ifconfig (interface configurator) command is use to initialize an interface, assign IP Address to interface and enable or disable interface on demand.
With this command you can view IP Address and Hardware/MAC address assign to interface and also MTU (Maximum transmission unit) size.
Check all the details provided by the command by typing in:
# ifconfig eth0
- Assign an IP Address and Gateway to interface on the fly:
# ifconfig eth0 192.168.45.34 netmask 255.255.255.0
- To enable or disable specific Interface.
# ifup eth0
# ifdown eth0
- Setting MTU Size. (By default MTU size is 1500.)
# ifconfig eth0 mtu XXXX
- Set Interface in Promiscuous mode.
Network interface only received packets belongs to that particular NIC. If you put interface in promiscuous mode it will received all the packets. This is very useful to capture packets and analyze later. For this you may require superuser access.
# ifconfig eth0 – promisc
PING (Packet INternet Groper) command is the best way to test connectivity between two nodes.
Be it Local Area Network (LAN) or Wide Area Network (WAN). Ping uses ICMP (Internet Control Message Protocol) to communicate to other devices.
- Ping using IP address.
# ping 220.127.116.11
- Ping using hostname
# ping http://www.google.com
- In Linux ping command keep executing until you interrupt. Ping with -c option to exit after N number of request.
# ping -c 4 http://www.google.com
Traceroute is a network troubleshooting utility which shows number of hops taken to reach destination also determine packets traveling path.
Below we are tracing route to global DNS server IP Address and able to reach destination also shows path of that packet is traveling.
# traceroute 18.104.22.168
traceroute to 22.214.171.124 (126.96.36.199), 64 hops max, 52 byte packets
1 connect.onboard.info (10.0.0.1) 34.836 ms 7.279 ms 5.456 ms
2 172.26.96.161 (172.26.96.161) 34.796 ms 52.152 ms 33.806 ms
3 172.16.157.164 (172.16.157.164) 47.693 ms 42.050 ms 51.715 ms
4 188.8.131.52 (184.108.40.206) 53.378 ms 80.842 ms 59.054 ms
5 220.127.116.11 (18.104.22.168) 80.668 ms 97.070 ms *
6 22.214.171.124 (126.96.36.199) 49.444 ms 54.285 ms 61.081 ms
7 188.8.131.52 (184.108.40.206) 40.703 ms 51.372 ms 53.838 ms
8 220.127.116.11 (18.104.22.168) 59.456 ms
22.214.171.124 (126.96.36.199) 48.018 ms
188.8.131.52 (184.108.40.206) 43.476 ms
9 220.127.116.11 (18.104.22.168) 44.689 ms
22.214.171.124 (126.96.36.199) 44.356 ms
188.8.131.52 (184.108.40.206) 47.963 ms
10 google-public-dns-a.google.com (220.127.116.11) 45.216 ms 69.014 ms 54.033 ms
Netstat (Network Statistic) command displays connection info, routing table information and many more statistics related to TCP, UDP and active ports.
Some useful options to combine and use are mentioned below.
-r display routing table
-a All ports
-t TCP ports
-u UDP ports
-l all active Listening connections
-x unix ports
-s display statistics by protocol
-p display service name with their PID number
-c promiscuous mode
-i network interface packet transactions including both transferring and receiving packets with MTU size
-g display multicast group membership info for IPv4 & IPv6
-c 3 get netstat information every three seconds.
–statictics –raw display raw network statistics
Dig (domain information groper) query DNS related information like A Record, CNAME, MX Record etc. This command mainly use to troubleshoot DNS related query.
# dig http://www.google.com
Dig command reads the /etc/resolv.conf file and queries the DNS servers listed there. The response from the DNS server is what dig displays.
- By default dig is quite verbose. One way to cut down the output is to use the +short option. which will drastically cut the output as shown below.
# dig http://www.google.com +short
- Query mail exchange server
# dig google.com MX
- Query SOA record of the domain
# dig google.com SOA
- Query TTL record of the domain
# dig google.com TTL
- Query only ANSWER SECTION
# dig google.com +nocomments +noquestion +noauthority +noadditional +nostats
- Querying ALL DNS Records Types
# dig google.com ANY +noall +answer
- Reverse Look-up the DNS (IP to hostname)
# dig -x 18.104.22.168 +short
- Querying Multiple DNS Records
# dig google.com mx +noall +answer redhat.com ns +noall +answer
nslookup command is used to find out DNS related query.
# nslookup http://www.google.com
- Reverse Domain Lookup
# nslookup 22.214.171.124
- Specific Domain Lookup
# nslookup google-public-dns-a.google.com
- Query MX (Mail Exchange) record
# nslookup -query=mx http://www.google.com
- Query NS (Name Server) record
# nslookup -query=ns http://www.google.com
- query SOA (Start of Authority) record.
# nslookup -type=soa http://www.google.com
- query all Available DNS records.
# nslookup -query=any google.com
- To enable Debug Mode
# nslookup -debug google.com
Route command shows and manipulates the routing table. To see default routing table in Linux, type the following command.
- Route Adding
# route add -net 10.10.10.0/24 gw 192.168.0.1
- Route Deleting
# route del -net 10.10.10.0/24 gw 192.168.0.1
- Adding default Gateway
# route add default gw 192.168.0.1
Host command to find name to IP or IP to name in IPv4 or IPv6 and also query DNS records.
# host http://www.google.com
Using -t option we can find out DNS Resource Records like CNAME, NS, MX, SOA etc.
# host -t CNAME http://www.google.com
ARP (Address Resolution Protocol) is used to view or add the contents of the kernel’s ARP tables.
To see default table:
# arp -e
ethtool is used to view or set speed and duplex of your Network Interface Card (NIC).
You can set duplex permanently in /etc/sysconfig/network-scripts/ifcfg-eth0 with ETHTOOL_OPTS variable.
# ethtool eth0
iwconfig is use to configure a wireless network interface. You can see and set the basic Wi-Fi details like SSID channel and encryption. You can refer man page of iwconfig to know more.
# iwconfig [interface]
hostname is used to identify in a network.
You can set hostname permanently in /etc/sysconfig/network. Need to reboot box once set a proper hostname.
It connects destination host via telnet protocol. If telnet connection establish on any port means connectivity between two hosts is working fine.
#telnet hostname port
This will telnet hostname with the port specified. Normally it is used to see whether host is alive and network connection is fine or not.
For more information regarding different flags of telnet check this.
Telnet is a client-server protocol, based on a reliable connection-oriented transport. Typically, this protocol is used to establish a connection to Transmission Control Protocol (TCP) port number 23, where a Telnet server application (telnetd) is listening. Telnet is a both a network protocol and an application that uses that protocol. Most often, telnet is used to connect to remote computers and issue commands on those computers. It’s like a remote control for the internet!
SSH (Secure Shell) is used to log into remote machines. Below are few different ways to log into remote servers.
# ssh -l username remote_server.example.com
# ssh username@remote_server
- Running remote commands from local host.
# ssh user@remote_server “cat /etc/hosts”
- SSH into machine in debug mode
# ssh –v username@remote_server
- If you have generated a .pem key for passwordless ssh, to log in:
# ssh –i ~/path/to/pem_key user@remote_server
SCP is used to transfer files from localhost to server or from server to localhost.
- Copy file from the remote server to the localhost:
# scp username@remote_server:/home/username/abc.txt abc.txt
- Copy file from the localhost to the remote server:
# scp abc.txt username@remote_server:/home/username/abc.txt
- If you are using pem key, append -i ~/path/to/pem_key, just like we did it in ssh command.
who command simply return user name, date, time and host information. who command is similar to W command. Unlike W command who doesn’t print what users are doing.
WHOIS allows you to check the Internic database for proper hostnames. It is very useful when you are trying to trace back an IP address to a specific hostname, or the reverse.
# whois -f 10.1.1.1
The -f option forces the command to skip any cache that may have stored the host state, and instead goes to the actual server to perform a lookup and verify its hostname.
Another useful variation of the command, especially for trying to identify port problems is:
# whois –port=8080 10.1.1.1
This command forces a test on the specific host’s port 8080.
It traces path to a network host discovering MTU along this path. It uses UDP port port or some random port. It is similar to traceroute, only does not not require superuser privileges and has no fancy options.
# tracepath6 3ffe:2400:0:109::2
1?: [LOCALHOST] pmtu 1500
1: dust.inr.ac.ru 0.411ms
2: dust.inr.ac.ru asymm 1 0.390ms pmtu 1480
2: 3ffe:2400:0:109::2 463.514ms reached
Resume: pmtu 1480 hops 2 back 2
The first column shows TTL of the probe, followed by colon. Usually value of TTL is obtained from reply from network, but sometimes reply does not contain necessary information and we have to guess it. In this case the number is followed by ?.
The second column shows the network hop, which replied to the probe. It is either address of router or word [LOCALHOST], if the probe was not sent to the network.
The rest of line shows miscellaneous information about path to the corresponding network hop.
Uptime command displays the time since your system is running and the number of users are currently logged in and also displays load average for 1,5 and 15 minutes intervals.
W displays users currently logged in and their processes along with the load averages. It also shows the login name, tty name, remote host, login time, idle time, JCPU, PCPU, command and processes.
-b Displays last system reboot date and time.
-r Shows current runlet.
-a, –all Displays all information in cumulatively.
Users command displays currently logged in users. This command don’t have other parameters other than help and version.
22. FTP & SFTP
FTP (file transfer protocol) or SFTP (secure file transfer protocol) command is used to connect to remote ftp host.
# ftp 192.168.50.2
# sftp 192.168.50.2
We can put multiple files in remote host using mput and similarly we can do mget to download multiple files from remote host.
# ftp > mput *.txt
# ftp > mget *.txt
The dhclient command can release your computer’s IP address and get a new one from your DHCP server. This requires root permissions, so use sudo on Ubuntu. Run dhclient with no options to get a new IP address or use the -r switch to release your current IP address.
# sudo dhclient -r
# sudo dhclient
24. SS (NETSTAT)
ss command is a replacement for netstat.
Using ss command, you can get more information than netstat command. ss command is fast because it get all the information from the kernel userspace.
- Listing all connections:
- Filtering out TCP, UDP and Unix sockets
It has same flags as netstat command. Check above for flags information of netstat and ss.
Retrieve a subtree of management values using SNMP GETNEXT requests.
snmpwalk is an SNMP application that uses SNMP GETNEXT requests to query a network entity for a tree of information.
# snmpwalk -v 2c -c demopublic test.net-snmp.org system
SNMPv2-MIB::sysDescr.0 = HP-UX net-snmp B.10.20 A 9000/715
SNMPv2-MIB::sysObjectID.0 = OID: enterprises.ucdavis.ucdSnmpAgent.hpux10
SNMPv2-MIB::sysUpTime.0 = Timeticks: (586998396) 67 days, 22:33:03.96
SNMPv2-MIB::sysContact.0 = Wes Hardaker firstname.lastname@example.org
SNMPv2-MIB::sysName.0 = net-snmp
SNMPv2-MIB::sysLocation.0 = UCDavis
SNMPv2-MIB::sysORLastChange.0 = Timeticks: (0) 0:00:00.00
SNMPv2-MIB::sysORID.1 = OID: SNMPv2-MIB::snmpMIB
SNMPv2-MIB::sysORID.2 = OID: IF-MIB::ifMIB
SNMPv2-MIB::sysORID.4 = OID: IP-MIB::ip
SNMPv2-MIB::sysORID.5 = OID: UDP-MIB::udpMIB
SNMPv2-MIB::sysORDescr.1 = The Mib module for SNMPv2 entities.
SNMPv2-MIB::sysORDescr.2 = The MIB module to describe generic objects for network interface sub-layers
SNMPv2-MIB::sysORDescr.4 = The MIB module for managing IP and ICMP implementations
SNMPv2-MIB::sysORDescr.5 = The MIB module for managing UDP implementations
SNMPv2-MIB::sysORUpTime.1 = Timeticks: (82) 0:00:00.82
SNMPv2-MIB::sysORUpTime.2 = Timeticks: (81) 0:00:00.81
SNMPv2-MIB::sysORUpTime.4 = Timeticks: (83) 0:00:00.83
SNMPv2-MIB::sysORUpTime.5 = Timeticks: (82) 0:00:00.82
- To get info of a single MIB (scalar) object, or an instance OID
# snmpwalk -v 2c -c demopublic test.net-snmp.org sysDescr
SNMPv2-MIB::sysDescr.0 = HP-UX net-snmp B.10.20 A 9000/715
# snmpwalk -v 2c -c demopublic test.net-snmp.org sysDescr.0
SNMPv2-MIB::sysDescr.0 = HP-UX net-snmp B.10.20 A 9000/715