Talk Tech to Me: 9 Common Linux Network Commands (2023)

There seem to be an infinite number of commands forLinux Administratorsto remember. Some are for file manipulation, some are for managing hardware, and still others are for configuring services or databases.

Network connectivity is a critical part of Linux server functionality. Read on to learn nine commands that cover most network management needs on Linux devices. Some of these tools are built-in, while others need to be added using a package manager.

4 configuration commands

There are some basic approaches to troubleshooting or examining the configuration of network nodes. One of the first steps is to determine the current configuration, including IP address, subnet mask, and interface settings.

1. The IP command

The IP command is available by default on many Linux distributions these days. The command and its associated subcommands are very flexible and allow administrators to view and change IP address settings.

To see the IP addresses of all interfaces, type:

# IP-Adr

This command displays the current IP address and subnet mask for all interfaces on the system. Specify a specific interface using ip addr show enp0s3 as shown below:

Figure 1: The IP address shows the enp0s3 command

Don't forget that theifconfigThe command will display similar information if available on your preferred distribution.

There are some variations on the IP command that you should be aware of. For example, displays route and connection information:

Figure 2: The IP route command

Figure 3: IP-Link shows enp0s3 command

2. The nmcli command

your favoriteLinux distributioncan handle network connections using NetworkManager. NetworkManager has Graphical User Interface (GUI) and Textual User Interface (TUI) utilities, but in this case I will focus on the Command Line Interface (CLI) tool.

Device information is displayed withnmcli connectionShow Command (abbreviated tonmcli com). The output shows the link name, user identifier (UID), device type and name.

Figure 4: Or nmcli command with

Additional device information can be displayed for each deviceshow devicessubcommand. Here is an example:

Figure 5: The nmcli dev showing the enp0s3 command

It is also useful to confirm that the interface is enabled withnmcli development status.

Figure 6: O command nmcli dev status

3. The dhclient command

Most Linux servers are configured with static IP addresses. But workstations and other devices are probably DHCP (Dynamic Host Configuration Protocol) clients. These devices lease an IP address configuration from a DHCP server.

Periodically, the leased information may become out of date due to recent network changes. In that case, it makes sense to start a new DHCP lease generation process.

OdhclientThe command is used to delete and then lease an IP address configuration from the DHCP server. First, use the command with no options, and then add the -r option to start the new lease.

Figure 7: The dhclient and dhclient -r commands

Windows administrators are probably familiar with its use.ipconfig /releaseEipconfig /refreshto perform the same task.

4. The ethtool command

Oettoolutility activatedsystem adminto configure network interfaces. Many options are available including speed, duplex, activationLANand driver information, among other settings.

Figure 8 The ethtool enp0s3 command

through queriesettool, a system administrator can discover the capabilities of a network interface card (NIC) to determine whether support for options such as remote enable features on the LAN is available. Additional information may be helpful in confirming that the switch and NIC speeds are compatible and duplexing is enabled.

5 connection utilities

Administrators can use the above commands to check the current system's network settings. What if these settings are correct? How can system administrators gather information about how these settings are used?

1. The SS Command

The ss command displays current connections to the system, replacing the venerableliquid stateUtility. It displays detailed information about socket statistics for supportProblems solutionand performance monitoring. If you need to see current connection information for your Linux server, ss is the command to use.

The ss command with no options displays existing connections with Transmission Control Protocol (TCP) sockets on the host. An unmodified ss command displays large output. Filtering this output is the key to getting useful information.

For many system administrators, the first useful option is the-4Switch showing IPv4 data. Many internal networks have not yet migrated to IPv6. In addition, the results of TCP or UDP (User Datagram Protocol) connections can be displayed using-TE-youoptions or

Even more convenient is the output displayed based on the state of connections. A simple example is the listening sockets display:

Figure 9: The ss -4 state listen command

You can also view output for specific connections by specifying the destination IP address, as shown below with the 192.168.2.200 destination example:

# ss-dst 192.168.2.200

The ss utility is a powerful replacement forliquid state, but it certainly requires some dedication to learn.

2. The nmap command

Network Mapper (nmap) searches for open ports on remote systems. It is an incredibly powerful tool used for both nefarious and benevolent motives. Keep this in mind when trying to troubleshoot situations where remote connections are unknown, fail, or are rejected.

Many different types of scans are available, including whole subnet or targeted host scans.

A basic scan of the 10.0.0.0/24 network looks like this:

Figure 10: The nmap command (truncated output)

A quick scan shows active hosts on a network without showing additional information (e.g. ports):

Figure 11: The nmap -sn 10.0.0.0 command

the power ofnmapreally shines when performing more specific checks. One of the most common uses is to display open ports on target systems. Although a scan can show all open ports, administrators usually already know which port to check.

To confirm the statusPort 22/TCP(the default Secure Shell (SSH) port) on a server with IP address 10.0.0.1, type:

Figure 12: The nmap -p 22 10.0.0.1 command

Similarly, nmap can show port 22 results for an entire subnet with:

# nmap -p 22 10.0.0.0/24

To search the top 25 ports, add the --top-ports 25 option:

# nmap --top-ports 25 10.0.0.0/24

Nmapit's extremely powerful, and there are a lot more options. A general scan is useful, but system administrators can use this tool to really get into the details.

For those more comfortable with graphical tools, consider ZenMap.

3. The tcpdump utility

BothssEnmapprovide information about existing connections, but do not tell system administrators how these connections are used.

The tcpdump utility is installed on many Linux distributions. It intercepts network traffic and gives administrators an overview of what kind of information is flowing over existing connections.

One reasontcpdumpcommand looks like this:

# tcpdump -i enp0s3

The output is all traffic on the specified interface.

It's easy to specify traffic to or from a specific IP address, for example 10.0.0.42. To do this, type the following:

# tcpdump-Host 10.0.0.42

However, on a server with busy network connections, a lot of information can be collected in a very short time. Try filtering coverage by the specific traffic port you need.

Here's a recording for the port 80 traffic, along with words to write the output to a file called webtraffic:

# porta tcpdump 80 -w webtraffic

The file isn't easy to read with a standard editor, but you can use it.tcpdump -r webtrafficor open the file withWiresharkto make the content more user-friendly.

Of course, Wireshark offers similar functionality and has a very nice GUI.

4. The mtr command

While tools likePing e Tracerouteare invaluable for network troubleshooters whomtrCommand can be even more effective. It includes the functionality of standard tools and provides visibility into network performance information, including dropped packets along a route. It updates this information automatically, giving system administrators real-time information about network performance.

A basic test looks like this:

Figure 13: The mtr command

In this case I also targeted localhostmtrto view available baselines.

The mtr command also works by simply specifying an IP address instead of a fully qualified domain name (FQDN) or hostname.

If the output is too disorganized, try the-cOption to display results in a wide format. I usually walkmtras-4Option to return only IPv4 information.

The output includes the percentage of packets lost, the number of packets sent, and various fields related to network performance. As results are displayed for each hop, administrators can identify where communication is failing or which routers may be experiencing performance issues.

you can installmtron Linux, macOS and Windows. In fact, Windows administrators may already be familiar with a similar tool called Pathping.

5. The iperf command

The mtr command can certainly provide valuable information about a network route, but what about the available bandwidth being used by a specific server? there is theiperfutility is coming.

There are two basic ways to use it.iperf, either directed to a server owned by an Internet hosting organization or directed to one of your internal servers.

To useiperfinternally dedicating two systems. One acts as the destination server while the other is the client. To installiperfin both systems.

To set the target device as the target server, use the-SPossibility:

# iperf -s

A default port number is displayed. The client uses this connection to test performance.

Then switch to the client device. O -Ccauses the device to run iperf in client mode. Provide at least the IP address of the destination server.

The command looks like this on the client, assuming the server's IP address is 10.0.0.5:

# iperf -c 10.0.0.5

The output provides system administrators with information about the server's available bandwidth. However, testing a single server connection is not necessarily realistic. Most servers must support many simultaneous connections. gladly,iperfcan help with that.

Use o-POption to specify the number of parallel connections to the destination, which gives much more information about how the server's actual network performance is.

# iperf -P 30 -c 10.0.0.5

Use iperf on Linux servers, of course, but note that there are versions for Windows, macOS, and even Android and iOS (iPhone). Consider network testing possibilities with this variety.

Understand basic networking commands

Linux server administrators are often responsible for critical services including web and database functions. These services depend on network connectivity and it is up to system administrators to know many different basic network commands for configuration and troubleshooting. The nine commands listed here represent a solid list of utilities that play an important role in maintaining network connectivity.

CompTIA Linux+ covers the skills needed to be a Linux administrator and use commands like the ones in this article. CompTIA CertMaster Learn + Labs for Linux+ allow you to learn and practice your hands-on skills on one platform.Sign up for your free trial today.