Overview
We provide examples of various Linux network command line tools for testing and exploring a network.
Notes:
- A line that start with a "$" denotes a command line entry in a user shell / terminal.
- '#' can denote two things: root shell or comment. If a line starts with '$', then '#' and what follows is a comment.
- Most examples will work equally well on an Ubuntu desktop or an embedded Linux system built with Yocto (assuming the right packages are installed).
- Most commands have many options. Refer to the man pages for more information.
dhclient
If you want to see how or where your Linux box is getting its IP address (using DHCP), then run dhclient with elevated privileges. dhclient also comes in handy when bringing back up a network interface, so it can get it's dynamic IP address.
$ sudo dhclient -v ... DHCPDISCOVER on enp2s0 to 255.255.255.255 port 67 interval 3 DHCPREQUEST of <host> on enp2s0 to 255.255.255.255 port 67 DHCPOFFER of <host> from <server> DHCPACK of <host> from <server> ...
nmap Network Scanner
nmap is an easy to use tool for determining the ports that are open on a particular machine and can be targeted at both local and remote machines (depending on firewall configuration).
# On Ubuntu, install it with apt $ sudo apt install nmap $ nmap -v -A <host> ... Scanning <host> [1000 ports] Discovered open port 80/tcp on <host> Discovered open port 23/tcp on <host> Discovered open port 445/tcp on <host> Discovered open port 139/tcp on <host> Discovered open port 111/tcp on <host> Discovered open port 22/tcp on <host> Discovered open port 2049/tcp on <host> Discovered open port 7/tcp on <host> ... PORT STATE SERVICE VERSION 7/tcp open echo ... 23/tcp open telnet Linux telnetd ... # Ouch!, what is telnet doing open?
Keep in mind that Linux maintains a resource file of commonly used port addresses:
$ grep http /etc/services ... http 80/tcp www # WorldWideWeb HTTP https 443/tcp # http protocol over TLS/SSL http-alt 8080/tcp webcache # WWW caching service http-alt 8080/udp
Query a DNS Server with nslookup
Use nslookup to query a Domain Name Server for the IP address of a particular domain.
$ nslookup google.com Server: 127.0.0.53 Address: 127.0.0.53#53 Non-authoritative answer: Name: google.com Address: 172.217.10.142 Name: google.com Address: 2607:f8b0:4006:811::200e
In this case, we see both an IPv4 and IPv6 address. Also, the "127.0.0.53" address is that of our DNS server that we queried. This can be changed by specifying the DNS as a second argument, as shown next:
$ nslookup google.com ns1.google.com Server: ns1.google.com Address: 216.239.32.10#53 Name: google.com Address: 172.217.12.206 Name: google.com Address: 2607:f8b0:4006:81b::200e
Note that host is another common command line utility for performing DNS queries.
Add a route
Add a route to see a camera on a remote subnet. 192.168.3.200 is the host interface on a multi-homed Linux machine that is the gateway to the 192.168.6.0/24 subnet.
$ sudo ip route add 192.168.6.164 via 192.168.3.200
Change the default route
Changing the default route can sometimes be necessary on a multi-homed machine where the Ethernet interfaces are dynamic and not always up.
# route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default 192.168.3.1 0.0.0.0 UG 0 0 0 eth2 192.168.0.0 * 255.255.255.0 U 0 0 0 eth0 192.168.3.0 * 255.255.255.0 U 0 0 0 eth2 192.168.5.0 * 255.255.255.0 U 0 0 0 wlan0 192.168.6.0 * 255.255.255.0 U 0 0 0 eth1 # ifconfig eth0 Link encap:Ethernet HWaddr 4D:69:6E:64:20:48 inet addr:192.168.0.102 Bcast:192.168.0.255 Mask:255.255.255.0 ... # ip route change default via 192.168.0.102 dev eth0 # route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default 192.168.0.102 0.0.0.0 UG 0 0 0 eth0 192.168.0.0 * 255.255.255.0 U 0 0 0 eth0 192.168.3.0 * 255.255.255.0 U 0 0 0 eth2 192.168.5.0 * 255.255.255.0 U 0 0 0 wlan0 192.168.6.0 * 255.255.255.0 U 0 0 0 eth1
tcpdump
Use tcpdump for a quick & easy way to see the packets going in and out of your Linux box. In the example below, we run tcpdump in one shell and execute wget example.com in another:
$ sudo tcpdump -i <interface> -vvvSXN port 80 ... GET / HTTP/1.1 User-Agent: Wget/1.19.4 (linux-gnu) Accept: */* Accept-Encoding: identity Host: example.com Connection: Keep-Alive 0x0000: 4500 00be 23d1 4000 4006 1cc2 c0a8 0324 E...#.@.@......$ 0x0010: 5db8 d822 dd3e 0050 6da0 08ca af79 fedd ]..".>.Pm....y.. 0x0020: 8018 00e5 aa0b 0000 0101 080a 02c2 d7ce ................ 0x0030: f505 5c25 4745 5420 2f20 4854 5450 2f31 ..\%GET./.HTTP/1 0x0040: 2e31 0d0a 5573 6572 2d41 6765 6e74 3a20 .1..User-Agent:. 0x0050: 5767 6574 2f31 2e31 392e 3420 286c 696e Wget/1.19.4.(lin 0x0060: 7578 2d67 6e75 290d 0a41 6363 6570 743a ux-gnu)..Accept: 0x0070: 202a 2f2a 0d0a 4163 6365 7074 2d45 6e63 .*/*..Accept-Enc 0x0080: 6f64 696e 673a 2069 6465 6e74 6974 790d oding:.identity. 0x0090: 0a48 6f73 743a 2065 7861 6d70 6c65 2e63 .Host:.example.c 0x00a0: 6f6d 0d0a 436f 6e6e 6563 7469 6f6e 3a20 om..Connection:. 0x00b0: 4b65 6570 2d41 6c69 7665 0d0a 0d0a Keep-Alive.... ...
Traceroute
traceroute is a useful tool for determining the route that a packet takes across a network, including the Internet. It does this manipuation of the TTL field in an IP packet. For IPv6, there is traceroute6.
$ traceroute yahoo.com traceroute to yahoo.com (98.138.219.231), 30 hops max, 60 byte packets 1 148.72.160.2 (148.72.160.2) 3.946 ms 4.160 ms 4.130 ms 2 ae1.cr-rigel.stl1.bb.godaddy.com (207.38.95.9) 0.419 ms 0.419 ms 0.403 ms 3 lag-101.bear2.StLouis1.Level3.net (4.35.182.57) 1833.655 ms 1833.916 ms 0.523 ms 4 * * * 5 YAHOO-INC.ear2.Chicago2.Level3.net (4.15.84.226) 6.875 ms 6.831 ms 6.835 ms 6 ae-7.pat2.nez.yahoo.com (216.115.104.126) 20.624 ms ae-5.pat1.nez.yahoo.com (216.115.96.76) 18.713 ms ae-7.pat2.nez.yahoo.com (216.115.104.126) 20.704 ms 7 et-18-1-0.msr2.ne1.yahoo.com (216.115.105.185) 31.190 ms et-1-0-0.msr1.ne1.yahoo.com (216.115.105.29) 23.426 ms et-19-1-0.msr2.ne1.yahoo.com (216.115.105.181) 18.573 ms 8 et-1-1-0.clr2-a-gdc.ne1.yahoo.com (98.138.97.67) 16.629 ms et-0-0-0.clr1-a-gdc.ne1.yahoo.com (98.138.97.61) 23.921 ms et-19-1-0.clr2-a-gdc.ne1.yahoo.com (98.138.97.75) 18.547 ms 9 po254.bas1-1-flk.ne1.yahoo.com (98.138.0.85) 21.140 ms po255.bas2-1-flk.ne1.yahoo.com (98.138.0.99) 21.085 ms po254.bas2-1-flk.ne1.yahoo.com (98.138.0.87) 21.260 ms 10 media-router-fp1.prod1.media.vip.ne1.yahoo.com (98.138.219.231) 18.578 ms 18.445 ms 16.449 ms
$ traceroute6 yahoo.com traceroute to yahoo.com (2001:4998:44:41d::4), 30 hops max, 80 byte packets 1 2605:de00:1::2 (2605:de00:1::2) 0.265 ms 0.222 ms 0.195 ms 2 2605:de00:bb::32 (2605:de00:bb::32) 0.504 ms 0.312 ms 0.253 ms 3 lag-101.bear2.StLouis1.Level3.net (2001:1900:2100::4949) 362.501 ms 362.551 ms 0.560 ms 4 lo-0-v6.ear2.Chicago2.Level3.net (2001:1900::3:156) 5.811 ms 5.660 ms 5.632 ms 5 YAHOO-INC.ear2.Chicago2.Level3.net (2001:1900:2100::3746) 7.174 ms 6.620 ms 6.829 ms 6 ae-7.pat2.nez.yahoo.com (2001:4998:f000:205::) 23.219 ms 23.291 ms ae-5.pat1.nez.yahoo.com (2001:4998:f000:3::) 17.481 ms 7 2001:4998:f000:12::1 (2001:4998:f000:12::1) 27.759 ms 2001:4998:f000:210::1 (2001:4998:f000:210::1) 19.224 ms 2001:4998:f000:11::1 (2001:4998:f000:11::1) 20.740 ms 8 2001:4998:44:fe1c::1 (2001:4998:44:fe1c::1) 21.207 ms 2001:4998:44:fc1d::1 (2001:4998:44:fc1d::1) 18.703 ms 2001:4998:44:fc1c::1 (2001:4998:44:fc1c::1) 18.744 ms 9 2001:4998:44:fa12::1 (2001:4998:44:fa12::1) 23.508 ms 2001:4998:44:fa13::1 (2001:4998:44:fa13::1) 19.453 ms 2001:4998:44:fa12::1 (2001:4998:44:fa12::1) 21.701 ms 10 media-router-fp2.prod1.media.vip.ne1.yahoo.com (2001:4998:44:41d::4) 16.486 ms 18.640 ms 18.624 ms
$ ping6 2001:4998:44:41d::4 PING 2001:4998:44:41d::4(2001:4998:44:41d::4) 56 data bytes 64 bytes from 2001:4998:44:41d::4: icmp_seq=1 ttl=55 time=18.6 ms ...