Useful linux commands: part 1: Networking

1. IFCONFIG

ifconfig (interface configurator) command is use to initialize an interface, assign IP Address to interface and enable or disable interface on demand.

With this command you can view IP Address and Hardware/MAC address assign to interface and also MTU (Maximum transmission unit) size.

Check all the details provided by the command by typing in:

# ifconfig

OR

# ifconfig eth0

  • Assign an IP Address and Gateway to interface on the fly:

# ifconfig eth0 192.168.45.34 netmask 255.255.255.0

  • To enable or disable specific Interface.

Enable eth0:

# ifup eth0

Disable eth0:

# ifdown eth0

  • Setting MTU Size. (By default MTU size is 1500.)

# ifconfig eth0 mtu XXXX

  • Set Interface in Promiscuous mode.

Network interface only received packets belongs to that particular NIC. If you put interface in promiscuous mode it will received all the packets. This is very useful to capture packets and analyze later. For this you may require superuser access.

# ifconfig eth0 – promisc

2. PING

PING (Packet INternet Groper) command is the best way to test connectivity between two nodes.

Be it Local Area Network (LAN) or Wide Area Network (WAN). Ping uses ICMP (Internet Control Message Protocol) to communicate to other devices.

  • Ping using IP address.

# ping 8.8.8.8

  • Ping using hostname

# ping http://www.google.com

  • In Linux ping command keep executing until you interrupt. Ping with -c option to exit after N number of request.

# ping -c 4 http://www.google.com

3. TRACEROUTE

Traceroute is a network troubleshooting utility which shows number of hops taken to reach destination also determine packets traveling path.

Below we are tracing route to global DNS server IP Address and able to reach destination also shows path of that packet is traveling.

# traceroute 8.8.8.8

traceroute to 8.8.8.8 (8.8.8.8), 64 hops max, 52 byte packets
1  connect.onboard.info (10.0.0.1)  34.836 ms  7.279 ms  5.456 ms
2  172.26.96.161 (172.26.96.161)  34.796 ms  52.152 ms  33.806 ms
3  172.16.157.164 (172.16.157.164)  47.693 ms  42.050 ms  51.715 ms
4  12.249.2.49 (12.249.2.49)  53.378 ms  80.842 ms  59.054 ms
5  12.83.180.82 (12.83.180.82)  80.668 ms  97.070 ms *
6  12.122.137.181 (12.122.137.181)  49.444 ms  54.285 ms  61.081 ms
7  12.250.31.10 (12.250.31.10)  40.703 ms  51.372 ms  53.838 ms
8  209.85.244.23 (209.85.244.23)  59.456 ms
    209.85.241.171 (209.85.241.171)  48.018 ms
    209.85.244.23 (209.85.244.23)  43.476 ms
9  216.239.49.103 (216.239.49.103)  44.689 ms
    216.239.58.195 (216.239.58.195)  44.356 ms
    216.239.56.137 (216.239.56.137)  47.963 ms
10  google-public-dns-a.google.com (8.8.8.8)  45.216 ms  69.014 ms  54.033 ms

4. NETSTAT

Netstat (Network Statistic) command displays connection info, routing table information and many more statistics related to TCP, UDP and active ports.

Some useful options to combine and use are mentioned below.

-r    display routing table

-a    All ports

-t    TCP ports

-u    UDP ports

-l    all active Listening connections

-x    unix ports

-s    display statistics by protocol

-p    display service name with their PID number

-c    promiscuous mode

-i    network interface packet transactions including both transferring and receiving packets with MTU size

-g    display multicast group membership info for IPv4 & IPv6

-c 3   get netstat information every three seconds.

–statictics –raw   display raw network statistics

5. DIG

Dig (domain information groper) query DNS related information like A Record, CNAME, MX Record etc. This command mainly use to troubleshoot DNS related query.

# dig http://www.google.com

Dig command reads the /etc/resolv.conf file and queries the DNS servers listed there. The response from the DNS server is what dig displays.

  • By default dig is quite verbose. One way to cut down the output is to use the +short option. which will drastically cut the output as shown below.

# dig http://www.google.com +short

  • Query mail exchange server

# dig google.com MX

  • Query SOA record of the domain

# dig google.com SOA

  • Query TTL record of the domain

# dig google.com TTL

  • Query only ANSWER SECTION

# dig google.com +nocomments +noquestion +noauthority +noadditional +nostats

  • Querying ALL DNS Records Types

# dig google.com ANY +noall +answer

  • Reverse Look-up the DNS (IP to hostname)

# dig -x 8.8.8.8 +short

  • Querying Multiple DNS Records

# dig google.com mx +noall +answer redhat.com ns +noall +answer

6. NSLOOKUP

nslookup command is used to find out DNS related query.

# nslookup http://www.google.com

  • Reverse Domain Lookup

# nslookup 8.8.8.8

  • Specific Domain Lookup

# nslookup google-public-dns-a.google.com

  • Query MX (Mail Exchange) record

# nslookup -query=mx http://www.google.com

  • Query NS (Name Server) record

# nslookup -query=ns http://www.google.com

  • query SOA (Start of Authority) record.

# nslookup -type=soa http://www.google.com

  • query all Available DNS records.

# nslookup -query=any google.com

  • To enable Debug Mode

# nslookup -debug google.com

7. ROUTE

Route command shows and manipulates the routing table. To see default routing table in Linux, type the following command.

# route

  • Route Adding

# route add -net 10.10.10.0/24 gw 192.168.0.1

  • Route Deleting

# route del -net 10.10.10.0/24 gw 192.168.0.1

  • Adding default Gateway

# route add default gw 192.168.0.1

8. HOST

Host command to find name to IP or IP to name in IPv4 or IPv6 and also query DNS records.

# host http://www.google.com

Using -t option we can find out DNS Resource Records like CNAME, NS, MX, SOA etc.

# host -t CNAME http://www.google.com

9. ARP

ARP (Address Resolution Protocol) is used to view or add the contents of the kernel’s ARP tables.

To see default table:

# arp -e

10. ETHTOOL

ethtool is used to view or set speed and duplex of your Network Interface Card (NIC).

You can set duplex permanently in /etc/sysconfig/network-scripts/ifcfg-eth0 with ETHTOOL_OPTS variable.

# ethtool eth0

11. IWCONFIG

iwconfig is use to configure a wireless network interface. You can see and set the basic Wi-Fi details like SSID channel and encryption. You can refer man page of iwconfig to know more.

# iwconfig [interface]

12. HOSTNAME

hostname is used to identify in a network.

# hostname

You can set hostname permanently in /etc/sysconfig/network. Need to reboot box once set a proper hostname.

13. TELNET

It connects destination host via telnet protocol. If telnet connection establish on any port means connectivity between two hosts is working fine.

#telnet hostname port

This will telnet hostname with the port specified. Normally it is used to see whether host is alive and network connection is fine or not.

For more information regarding different flags of telnet check this.

Telnet is a client-server protocol, based on a reliable connection-oriented transport. Typically, this protocol is used to establish a connection to Transmission Control Protocol (TCP) port number 23, where a Telnet server application (telnetd) is listening. Telnet is a both a network protocol and an application that uses that protocol. Most often, telnet is used to connect to remote computers and issue commands on those computers. It’s like a remote control for the internet!

14. SSH

SSH (Secure Shell) is used to log into remote machines. Below are few different ways to log into remote servers.

# ssh -l username remote_server.example.com

OR

# ssh username@remote_server

  • Running remote commands from local host.

# ssh user@remote_server “cat /etc/hosts”

  • SSH into machine in debug mode

# ssh –v username@remote_server

  • If you have generated a .pem key for passwordless ssh, to log in:

# ssh –i ~/path/to/pem_key user@remote_server

15. SCP

SCP is used to transfer files from localhost to server or from server to localhost.

  • Copy file from the remote server to the localhost:

# scp username@remote_server:/home/username/abc.txt abc.txt

  • Copy file from the localhost to the remote server:

# scp abc.txt username@remote_server:/home/username/abc.txt

  • If you are using pem key, append -i ~/path/to/pem_key, just like we did it in ssh command.

16. WHO

who command simply return user name, date, time and host information. who command is similar to W command. Unlike W command who doesn’t print what users are doing.

# who

17. WHOIS

WHOIS allows you to check the Internic database for proper hostnames. It is very useful when you are trying to trace back an IP address to a specific hostname, or the reverse.

# whois -f 10.1.1.1

The -f option forces the command to skip any cache that may have stored the host state, and instead goes to the actual server to perform a lookup and verify its hostname.

Another useful variation of the command, especially for trying to identify port problems is:

# whois –port=8080 10.1.1.1

This command forces a test on the specific host’s port 8080.

18. TRACEPATH

It traces path to a network host discovering MTU along this path. It uses UDP port port or some random port. It is similar to traceroute, only does not not require superuser privileges and has no fancy options.

# tracepath6 3ffe:2400:0:109::2

1?: [LOCALHOST] pmtu 1500
1: dust.inr.ac.ru 0.411ms
2: dust.inr.ac.ru asymm 1 0.390ms pmtu 1480
2: 3ffe:2400:0:109::2 463.514ms reached
Resume: pmtu 1480 hops 2 back 2

The first column shows TTL of the probe, followed by colon. Usually value of TTL is obtained from reply from network, but sometimes reply does not contain necessary information and we have to guess it. In this case the number is followed by ?.

The second column shows the network hop, which replied to the probe. It is either address of router or word [LOCALHOST], if the probe was not sent to the network.

The rest of line shows miscellaneous information about path to the corresponding network hop.

19. UPTIME

Uptime command displays the time since your system is running and the number of users are currently logged in and also displays load average for 1,5 and 15 minutes intervals.

# uptime

20. W

W displays users currently logged in and their processes along with the load averages. It also shows the login name, tty name, remote host, login time, idle time, JCPU, PCPU, command and processes.

# w

-b    Displays last system reboot date and time.

-r    Shows current runlet.

-a, –all    Displays all information in cumulatively.

21. USERS

Users command displays currently logged in users. This command don’t have other parameters other than help and version.

# users

22. FTP & SFTP

FTP  (file transfer protocol) or SFTP (secure file transfer protocol) command is used to connect to remote ftp host.

# ftp 192.168.50.2

# sftp 192.168.50.2

We can put multiple files in remote host using mput and similarly we can do mget to download multiple files from remote host.

# ftp > mput *.txt

# ftp > mget *.txt

23. DHCLIENT

The dhclient command can release your computer’s IP address and get a new one from your DHCP server. This requires root permissions, so use sudo on Ubuntu. Run dhclient with no options to get a new IP address or use the -r switch to release your current IP address.

# sudo dhclient -r
# sudo dhclient

24. SS (NETSTAT)

ss command is a replacement for netstat.

Using ss command, you can get more information than netstat command. ss command is fast because it get all the information from the kernel userspace.

  • Listing all connections:

# ss

  • Filtering out TCP, UDP and Unix sockets

It has same flags as netstat command. Check above for flags information of netstat and ss.

25. SNMPWALK

Retrieve a subtree of management values using SNMP GETNEXT requests.

snmpwalk is an SNMP application that uses SNMP GETNEXT requests to query a network entity for a tree of information.


# snmpwalk -v 2c -c demopublic test.net-snmp.org system

SNMPv2-MIB::sysDescr.0 = HP-UX net-snmp B.10.20 A 9000/715
SNMPv2-MIB::sysObjectID.0 = OID: enterprises.ucdavis.ucdSnmpAgent.hpux10
SNMPv2-MIB::sysUpTime.0 = Timeticks: (586998396) 67 days, 22:33:03.96
SNMPv2-MIB::sysContact.0 = Wes Hardaker wjhardaker@ucdavis.edu
SNMPv2-MIB::sysName.0 = net-snmp
SNMPv2-MIB::sysLocation.0 = UCDavis
SNMPv2-MIB::sysORLastChange.0 = Timeticks: (0) 0:00:00.00
SNMPv2-MIB::sysORID.1 = OID: SNMPv2-MIB::snmpMIB
SNMPv2-MIB::sysORID.2 = OID: IF-MIB::ifMIB
SNMPv2-MIB::sysORID.4 = OID: IP-MIB::ip
SNMPv2-MIB::sysORID.5 = OID: UDP-MIB::udpMIB
SNMPv2-MIB::sysORDescr.1 = The Mib module for SNMPv2 entities.
SNMPv2-MIB::sysORDescr.2 = The MIB module to describe generic objects for network interface sub-layers
SNMPv2-MIB::sysORDescr.4 = The MIB module for managing IP and ICMP implementations
SNMPv2-MIB::sysORDescr.5 = The MIB module for managing UDP implementations
SNMPv2-MIB::sysORUpTime.1 = Timeticks: (82) 0:00:00.82
SNMPv2-MIB::sysORUpTime.2 = Timeticks: (81) 0:00:00.81
SNMPv2-MIB::sysORUpTime.4 = Timeticks: (83) 0:00:00.83
SNMPv2-MIB::sysORUpTime.5 = Timeticks: (82) 0:00:00.82

  • To get info of a single MIB (scalar) object, or an instance OID

# snmpwalk -v 2c -c demopublic test.net-snmp.org sysDescr

SNMPv2-MIB::sysDescr.0 = HP-UX net-snmp B.10.20 A 9000/715

# snmpwalk -v 2c -c demopublic test.net-snmp.org sysDescr.0

SNMPv2-MIB::sysDescr.0 = HP-UX net-snmp B.10.20 A 9000/715

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s