Projects

User Tools

Site Tools

Trace: netguide
projects:cheatsheets:netguide

Aaron Kili

A Linux Sysadmin's Guide to Network Management,

$ ifconfig

enp1s0 Link encap:Ethernet HWaddr 28:d2:44:eb:bd:98 

   inet addr:192.168.0.103 Bcast:192.168.0.255 Mask:255.255.255.0
   inet6 addr: fe80::8f0c:7825:8057:5eec/64 Scope:Link
   UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
   RX packets:169854 errors:0 dropped:0 overruns:0 frame:0
   TX packets:125995 errors:0 dropped:0 overruns:0 carrier:0
   collisions:0 txqueuelen:1000 
   RX bytes:174146270 (174.1 MB) TX bytes:21062129 (21.0 MB)

lo Link encap:Local Loopback 

   inet addr:127.0.0.1 Mask:255.0.0.0
   inet6 addr: ::1/128 Scope:Host
   UP LOOPBACK RUNNING MTU:65536 Metric:1
   RX packets:15793 errors:0 dropped:0 overruns:0 frame:0
   TX packets:15793 errors:0 dropped:0 overruns:0 carrier:0
   collisions:0 txqueuelen:1 
   RX bytes:2898946 (2.8 MB) TX bytes:2898946 (2.8 MB)

$ ip addr show

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1 

link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
 valid_lft forever preferred_lft forever
inet6 ::1/128 scope host 
 valid_lft forever preferred_lft forever

2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group

default qlen 1000 

link/ether 28:d2:44:eb:bd:98 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.103/24 brd 192.168.0.255 scope global dynamic enp1s0
 valid_lft 5772sec preferred_lft 5772sec
inet6 fe80::8f0c:7825:8057:5eec/64 scope link 
 valid_lft forever preferred_lft forever

3: wlp2s0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000 

link/ether 38:b1:db:7c:78:c7 brd ff:ff:ff:ff:ff:ff

To temporarily assign IP Address to a specific network interface (eth0), type.

$ sudo ip addr add 192.168.56.1 dev eth0

To remove an assigned IP address from an network interface (eth0), type.

$ sudo ip addr del 192.168.56.15/24 dev eth0

To show the current neighbour table in kernel, type.

$ ip neigh

192.168.0.1 dev enp1s0 lladdr 10:fe:ed:3d:f3:82 REACHABLE

3. ifup, ifdown, and ifquery command

ifup command actives a network interface, making it available to transfer and receive data.

$ sudo ifup eth0

ifdown command disables a network interface, keeping it in a state where it cannot

transfer or receive data.

$ sudo ifdown eth0

ifquery command used to parse the network interface configuration, enabling you to

receive answers to query about how it is currently configured.

$ sudo ifquery eth0

4. Ethtool Command

ethtool is a command line utility for querying and modifying network interface controller

parameters and device drivers. The example below shows the usage of ethtool and a

command to view the parameters for the network interface.

3/17

$ sudo ethtool enp0s3

Settings for enp0s3:

Supported ports: [ TP ]

Supported link modes: 10baseT/Half 10baseT/Full 

          100baseT/Half 100baseT/Full 
          1000baseT/Full

Supported pause frame use: No

Supports auto-negotiation: Yes

Advertised link modes: 10baseT/Half 10baseT/Full 

          100baseT/Half 100baseT/Full 
          1000baseT/Full

Advertised pause frame use: No

Advertised auto-negotiation: Yes

Speed: 1000Mb/s

Duplex: Full

Port: Twisted Pair

PHYAD: 0

Transceiver: internal

Auto-negotiation: on

MDI-X: off (auto)

Supports Wake-on: umbg

Wake-on: d

Current message level: 0x00000007 (7) 

   drv probe link

Link detected: yes

5. Ping Command

$ ping -c 4 192.168.0.103

PING 192.168.0.103 (192.168.0.103) 56(84) bytes of data.

64 bytes from 192.168.0.103: icmp_seq=1 ttl=64 time=1.09 ms

64 bytes from 192.168.0.103: icmp_seq=2 ttl=64 time=0.157 ms

64 bytes from 192.168.0.103: icmp_seq=3 ttl=64 time=0.163 ms

64 bytes from 192.168.0.103: icmp_seq=4 ttl=64 time=0.190 ms

— 192.168.0.103 ping statistics —

4 packets transmitted, 4 received, 0% packet loss, time 3029ms

rtt min/avg/max/mdev = 0.157/0.402/1.098/0.402 ms

6. Traceroute Command

Traceroute is a command line utility for tracing the full path from your local system to

another network system. It prints number of hops (router IP's) in that path you travel to

reach the end server. It is an easy-to-use network troubleshooting utility after ping

command.

In this example, we are tracing the route packets take from the local system to one of

Google's servers with IP address 216.58.204.46.

5/17

$ traceroute 216.58.204.46

traceroute to 216.58.204.46 (216.58.204.46), 30 hops max, 60 byte packets

1 gateway (192.168.0.1) 0.487 ms 0.277 ms 0.269 ms

2 5.5.5.215 (5.5.5.215) 1.846 ms 1.631 ms 1.553 ms

3 * * *

4 72.14.194.226 (72.14.194.226) 3.762 ms 3.683 ms 3.577 ms

5 108.170.248.179 (108.170.248.179) 4.666 ms 108.170.248.162 (108.170.248.162) 4.869

ms 108.170.248.194 (108.170.248.194) 4.245 ms

6 72.14.235.133 (72.14.235.133) 72.443 ms 209.85.241.175 (209.85.241.175) 62.738 ms

72.14.235.133 (72.14.235.133) 65.809 ms

7 66.249.94.140 (66.249.94.140) 128.726 ms 127.506 ms 209.85.248.5 (209.85.248.5)

127.330 ms

8 74.125.251.181 (74.125.251.181) 127.219 ms 108.170.236.124 (108.170.236.124)

212.544 ms 74.125.251.181 (74.125.251.181) 127.249 ms

9 216.239.49.134 (216.239.49.134) 236.906 ms 209.85.242.80 (209.85.242.80) 254.810

ms 254.735 ms

10 209.85.251.138 (209.85.251.138) 252.002 ms 216.239.43.227 (216.239.43.227) 251.975

ms 209.85.242.80 (209.85.242.80) 236.343 ms

11 216.239.43.227 (216.239.43.227) 251.452 ms 72.14.234.8 (72.14.234.8) 279.650 ms

277.492 ms

12 209.85.250.9 (209.85.250.9) 274.521 ms 274.450 ms 209.85.253.249 (209.85.253.249)

270.558 ms

13 209.85.250.9 (209.85.250.9) 269.147 ms 209.85.254.244 (209.85.254.244) 347.046 ms

209.85.250.9 (209.85.250.9) 285.265 ms

14 64.233.175.112 (64.233.175.112) 344.852 ms 216.239.57.236 (216.239.57.236) 343.786

ms 64.233.175.112 (64.233.175.112) 345.273 ms

15 108.170.246.129 (108.170.246.129) 345.054 ms 345.342 ms 64.233.175.112

(64.233.175.112) 343.706 ms

16 108.170.238.119 (108.170.238.119) 345.610 ms 108.170.246.161 (108.170.246.161)

344.726 ms 108.170.238.117 (108.170.238.117) 345.536 ms

17 lhr25s12-in-f46.1e100.net (216.58.204.46) 345.382 ms 345.031 ms 344.884 ms

7. MTR Network Diagnostic Tool

tecmint.com (0.0.0.0) Thu Jul 12 08:58:27 2018

First TTL: 1

Host Loss% Snt Last Avg Best

Wrst StDev

1. 192.168.0.1 0.0% 41 0.5 0.6 0.4

1.7 0.2

2. 5.5.5.215 0.0% 40 1.9 1.5 0.8

7.3 1.0

3. 209.snat-111-91-120.hns.net.in 23.1% 40 1.9 2.7 1.7

10.5 1.6

4. 72.14.194.226 0.0% 40 89.1 5.2 2.2

89.1 13.7

5. 108.170.248.193 0.0% 40 3.0 4.1 2.4

52.4 7.8

6. 108.170.237.43 0.0% 40 2.9 5.3 2.5

94.1 14.4

7. bom07s10-in-f174.1e100.net 0.0% 40 2.6 6.7 2.3

79.7 16.

You can limit the number of pings to a specific value and exit mtr after those pings, using

9. Nmcli Command

tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 1064/pure-

ftpd (SER

tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 972/sshd

tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 975/cupsd

tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN

1257/master

tcp 0 0 0.0.0.0:8090 0.0.0.0:* LISTEN 636/lscpd

(lscpd -

tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN

1015/dovecot

tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN

1015/dovecot

tcp6 0 0 :::3306 :::* LISTEN

1053/mysqld

tcp6 0 0 :::3307 :::* LISTEN

1211/mysqld

tcp6 0 0 :::587 :::* LISTEN

1257/master

tcp6 0 0 :::110 :::* LISTEN

1015/dovecot

tcp6 0 0 :::143 :::* LISTEN

1015/dovecot

tcp6 0 0 :::111 :::* LISTEN 1/systemd

tcp6 0 0 :::80 :::* LISTEN 990/httpd

tcp6 0 0 :::465 :::* LISTEN

1257/master

tcp6 0 0 :::53 :::* LISTEN

1404/pdns_server

tcp6 0 0 :::21 :::* LISTEN 1064/pure-

ftpd (SER

tcp6 0 0 :::22 :::* LISTEN 972/sshd

tcp6 0 0 ::1:631 :::* LISTEN 975/cupsd

tcp6 0 0 :::25 :::* LISTEN

1257/master

tcp6 0 0 :::993 :::* LISTEN

1015/dovecot

tcp6 0 0 :::995 :::* LISTEN

1015/dovecot

ss (socket statistics) is a powerful command line utility to investigate sockets. It dumps

socket statistics and displays information similar to netstat. In addition, it shows more TCP

and state information compared to other similar utilities.

The following example show how to list all TCP ports (sockets) that are open on a server.

$ ss -ta

State Recv-Q Send-Q Local Address:Port

Peer Address:Port

LISTEN 0 100 *:submission

*:*

LISTEN 0 128 127.0.0.1:fmpro-

internal *:*

LISTEN 0 100 *:pop3

*:*

LISTEN 0 100 *:imap

*:*

LISTEN 0 128 *:sunrpc

*:*

LISTEN 0 100 *:urd

*:*

LISTEN 0 128 *:domain

*:*

LISTEN 0 9 *:ftp

*:*

LISTEN 0 128 *:ssh

*:*

LISTEN 0 128 127.0.0.1:ipp

*:*

LISTEN 0 100 *:smtp

*:*

LISTEN 0 128 *:8090

*:*

LISTEN 0 100 *:imaps

*:*

LISTEN 0 100 *:pop3s

*:*

ESTAB 0 0 192.168.0.104:ssh

192.168.0.103:36398

ESTAB 0 0 127.0.0.1:34642

127.0.0.1:opsession-prxy

ESTAB 0 0 127.0.0.1:34638

127.0.0.1:opsession-prxy

ESTAB 0 0 127.0.0.1:34644

127.0.0.1:opsession-prxy

ESTAB 0 0 127.0.0.1:34640

127.0.0.1:opsession-prxy

LISTEN 0 80 :::mysql

:::*

10/17

To display all active TCP connections together with their timers, run the following

command.

$ ss -to

12 NC Command

$ nmap 192.168.0.103

Starting Nmap 6.40 ( http://nmap.org ) at 2018-07-12 09:24 BST

Nmap scan report for 192.168.0.103

Host is up (0.000051s latency).

Not shown: 994 closed ports

PORT STATE SERVICE

22/tcp open ssh

25/tcp open smtp

902/tcp open iss-realsecure

4242/tcp open vrml-multi-use

5900/tcp open vnc

8080/tcp open http-proxy

MAC Address: 28:D2:44:EB:BD:98 (Lcfc(hefei) Electronics Technology Co.)

Nmap done: 1 IP address (1 host up) scanned in 0.13 seconds

Read our following useful articles on nmap command.

DNS Lookup Utilities

14. host Command

; «» DiG 9.9.4-RedHat-9.9.4-51.el7 «» google.com

;; global options: +cmd

;; Got answer:

;; →>HEADER«- opcode: QUERY, status: NOERROR, id: 23083

;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 14

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;google.com. IN A

;; ANSWER SECTION:

google.com. 72 IN A 172.217.166.78

;; AUTHORITY SECTION:

com. 13482 IN NS c.gtld-servers.net.

com. 13482 IN NS d.gtld-servers.net.

com. 13482 IN NS e.gtld-servers.net.

com. 13482 IN NS f.gtld-servers.net.

com. 13482 IN NS g.gtld-servers.net.

com. 13482 IN NS h.gtld-servers.net.

com. 13482 IN NS i.gtld-servers.net.

com. 13482 IN NS j.gtld-servers.net.

com. 13482 IN NS k.gtld-servers.net.

com. 13482 IN NS l.gtld-servers.net.

com. 13482 IN NS m.gtld-servers.net.

com. 13482 IN NS a.gtld-servers.net.

com. 13482 IN NS b.gtld-servers.net.

;; ADDITIONAL SECTION:

a.gtld-servers.net. 81883 IN A 192.5.6.30

b.gtld-servers.net. 3999 IN A 192.33.14.30

c.gtld-servers.net. 14876 IN A 192.26.92.30

d.gtld-servers.net. 85172 IN A 192.31.80.30

e.gtld-servers.net. 95861 IN A 192.12.94.30

f.gtld-servers.net. 78471 IN A 192.35.51.30

g.gtld-servers.net. 5217 IN A 192.42.93.30

h.gtld-servers.net. 111531 IN A 192.54.112.30

i.gtld-servers.net. 93017 IN A 192.43.172.30

j.gtld-servers.net. 93542 IN A 192.48.79.30

k.gtld-servers.net. 107218 IN A 192.52.178.30

l.gtld-servers.net. 6280 IN A 192.41.162.30

m.gtld-servers.net. 2689 IN A 192.55.83.30

;; Query time: 4 msec

;; SERVER: 192.168.0.1#53(192.168.0.1)

;; WHEN: Thu Jul 12 09:30:57 BST 2018

;; MSG SIZE rcvd: 487

16. NSLookup Command

13/17

Nslookup is also a popular command line utility to query DNS servers both interactively and

non-interactively. It is used to query DNS resource records (RR). You can find out “A” record

(IP address) of a domain as shown.

You can also perform a reverse domain lookup as shown.

$ nslookup 216.58.208.174

Server: 192.168.0.1

Address: 192.168.0.1#53

Non-authoritative answer:

174.208.58.216.in-addr.arpa name = lhr25s09-in-f14.1e100.net.

174.208.58.216.in-addr.arpa name = lhr25s09-in-f174.1e100.net.

Authoritative answers can be found from:

in-addr.arpa nameserver = e.in-addr-servers.arpa.

in-addr.arpa nameserver = f.in-addr-servers.arpa.

in-addr.arpa nameserver = a.in-addr-servers.arpa.

in-addr.arpa nameserver = b.in-addr-servers.arpa.

in-addr.arpa nameserver = c.in-addr-servers.arpa.

in-addr.arpa nameserver = d.in-addr-servers.arpa.

a.in-addr-servers.arpa internet address = 199.180.182.53

b.in-addr-servers.arpa internet address = 199.253.183.183

c.in-addr-servers.arpa internet address = 196.216.169.10

d.in-addr-servers.arpa internet address = 200.10.60.53

e.in-addr-servers.arpa internet address = 203.119.86.101

f.in-addr-servers.arpa internet address = 193.0.9.1

Linux Network Packet Analyzers

17. Tcpdump Command

$ tcpdump -i eth1

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

listening on enp0s3, link-type EN10MB (Ethernet), capture size 262144 bytes

09:35:40.287439 IP tecmint.com.ssh > 192.168.0.103.36398: Flags [P.], seq

4152360356:4152360552, ack 306922699, win 270, options [nop,nop,TS val 2211778668 ecr

2019055], length 196

09:35:40.287655 IP 192.168.0.103.36398 > tecmint.com.ssh: Flags [.], ack 196, win 5202,

options [nop,nop,TS val 2019058 ecr 2211778668], length 0

09:35:40.288269 IP tecmint.com.54899 > gateway.domain: 43760+ PTR? 103.0.168.192.in-

addr.arpa. (44)

09:35:40.333763 IP gateway.domain > tecmint.com.54899: 43760 NXDomain* 0/1/0 (94)

09:35:40.335311 IP tecmint.com.52036 > gateway.domain: 44289+ PTR? 1.0.168.192.in-

addr.arpa. (42)

iptables is a command line tool for configuring, maintaining, and inspecting the tables IP

packet filtering and NAT ruleset. It it used to set up and manage the Linux firewall

(Netfilter). It allows you to list existing packet filter rules; add or delete or modify packet

filter rules; list per-rule counters of the packet filter rules.

You can learn how to use Iptables for various purposes from our simple yet

comprehensive guides.

21. Firewalld

You can share your thoughts about this guide via the comment form below. If we have

missed any frequently used and important Linux networking tools/utilities or any useful

related information, also let us know.

17/17

projects/cheatsheets/netguide.txt · Last modified: 2019/03/14 17:58 by 127.0.0.1