Useful Linux networking commands and tools

Networking Reference

Linux Network
Commands & Tools

This is a practical overview of useful Linux networking commands and tools. Some older tools are still available, but modern Linux systems usually prefer commands from iproute2, nftables, NetworkManager and newer wireless utilities.

iproute2
ss
nftables
nmap
tcpdump

Basics & Diagnostics

1. Interfaces & 2. Sockets

1. Basic network interface information

Show IP addresses and interfaces:

ip addr

Short readable output:

ip -br addr

Show link state and MAC addresses:

ip link

Show interface statistics:

ip -s link

Show the default route:

ip route

Check which interface would be used to reach a destination:

ip route get 8.8.8.8

Legacy equivalents:

ifconfig
route
arp

Modern replacements:

ifconfig -> ip addr / ip link
route -> ip route
arp -> ip neigh
netstat -> ss

2. Socket and listening port diagnostics

Show listening TCP ports with PID and program name:

sudo ss -ltnp

Show listening TCP and UDP ports:

sudo ss -ltnup

Show established TCP connections:

sudo ss -tnp state established

Show all sockets:

sudo ss -ap

Find which process is listening on port 8080:

sudo ss -ltnp ‘sport = :8080’

Alternative using lsof:

sudo lsof -nP -iTCP -sTCP:LISTEN

Show which process owns a specific port:

sudo lsof -nP -iTCP:8080 -sTCP:LISTEN

Resolution & Path

3. DNS & 4. Connectivity Testing

3. DNS tools

Query DNS records with dig:

dig example.com

Query a specific DNS record type:

dig example.com A
dig example.com AAAA
dig example.com MX
dig example.com TXT

Query a specific DNS server:

dig @1.1.1.1 example.com

Reverse DNS lookup:

dig -x 8.8.8.8

Simple DNS lookup:

host example.com

Interactive or simple DNS query:

nslookup example.com

Whois lookup:

whois example.com

4. Connectivity and route testing

Basic ICMP test:

ping 8.8.8.8

IPv4-only ping:

ping -4 example.com

IPv6-only ping:

ping -6 example.com

Trace route path:

traceroute example.com

Trace path without requiring raw socket privileges on many systems:

tracepath example.com

Combined ping and traceroute diagnostic:

mtr example.com

Generate a report with mtr:

mtr -rw example.com

Performance & Discovery

5. Port Scanning & 6. Bandwidth Testing

5. Port scanning and service discovery

Scan common ports on a host:

nmap example.com

Scan a specific IP:

nmap 192.168.1.1

Detect service versions:

nmap -sV 192.168.1.1

Scan all TCP ports:

nmap -p- 192.168.1.1

Scan selected ports:

nmap -p 22,80,443 192.168.1.1

Important: scan only your own systems or systems where you have permission.

6. Bandwidth and speed testing

Measure bandwidth between two machines with iperf3.

On the server side:

iperf3 -s

On the client side:

iperf3 -c SERVER_IP

Reverse direction test:

iperf3 -c SERVER_IP -R

UDP test:

iperf3 -c SERVER_IP -u -b 50M

Internet speed test:

speedtest

Some distributions provide speedtest-cli, but the official Ookla tool is often named speedtest.

Traffic Analysis

7. Live Monitoring & 8. Packet Capture

7. Live bandwidth monitoring

Show bandwidth usage per interface:

bmon

Simple live interface bandwidth:

nload

Per-process network usage:

sudo nethogs

Show bandwidth usage by connection:

sudo iftop

Interface statistics:

ifstat

Long-term traffic statistics:

vnstat

Show vnStat summary:

vnstat

Show traffic for one interface:

vnstat -i eth0

8. Packet capture and protocol analysis

Capture packets on an interface:

sudo tcpdump -i eth0

Capture only traffic on port 443:

sudo tcpdump -i eth0 port 443

Capture traffic to or from a specific host:

sudo tcpdump -i eth0 host 192.168.1.10

Save capture to a file:

sudo tcpdump -i eth0 -w capture.pcap

Read a capture file:

tcpdump -r capture.pcap

Wireshark provides a graphical protocol analyzer and can open .pcap files created by tcpdump.

wireshark

Text-mode Wireshark tool:

tshark

Application Layer

9. HTTP Testing & 10. Netcat/Socat

9. HTTP, HTTPS and API testing

Download or test a URL with curl:

curl https://example.com

Show HTTP response headers:

curl -I https://example.com

Follow redirects:

curl -L https://example.com

Verbose TLS and HTTP debugging:

curl -v https://example.com

Download a file with wget:

wget https://example.com/file.zip

Alternative human-friendly HTTP client:

http https://example.com

Check a TLS certificate manually:

openssl s_client -connect example.com:443 -servername example.com

10. Netcat, Ncat and Socat

Test whether a TCP port is reachable:

nc -vz example.com 443

Listen on a local TCP port:

nc -l -p 9000

Connect to a TCP port:

nc 127.0.0.1 9000

Ncat is the modern Nmap Project implementation of netcat:

ncat example.com 443

Socat can connect two bidirectional byte streams. Example TCP listener:

socat TCP-LISTEN:9000,fork STDOUT

Forward local TCP port 9000 to another host:

socat TCP-LISTEN:9000,fork TCP:192.168.1.10:80

WebSocket forwarding tool:

websocat ws://127.0.0.1:8080

Management

11. SSH, 12. DHCP & 13. Wireless Tools

11. SSH and secure remote administration

Connect to a remote server:

ssh user@server.example.com

Use a custom SSH port:

ssh -p 2222 user@server.example.com

Copy a file over SSH:

scp file.txt user@server.example.com:/tmp/

Synchronize files efficiently:

rsync -avz ./local/ user@server.example.com:/remote/

Create a local SSH tunnel:

ssh -N -L 127.0.0.1:8080:remote.example.com:80 user@gateway.example.com

Create a SOCKS proxy:

ssh -N -D 127.0.0.1:1080 user@gateway.example.com

12. DHCP and address assignment

Request an IP address with dhclient:

sudo dhclient eth0

Release DHCP lease:

sudo dhclient -r eth0

On systems managed by NetworkManager, use nmcli instead:

nmcli device status
nmcli connection show
sudo nmcli connection up CONNECTION_NAME
sudo nmcli connection down CONNECTION_NAME

Text user interface for NetworkManager:

nmtui

13. Wireless tools

Modern Wi-Fi diagnostics should use iw:

iw dev

Show link status:

iw dev wlan0 link

Scan nearby Wi-Fi networks:

sudo iw dev wlan0 scan

Legacy wireless-tools commands:

iwconfig
iwlist
iwspy
iwpriv

These older Wireless Extensions tools are legacy. For modern drivers and current Linux systems, prefer iw, nmcli, nmtui, NetworkManager or iwd.

Advanced Defense

14. Firewall, 15. Packet Tools, 16. IDS & 17. Routing

14. Firewall, NAT and packet filtering

Modern native Linux firewall tool:

nft

Show nftables ruleset:

sudo nft list ruleset

Legacy iptables rules:

sudo iptables -L -n -v

Show NAT rules:

sudo iptables -t nat -L -n -v

Many modern distributions use nftables directly or through an iptables-nft compatibility backend.

Simple UFW firewall commands:

sudo ufw status verbose
sudo ufw allow 22/tcp
sudo ufw enable

firewalld commands:

sudo firewall-cmd –list-all
sudo firewall-cmd –add-service=ssh –permanent
sudo firewall-cmd –reload

15. Advanced packet tools

hping3 can craft and analyze TCP/IP packets. Use only on systems and networks where you have permission.

sudo hping3 -S -p 80 example.com

ngrep applies grep-like filtering to network traffic:

sudo ngrep -d eth0 port 80

netsniff-ng is a high-performance network toolkit:

sudo netsniff-ng -i eth0

tcptrack displays TCP connection information on an interface:

sudo tcptrack -i eth0

16. Intrusion detection and monitoring

Snort is a network intrusion detection and prevention system.

snort

Suricata is another modern IDS/IPS engine often used for network security monitoring.

suricata

SmokePing can monitor network latency over time.

smokeping

darkstat captures network traffic statistics and provides usage graphs.

darkstat

arpwatch monitors Ethernet/IP address pair changes and can help detect unexpected ARP activity.

arpwatch

17. Routing daemons

gated is historically known as a gateway routing daemon, but it is not a normal modern choice for new Linux routing setups.

Modern routing suites include:

FRRouting / FRR
BIRD

FRR supports common routing protocols such as BGP, OSPF, RIP and IS-IS.

Summaries

18. Legacy Tools & 19. Practical Command Groups

18. Legacy tools that may still be useful

The net-tools package includes older commands:

arp
hostname
ifconfig
netstat
route
rarp
slattach
mii-tool
iptunnel
ipmaddr

These commands can still be useful on older systems or in old documentation, but for modern Linux administration prefer:

ip addr instead of ifconfig
ip route instead of route
ip neigh instead of arp
ss instead of netstat
iw instead of iwconfig / iwlist
nft instead of direct legacy iptables where possible

19. Practical command groups

Quick interface and route check:

ip -br addr
ip route
ip route get 8.8.8.8

Quick listening port check:

sudo ss -ltnup

Quick DNS check:

dig example.com
host example.com

Quick path and latency check:

ping 8.8.8.8
mtr -rw example.com

Quick service scan:

nmap -sV SERVER_IP

Quick bandwidth test between two Linux machines:

iperf3 -s
iperf3 -c SERVER_IP

Quick packet capture:

sudo tcpdump -i eth0 -w capture.pcap

Quick process-by-port check:

sudo ss -ltnp ‘sport = :443’
sudo lsof -nP -iTCP:443 -sTCP:LISTEN

Appendix

20. Tool list by purpose

Interface and routing:
ip, iproute2, nmcli, nmtui, ethtool

Sockets and processes:
ss, lsof

DNS:
dig, host, nslookup, whois

Connectivity diagnostics:
ping, traceroute, tracepath, mtr

Port scanning:
nmap, ncat

Bandwidth testing:
iperf3, netperf, speedtest

Live traffic monitoring:
bmon, nload, iftop, ifstat, nethogs, vnstat, bwm-ng, slurm

Packet capture and analysis:
tcpdump, tshark, Wireshark, ngrep, netsniff-ng

HTTP and downloads:
curl, wget, httpie

Remote administration and transfer:
ssh, scp, rsync, sftp

Firewall and NAT:
nftables/nft, iptables, ufw, firewalld

Wireless:
iw, nmcli, nmtui, iwd, legacy wireless-tools

IDS and security monitoring:
snort, suricata, arpwatch, smokeping, darkstat

Advanced stream and socket tools:
netcat, ncat, socat, websocat

Routing daemons:
FRRouting/FRR, BIRD

In short: old commands such as netstat, ifconfig and route may still appear in tutorials, but modern Linux networking is usually built around ip, ss, nft, iw, nmcli, tcpdump, mtr, iperf3 and nmap.

Komentáře jsou uzavřeny.