A reference list of Linux utilities and commands makes managing servers and networks easier.
If you're a sysadmin, your daily tasks include managing servers and the data center's network. The following Linux utilities and commands—from basic to advanced—will help make network management easier.
In several of these commands, you'll see <fqdn>
, which stands for "fully qualified domain name." When you see this, substitute your website URL or your server (e.g., server-name.company.com
), as the case may be.
As the name suggests, ping
is used to check the end-to-end connectivity from your system to the one you are trying to connect to. It uses ICMP echo packets that travel back to your system when a ping is successful. It's also a good first step to check system/network connectivity. You can use the ping
command with IPv4 and IPv6 addresses. (Read my article "How to find your IP address in Linux" to learn more about IP addresses.)
Syntax:
ping <ip address>/<fqdn>
ping6 <ip address>/<fqdn>
You can also use ping
to resolve names of websites to their corresponding IP address, as shown below:
ping
checks end-to-end connectivity, the
traceroute
utility tells you all the router IPs on the path you travel to reach the end system, website, or server.
traceroute
is usually is the second step after
ping
for network connection debugging.
Syntax:
traceroute <ip address>/<fqdn>
Syntax:
telnet <ip address>/<fqdn>
is used to telnet into any server.The network statistics (netstat
) utility is used to troubleshoot network-connection problems and to check interface/port statistics, routing tables, protocol stats, etc. It's any sysadmin's must-have tool.
Syntax:
netstat -l
shows the list of all the ports that are in listening mode.netstat -a
shows all ports; to specify only TCP, use -at
(for UDP use -au
).netstat -r
provides a routing table.netstat -s
provides a summary of statistics for each protocol.netstat -i
displays transmission/receive (TX/RX) packet statistics for each interface.nmcli
is a good utility for managing network connections, configurations, etc. It can be used to control Network Manager and modify any device's network configuration details.
Syntax:
nmcli device
lists all devices on the system.
nmcli device show <interface>
shows network-related details of the specified interface.
nmcli connection
checks a device's connection.
nmcli connection down <interface>
shuts down the specified interface.
nmcli connection up <interface>
starts the specified interface.
nmcli con add type vlan con-name <connection-name> dev <interface> id <vlan-number> ipv4 <ip/cidr> gw4 <gateway-ip>
adds a virtual LAN (VLAN) interface with the specified VLAN number, IP address, and gateway to a particular interface.
There are many commands you can use to check and configure routing. Here are some useful ones:
Syntax:
ip route
shows all the current routes configured for the respective interfaces.route add default gw <gateway-ip>
adds a default gateway to the routing table.route add -net <network ip/cidr> gw <gateway ip> <interface>
adds a new network route to the routing table. There are many other routing parameters, such as adding a default route, default gateway, etc.route del -net <network ip/cidr>
deletes a particular route entry from the routing table.ip neighbor
shows the current neighbor table and can be used to add, change, or delete new neighbors.arp
(which stands for address resolution protocol) is similar to ip neighbor
. arp
maps a system's IP address to its corresponding MAC (media access control) address.Linux provides many packet-capturing tools like tcpdump
, wireshark
, tshark
, etc. They are used to capture network traffic in packets that are transmitted/received and hence are very useful for a sysadmin to debug any packet losses or related issues. For command-line enthusiasts, tcpdump
is a great tool, and for GUI users, wireshark
is a great utility to capture and analyze packets. tcpdump
is a built-in Linux utility to capture network traffic. It can be used to capture/show traffic on specific ports, protocols, etc.
Syntax:
tcpdump -i <interface-name>
shows live packets from the specified interface. Packets can be saved in a file by adding the -w
flag and the name of the output file to the command, for example: tcpdump -w <output-file.> -i <interface-name>
.tcpdump -i <interface> src <source-ip>
captures packets from a particular source IP.tcpdump -i <interface> dst <destination-ip>
captures packets from a particular destination IP.tcpdump -i <interface> port <port-number>
captures traffic for a specific port number like 53, 80, 8080, etc.tcpdump -i <interface> <protocol>
captures traffic for a particular protocol, like TCP, UDP, etc.iptables
is a firewall-like packet-filtering utility that can allow or block certain traffic. The scope of this utility is very wide; here are some of its most common uses.
Syntax:
iptables -L
lists all existing iptables
rules.iptables -F
deletes all existing rules.The following commands allow traffic from the specified port number to the specified interface:
iptables -A INPUT -i <interface> -p tcp –dport <port-number> -m state –state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o <interface> -p tcp -sport <port-number> -m state – state ESTABLISHED -j ACCEPT
The following commands allow loopback access to the system:
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
The nslookup
tool is used to obtain IP address mapping of a website or domain. It can also be used to obtain information on your DNS server, such as all DNS records on a website (see the example below). A similar tool to nslookup
is the dig
(Domain Information Groper) utility.
Syntax:
nslookup <website-name.com>
shows the IP address of your DNS server in the Server field, and, below that, gives the IP address of the website you are trying to reach.nslookup -type=any <website-name.com>
shows all the available records for the specified website/domain.Here is a summary of the necessary commands and files used to troubleshoot interface connectivity or related network issues.
Syntax:
ss
is a utility for dumping socket statistics.nmap <ip-address>
, which stands for Network Mapper, scans network ports, discovers hosts, detects MAC addresses, and much more.ip addr/ifconfig -a
provides IP addresses and related info on all the interfaces of a system.ssh -vvv user@<ip/domain>
enables you to SSH to another server with the specified IP/domain and username. The -vvv
flag provides "triple-verbose" details of the processes going on while SSH'ing to the server.ethtool -S <interface>
checks the statistics for a particular interface.ifup <interface>
starts up the specified interface.ifdown <interface>
shuts down the specified interface.systemctl restart network
restarts a network service for the system./etc/sysconfig/network-scripts/<interface-name>
is an interface configuration file used to set IP, network, gateway, etc. for the specified interface. DHCP mode can be set here./etc/hosts
this file contains custom host/domain to IP mappings./etc/resolv.conf
specifies the DNS nameserver IP of the system./etc/ntp.conf
specifies the NTP server domain.на главную сниппетов