Linux Network Cheat Sheet
One of the most basic yet empowering network commands for Linux system administrators is ifconfig. It is a built-in system utility that allows users to configure and manage network interface parameters. The name ifconfig stands for “interface configuration“, and it’s the go-to tool for checking whether your network interfaces are performing rightly or not.
Calling it without any options will provide detailed information on network devices, configuration, and current settings.
You can use the -s flag for getting shorter, more concise information. Other additional options enable ifconfig to perform more demanding tasks. Consult the man page for notes on how to use them.
The iwconfig is used for configuring wireless network interfaces like network cards and stuff. It can be used for setting up various wireless network parameters such as the SSID access point, and frequency. Suppose you have identified your wireless interface as wlp2s0 by using ifconfig. The below command will provide network information related to this interface.
$ iwconfig wlp2s0
Use the below command to change the transmission power to 20.
$ iwconfig wlp2s0 txpower 20
Run iwconfig again to see if the change in transmission power. Consult the man page for additional useful options.
The ifstat command is a handy utility that allows sysadmins to read and monitor various network interface statistics like bandwidth usage, and so on. The below command will give you the sample statistics every SECS second.
$ ifstat --scan=SECS
The following command will report the average over the last SECS seconds.
$ ifstat --interval=SECS
The next one will output any errors.
$ ifstat --errors
This tool is part of the iproute2 project and has a plethora of additional options. Check out the man page for more queries.
The ethtool utility allows admins to display and modify the different parameters of network interface controllers, and their device drivers. It can be useful for identifying and diagnosing your ethernet devices and allows you to control the speed, duplex, and flows conveniently.
$ ethtool eth0
The above command will output the current parameters of the network port eth0.
$ ethtool -s eth0 speed 1000 duplex full
This command forces the speed of network interface eth0 to be 1000 and sets up full-duplex. You can find a lot of additional options by simply going over the manual.
The arpwatch utility is a robust ethernet activity monitoring tool that allows system administrators to easily keep track of the ethernet/IP address pairings of their network. It can be of extreme importance to enterprise sysadmins and also to Linux power users.
You can use arpwatch to watch a specific network interface by using the -i flag, as shown below.
$ sudo arpwatch -i eth0
arpwatch writes any changes or unusual activities to IP or MAC to /var/log/messages. Use the tail command on this file to get new information about your ARP traffic. Consult the man page for exploring more available options.
The bmon command is arguably among the most useful Linux network commands. It is a portable bandwidth monitor and rate estimator that can be used for capturing network statistics and displaying them in a human-readable format. The programmable text output provided by this Linux network monitoring tool can be used for building advanced scripts.
Simply invoking this tool will give you a real-time estimation of your network statistics. Use the -p flag to get output for a specific interface.
$ bmon -p wlp2s0
There are many more options available — check the man page for comprehensive details.
Linux Network Commands for Communication
Communicating with external resources is the primary purpose of system networks. In this section, we glance at some common Linux commands used for this purpose.
The telnet protocol is the fundamental mechanism behind bidirectional, interactive, and text-oriented communication in Linux systems. The Linux telnet utility allows a host system to connect to another client system utilizing this communication protocol. Simply enter telnet in your terminal to invoke the interactive shell.
Now enter open followed by the hostname/IP of the system you want to connect in this shell. Enter help for getting a list of all available options.
telnet> open example.com
Alternatively, you can use this command to connect with a host directly. See the below example.
$ telnet host-machine
Just type in the user credentials in the prompt, and you’re ready to go.
The ssh command is without any doubt among the most used Linux network commands for many admins. It provides an interface to the secure shell protocol and allows hassle-free communication over a secure network connection. It can be used to manage remote servers effectively and transfer files in a trouble-free manner.
$ ssh user@host-machine
You can set up private/public key pairings and log into remote machines without typing in passwords. Use the below command to generate your ssh-key.
By default, the above command generates the keys using the RSA cryptographic algorithm. Use the -t flag to use other algorithms like DSA.
The sendmail command is a handy utility that enables Linux users to send email messages directly from their terminal. It reads the standard input and sends emails to specified recipients over the network. This command is often useful for remote servers where you don’t have your standard browser to send emails.
$ echo "Subject: Test" | sendmail email@example.com < mail.txt
The above command will send the contents of the given file to the specified email. There’s a bunch of additional options you can use with sendmail. Consult the man page for more queries on sendmail.
The ability to send messages between different system users is crucial for multi-user systems such as Linux. The write command can be used for establishing terminal to terminal communication sessions in Linux. It is an interactive utility, and thus it is not feasible to use this network command inside scripts.
$ write user [tty]
The write command takes the syntax mentioned above and sends messages to specific or all users. It will come in handy when multiple users are operating the same system and needs to communicate effortlessly.
The mail command is an essential utility for sending emails from the terminal. Notice the below example to understand how it works.
$ mail -s "This is the subject" firstname.lastname@example.org < mail.txt
The -s flag enables users to select their subject. You can send mails to multiple recipients at the same time, as shown next.
$ mail -s "This is the subject" email@example.com, firstname.lastname@example.org < mail.txt
Simply use a comma-separated list of recipients. The -a flag allows users to send attachments with their mails.
$ mail -s "Subject" -a /tmp/file.pdf email@example.com < mail.txt
Sometimes you may want to list your email statistics for several reasons. The Linux mailstats command will let you do this very easily. This command needs to be run as root, or else it will not work.
# mailstats -p
This command will give output in program-readable mode and will provide clear statistics.
# mailstats -f STAT-FILE
This command will read the specified STAT-FILE instead of the default sendmail statistics file. Check out their man page for more available options and proper usage of the command.
The w command provides a handy way to list every user that is currently logged into a Linux machine. Its syntax is shown below.
w [options] user [...]
This command also provides many valuable insights like the processes running in each user’s session, emote host, login time, idle time, JCPU, PCPU, etc.
$ w --short
This command will provide a concise output omitting the login time, JCPU, or PCPU times.
$ w --ip-addr
This command will try to show the ip address of the users currently logged in instead of their hostnames. You can find more options in the manual page.
Network Commands for Facilitating Data Transfer
Transferring data across several systems is mandatory for sysadmins. Linux facilitates remote data transfer over a network conveniently and offers some very robust command-line tools for this purpose. In this section, we take a look at some of these commands.
The cURL command is one of the most widely used Linux commands for transferring data to or from a network server. It utilizes various network protocols such as HTTP, HTTPS, FTP, FTPS, SCP, SFTP, etc. The cURL command doesn’t require user interaction, and therefore, can be used extensively inside shell scripts.
$ curl -O https://somedomain/file
This will download the file from the specified address and save it in the current directory with its original name.
$ curl -o new-name https://somedomain/file
This command saves the downloaded file with the name new-name. Since cURL has a plethora of available options, checking out the manual is a must if you want to master this Linux tool.
The wget tool is a part of the GNU project and facilitates the downloading of contents from web servers. It offers several useful options, including the ability to download files recursively, converting links to HTML for offline viewing, proxies, and so on.
$ wget https://somedomain/file
This simply downloads the file and saves it to the current directory. Use the -O flag to save this file under a new name.
$ wget -O filename https://somedomain/file
Use the -P flag to save the file in some other directory.
$ wget -P ~/Downloads https://somedomain/file
wget is non-interactive and is used extensively for downloading files from inside scripts.
The Linux FTP utility is widely used for downloading or uploading files to/from remote hosts. This command can be used inside scripts for creating automated FTP sessions very quickly.
$ ftp ftp>
Simply typing ftp in the terminal creates an interactive session. You can enter various commands in this prompt for transferring files over FTP. For example, you can use the open common for connecting to a remote host. Enter the help command to get a list of all the available commands.
$ ftp hostname
You can also use it to connect to remote hosts directly. See the man page for detailed information on all available commands.
The rcp utility allows users to copy files or directories from their local system to a remote machine on the network. The command has a syntax like below.
rcp [options] SOURCE DESTINATION
For example, the next command shows how to copy a file called test.doc to a remote machine.
$ rcp /parent/dir/test.doc hostname:/some/dir
You can also use this command to receive files from a remote host, as shown below.
$ rcp hostname:/some/dir/FILE
Simply omit the source portion when receiving files.
The scp(secure copy) command is used for copying files securely between two systems of a network. It is similar in functionality with the rcp command but implements secure authentication like the ssh command. You can copy both files and directories to remote machines using this handy command.
$ scp FILE username@remote-host:/some/dir
The above command copies FILE to the remote system’s /some/dir directory. If the remote host is listening to some other ssh port instead of 22, you can use the -P flag to specify that.
$ scp -P 2222 FILE username@remote-host:/some/dir
We encourage you to check the man page of scp for exploring additional options and their use cases.
The rsync utility is used to transfer and synchronize files efficiently between two systems connected via a network. Sysadmins often use it to transfer files from external NAS servers to their local machine. It is a very high-speed and reliable tool for copying files to and from remote computers.
$ rsync -zvh backup.tar /tmp/backups/
The above command synchronizes a file called backup.tar to the temporary directory. It uses the -z option to compress the file data, -v to get verbose output, and -h to get human-readable output. It also allows access via remote shell and the rsync daemon. Consult the man page to learn their usage.
The Linux socat tool is used for establishing two bi-directional byte streams and allows to transfer data between them very efficiently. The socat command is one of the most versatile Linux network commands and has quite diverse use cases.
$ socat SYSTEM:date STDIO
This command takes the current system date and prints it to the standard input.
$ socat - TCP:localhost:www,crnl
The above command opens a web server connection to the localhost and fetches a page to the terminal. Notice how the port number has been passed as a service name. This is a very robust command and supports many short forms. So, check out their man page to master them effectively.
The sftp command is used for accessing, transferring, and managing files using the secure file transfer protocol. Basically, it allows admins to use FTP over a secure shell. If you can use ssh and ftp commands, then using sftp will be very easy.
$ sftp user@hostname
This command opens a secure connection and starts the FTP prompt. It establishes the connection on the default ssh port(22). Since many sysadmins use custom port numbers for ssh in order to avert malicious users, you need to pass that port number for connecting to such systems.
$ sftp -oPort=CUSTOM-PORT user@hostnameems
Read the man page to explore all possible options and their usage.
The sshfs command is arguably among the most useful Linux network commands for mounting remote filesystems. This command has a basic syntax but can prove to be a versatile asset for modern sysadmins.
$ sshfs user@hostname:/some/dir /mountpoint
The above command mounts the remote filesystem to the specified mount point. Note that the mount point must be owned by the user for this command to work. The remote filesystem will be automatically unmounted when you close the connection. You can make it permanent by editing the /etc/fstab file.
Network Commands for Administrating Network Policies
Admins can set up different policies for their Linux machines and networks quite easily with some powerful Linux network commands. Some of these tasks include but not limited to setting up device drivers, configuring routing policies, managing tunnels, and so on. In this section, we take a closer look at some of the commands that facilitates these jobs.
The hostname command is a handy utility that allows admins to get or set hostname or DNS domain names. It is often used to set up dynamic hosts or get information on a specific host. Simply typing hostname in the terminal will show your current hostname.
The next command will replace your current hostname with NEW_HOST_NAME.
$ hostname NEW_HOST_NAME
The -i flag can be used to get the current IP address of your hostname.
$ hostname -i
There are more options you can use with this command. Consult the man page for detailed information on them.
The Linux iptables command is, without any doubt, one of the most used Linux network commands for sysadmins. The iptables program is a user-space utility program that allows admins to configure the iptable chains and set up firewalls. It is a de-facto tool for preventing unauthorized or malicious traffics to your network.
$ sudo iptables -L -n -v
The above command will print out the current iptables rules used by your system. The next command shows you how to block all incoming requests from a specific IP.
$ sudo iptables -A INPUT -s xxx.xxx.xxx.xxx -j DROP
There’s a plethora of possible iptables command, and you can find comprehensive details in this post.
You can use the route command to view and manipulate the IP routing table of your system. It allows admins to easily edit the kernel routing tables and set up desired functionalities. This command is also available in Microsoft Windows systems and is thus used very extensively.
$ sudo route -n
This command will list the current IP routing table. The next command shows you how to add a default gateway for your machine.
$ sudo route add default gw xxx.xxx.xxx.xxx
You can verify the new gateway using the earlier command. Check out the manual page for a comprehensive list of all available options.
The dig command allows admins to query the Domain Name System (DNS) for network troubleshooting and other purposes. Dig utilizes the default DNS resolver of your Linux machine and supports Internationalized domain name (IDN) queries. The below example demonstrates how easily dig provides DNS record information for a host.
$ dig example.com
Use the +short option for getting a concise output.
$ dig example.com +short
You can also query different types of DNS resource records using MX.
$ dig example.com MX
Read the man page for understanding all possible use cases and available options.
The ip command allows Linux users to quickly leverage the IP utility for manipulating the routing, devices, policy routing, and tunnels. It’s a very dynamic tool and offers numerous robust options. The below example demonstrates how to display the IP addresses of all network interfaces using this tool.
$ ip addr
You can use the short form a, instead of addr. The next command shows you how to get information for only the currently running interfaces.
$ ip link ls up
The next example shows how to assign IP addresses to a specific interface.
$ ip a add 192.168.1.XXX/24 dev eth0
This command supports a wide array of additional options. So, don’t forget to check the man page.
The nslookup utility is a powerful command-line tool that allows sysadmins to obtain domain name or IP address mapping by querying the Domain Name System. It’s available in most Unix-like systems alongside Windows and ReactOS. The below command shows the primary usage.
$ nslookup example.com
It provides information like the domain name and IP address of the host. The next commands show all the available DNS records.
$ nslookup -type=any example.com
The following command will for an MX record for the specified host.
$ nslookup -type=mx google.com
Linux Commands for Network Diagnosis and Troubleshooting
Effectively diagnosing networks is of greater concern for most sysadmins. We list some useful commands for this purpose in the following section.
The netstat utility shows the network connections for the TCP protocol, routing tables, network interface statistics, masquerade connections, and multicast memberships. It’s one of the most widely used commands for network diagnosis.
$ netstat -a | more
The above command display all network socket irrespective of their current state. Use the next command to only display TCP ports.
$ netstat -at
Replace t with u if you want to list the UDP ports. The following command will display only the listening ports.
$ netstat -l
Append t or u after -l if you want to list only the listening TCP/UDP ports. Check the man page for all available options.
In Unix-like operating systems, the ping command is frequently used to determine the reachability of a host on an Internet Protocol network. This is a universal networking command available in virtually any system. The next example shows the primary usage of ping.
$ ping example.com
This will continue to send packets to the host until you terminate it manually. Use the -c option to specify the number of packets.
$ ping -c 5 example.com
You can also determine the size of the packets using the -s flag.
$ ping -s 40 -i 2 -c 5 example.com
the -i option is used for changing the time interval from the default 1 to 2 seconds.
The traceroute command is usually used for displaying the route and measuring transit delays of packets across the network. It’s a handy tool for modern system admins and offers many essential insights. You can quickly determine the path a packet takes from its source to its destination. It is also beneficial for determining data loss.
$ traceroute -4 10 example.com
The -4 is used to specify that you are using IPv4. Replace 4 with 6 for IPv6 packets.
$ traceroute -g xxx.xxx.xxx.xxx example.com
The above command routes the packets through the specified gateway. Check the man page for all available options.
The iftop utility is one of the most useful Linux network commands that provide real-time feedback for different network parameters such as bandwidth usage. If you’ve used top or htop, iftop will feel quite similar to them. This tool can prove to be a viable asset to modern-day Linux users due to its immense usefulness.
$ sudo iftop
Running this command as sudo will provide you with the current bandwidth usages by your network interfaces. You can specify which interface to monitor by giving the -i flag.
$ sudo iftop -i wlp2s0
It will show information about the wireless interface only. There’re plenty of other options available.
The nload utility is another command-line tool for monitoring your network bandwidth. It features some advantageous abilities, such as displaying the total amount of transferred data and min/max bandwidth usage. Directly invoking nload without any arguments will show the bandwidth usage of each available interface.
Use the devices options to specify a particular interface, as shown in the below example.
$ nload devices wlp1s0
You can also use the -t flag to set the refresh interval of the display in milliseconds.
$ nload devices wlp1s0 -t 400
The ss command provides useful information related to network sockets. It can display much detailed information when compared to other Linux monitoring tools like netstat. Directly calling ss from the terminal presents a vast list of all the connections regardless of their state.
$ ss -l
You can specify to list only the listening sockets by using the -l flag. The -t flag is used to show only TCP connections.
$ ss -lt
Use the -p flag to get the process id of the active sockets, as shown below.
$ ss -p
You can find more available options in their man page.
The whois utility is a widely used Linux tool for obtaining both domain and IP related information about a network. It works as a client for the whois protocol and provides information by querying the whois databases for network resources.
$ whois example.com
The above command will print out detailed network resource information about the specified host. Since this command provides a lot of information, you can use grep for getting specific data.
$ whois example.com | grep -i "Domain ID"
The above command will output the lines that contain the Domain ID of the specified host. You can also use it for additional information like name servers and domain status.
Network Commands for Analyzing Resources
Analyzing network packets is extremely important for both sysadmins and penetration testers alike. In this section, we go over some fundamental Linux commands that allow doing this efficiently.
The de-facto command-line packet analyzer for Linux is tcpdump. It can display the transmission of TCP packets over the network very effectively. It is commonly used for capturing and analyzing network traffics due to its universal availability.
$ sudo tcpdump -D
The above command displays which interfaces are available for capturing TCP packets. You can easily capture packets from a specific interface by the following command.
$ sudo tcpdump -i eth0
This will only capture packets transmitted through the default ethernet interface. Check out the man page to explore all possible options.
The dhclient utility is a robust DHCP (Dynamic Host Configuration Protocol) client. It is frequently used to analyze a client’s IP address, subnet mask, default gateway, and DNS server information. It also allows admins to release the IP address of a specific network interface and obtain new ones.
$ sudo dhclient eth0
The above command will renew the dynamically-assigned IP address of the ethernet interface eth0.
The dstat utility is an extremely rewarding command-line tool for generating system resource statistics in Linux. It offers numerous robust functionalities and can be easily extended using the Python programming language. It is a worthy replacement of the legacy vmstat utility.
Running this command without any options provides a real-time display of system resource statistics. The next command outputs the CPU usage, the process using the most CPU, and process consuming the most RAM.
$ dstat -c --top-cpu --top-mem
Consult its man page for more available options.
The Wireshark utility is among the most feature-rich packet analyzers. Its abilities surpass tcpdump by a considerable margin and is widely used in forensic. You can easily install it using your package manager. The command-line package is called tshark.
$ sudo tshark -D
This will list all available interfaces that can be used for capturing network traffic. The next command shows how to capture data using the ethernet interface eth0.
$ sudo tshark -i eth0
The hping3 command is used for invoking the hping utility. It is a powerful, modern-day packet analyzer that can capture and analyze/assemble TCP packets very efficiently. It is available on most Unix systems, including Linux and BSD.
# sudo hping3
It will start the interactive hping3 session where you can type in commands. The next command captures TCP traffic from the eth0 interface.
> hping recv eth0
You can also use hping outside its interactive shell. Consult the man page to learn how to do this.