliness, and clear output. Compared to other lookup tools, dig offers more functionality. Typically used with command-line arguments, dig also supports a batch mode where lookup requests can be read from a file. By using the -h option, a summary of the command-line arguments and options is displayed. The BIND 9 implementation of dig allows multiple lookups to be performed from the command line.

Syntax

The dig command provides a variety of options to customize its behavior and obtain specific DNS information. Here are some commonly used options with dig:

@server: Specifies the DNS server to query.

hostname: Specifies the domain name to look up.

-t type: Specifies the DNS record type to query (e.g., A, MX, NS, CNAME, TXT).

-c class: Specifies the DNS record class to query (e.g., IN for Internet, CH for Chaosnet).

+short: Displays only the concise output, showing only the queried data.

+trace: Performs a trace route of DNS queries, showing the path and responses from each DNS server.

+recurse: Enables recursive querying, allowing the DNS server to resolve the query recursively.

+norecurse: Disables recursive querying, forcing the DNS server to provide a non-recursive response.

+noall: Suppresses all additional information and shows only the answer section.

+stats: Displays query statistics, including the time taken to process the query.

+tcp: Forces the use of TCP for DNS queries instead of UDP. +ignore: Ignores truncation errors and displays the response even if it exceeds the maximum UDP packet size.

-x IP: Performs a reverse DNS lookup for the specified IP address.

9. nslookup

The nslookup is a tool used to query domain name servers on the Internet. It offers two modes: interactive and non-interactive. In interactive mode, users can query name servers for information about different hosts and domains, as well as retrieve a list of hosts within a domain. Non-interactive mode, on the other hand, is used to obtain specific information about a host or domain, displaying only the requested details. It is the older version of dig.

Syntax

10. route

Route is a command-line tool that allows manipulation of the IP routing tables in the kernel. Its main purpose is to establish static routes to specific hosts or networks via a network interface. It is typically used after configuring the interface with the ifconfig(8) program.

Syntax:

The route command provides several options to manipulate and display routing information. Here are some common options: -v, --verbose - be verbose

-n, --numeric - don't resolve names

-e, --extend - display other/more information

-F, --fib - display Forwarding Information Base (default)

-C, --cache - display routing cache instead of FIB

11. host

The host command is a straightforward tool used for conducting DNS lookups. Its primary purpose is to convert domain names to IP addresses and vice versa. When used without any arguments or options, the host provides a concise summary of its command line arguments and options.

Syntax

The host command provides various options to customize its functionality. Here are some common options:

Syntax

-a or --all: Displays all available information about the queried host, including IP addresses, aliases, and additional DNS record types.

-4 or --ipv4: Forces host to use IPv4 only for DNS queries.

-6 or --ipv6: Forces host to use IPv6 only for DNS queries.

-t <type> or --type=<type>: Specifies the DNS record type to query. Common types include A, AAAA, MX, NS, CNAME, and TXT.

-r or --trace: Performs a trace route to the queried host, displaying the network path taken.

12. arp

ARP is a tool that allows you to control or view the IPv4 network neighbor cache of the kernel. With ARP, you can perform actions such as adding entries to the cache, deleting specific entries, or displaying the current contents of the cache. Address Resolution Protocol (ARP) is a protocol used to determine the Media Access Control (MAC) address of a network nneighborbased on its IPv4 address.

Syntax

Here are some common options that can be used with the ARP command:

-a or --all: Displays all entries in the ARP cache.

-d or --delete: Deletes an entry from the ARP cache. You need to specify the IP address of the entry to be deleted.

-s or --set: Adds a static entry to the ARP cache. You need to provide the IP address and the corresponding MAC address.

-n or --numeric: Displays ARP cache entries without resolving hostnames.

-v or --verbose: Provides detailed output, including more information about the ARP cache.

13. iwconfig

Linux iwconfig is a command-line utility used for configuring and displaying information about wireless network interfaces. It is primarily used to manage and view various parameters related to Wi-Fi settings.

Syntax

14. hostname

The hostname command is used to retrieve and configure the DNS name of a system, as well as to view or modify its hostname and NIS (Network Information Service) domain name.

To set a new hostname, use the hostname command along with the desired hostname. Replace <new_hostname> with the hostname you want to set.

Syntax

When using the hostname command to set the hostname in Linux, it's important to note that the change made through this command is not permanent by default. This means that the hostname will revert to the name specified in the /etc/hostname file when the system is restarted. To permanently set a hostname, you must re-write the hostname in the server's hostname file. After that, you must reboot the box.

The /etc/hostname file is used in Ubuntu.

The /etc/sysconfig/network is used in RHEL.

15. curl or wget

The curl and wget commands in Linux are used to download files from the internet via the command line interface. The curl command must be used with the option "O" to fetch the file, whereas the wget command can be used directly.

Syntax

16. mtr

MTR is a network diagnostic tool that combines the functionalities of traceroute and ping programs into one. When you run MTR, it examines the network connection between the computer running MTR and a specified hostname. MTR continuously displays information about the packets it sends, including the ping time for each hop along the network route. This allows you to monitor the network performance in real time and observe any fluctuations or issues that may arise. By showing the ping time at each hop, MTR provides insight into the latency or delay experienced at different points in the network path.

Syntax

Example:

Output:

17. whois

The whois command in Linux is a utility for retrieving information about a domain name or an IP address from a WHOIS database. While it can reveal some information about a website, such as registration and owner information, the availability and extent of the information depends on the domain registry and the owner's privacy settings.

Syntax

18. ifplugstatus

Ifplugstatus is a utility that can be utilized to determine the connection status of a local Linux ethernet device. It operates similarly to other tools like mii-diag, mii-tool, and ethtool. In fact, it is compatible with all three APIs employed by these tools. Additionally, ifplugstatus also supports link checking using the IFF_RUNNING interface flag, which is supported by most contemporary drivers, not just for ethernet devices. Moreover, it can verify association status using the wireless extension API for WLAN devices.

Syntax

If ifplugstatus is not installed in the system, you can install using the following command:

19. iftop

Iftop is a network monitoring tool that captures network traffic on a specified interface or, if not specified, on the first external-looking interface it detects. It then presents a table showing the current bandwidth usage between pairs of hosts. It is important to run iftop with appropriate permissions to monitor all network traffic on the selected interface. By default, if the top performs hostname lookups for the addresses found in network packets. However, this can generate a significant amount of additional traffic and potentially lead to a cluttered display. To avoid this, you can use filter codes such as "not port domain" to suppress the display of DNS traffic. Alternatively, you have the option to disable hostname lookups entirely by using the -n option or pressing "r" while the program is running.

Syntax

20. tcpdum

Tcpdump is a tool that analyzes packets on a network interface based on a given boolean expression. It displays a description of the packet contents along with a time stamp. By default, the time stamp shows hours, minutes, seconds, and fractions of a second since midnight. Tcpdump can also be used with the -w flag to save the packet data to a file for future analysis. Additionally, the -r flag allows it to read packets from a saved packet file instead of directly from a network interface.

Syntax