Private Island Networks Inc.

Linux Command Line Tips for Networking

Various Notes and Examples for Using and Managing a Network from the Linux Command Line


We provide examples of various Linux network command line tools for testing and exploring a network.


  • A line that start with a "$" denotes a command line entry in a user shell / terminal.
  • '#' can denote two things: root shell or comment. If a line starts with '$', then '#' and what follows is a comment.
  • Most examples will work equally well on an Ubuntu desktop or an embedded Linux system built with Yocto (assuming the right packages are installed).
  • Most commands have many options. Refer to the man pages for more information.


If you want to see how or where your Linux box is getting its IP address (using DHCP), then run dhclient with elevated privileges. dhclient also comes in handy when bringing back up a network interface, so it can get it's dynamic IP address.

$ sudo dhclient -v

DHCPDISCOVER on enp2s0 to port 67 interval 3 
DHCPREQUEST of <host> on enp2s0 to port 67
DHCPOFFER of <host> from <server>
DHCPACK of <host> from <server>

nmap Network Scanner

nmap is an easy to use tool for determining the ports that are open on a particular machine and can be targeted at both local and remote machines (depending on firewall configuration).

# On Ubuntu, install it with apt
$ sudo apt install nmap

$ nmap -v -A <host>
Scanning <host> [1000 ports]
Discovered open port 80/tcp on <host>
Discovered open port 23/tcp on <host>
Discovered open port 445/tcp on <host>
Discovered open port 139/tcp on <host>
Discovered open port 111/tcp on <host>
Discovered open port 22/tcp on <host>
Discovered open port 2049/tcp on <host>
Discovered open port 7/tcp on <host>
7/tcp    open  echo
23/tcp   open  telnet      Linux telnetd

# Ouch!, what is telnet doing open?

Keep in mind that Linux maintains a resource file of commonly used port addresses:

$ grep http /etc/services
http		80/tcp		www		# WorldWideWeb HTTP
https		443/tcp				# http protocol over TLS/SSL
http-alt	8080/tcp	webcache	# WWW caching service
http-alt	8080/udp

Query a DNS Server with nslookup

Use nslookup to query a Domain Name Server for the IP address of a particular domain.

$ nslookup

Non-authoritative answer:
Address: 2607:f8b0:4006:811::200e

In this case, we see both an IPv4 and IPv6 address. Also, the "" address is that of our DNS server that we queried. This can be changed by specifying the DNS as a second argument, as shown next:

$ nslookup

Address: 2607:f8b0:4006:81b::200e

Note that host is another common command line utility for performing DNS queries.

Add a route

Add a route to see a camera on a remote subnet. is the host interface on a multi-homed Linux machine that is the gateway to the subnet.

$ sudo ip route add via

Change the default route

Changing the default route can sometimes be necessary on a multi-homed machine where the Ethernet interfaces are dynamic and not always up.

# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         UG    0      0        0 eth2     *        U     0      0        0 eth0     *        U     0      0        0 eth2     *        U     0      0        0 wlan0     *        U     0      0        0 eth1

# ifconfig
eth0      Link encap:Ethernet  HWaddr 4D:69:6E:64:20:48  
          inet addr:  Bcast:  Mask:

# ip route change default via dev eth0

# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         UG    0      0        0 eth0     *        U     0      0        0 eth0     *        U     0      0        0 eth2     *        U     0      0        0 wlan0     *        U     0      0        0 eth1


Use tcpdump for a quick & easy way to see the packets going in and out of your Linux box. In the example below, we run tcpdump in one shell and execute wget in another:

$ sudo tcpdump -i <interface> -vvvSXN port 80
	GET / HTTP/1.1
	User-Agent: Wget/1.19.4 (linux-gnu)
	Accept: */*
	Accept-Encoding: identity
	Connection: Keep-Alive
	0x0000:  4500 00be 23d1 4000 4006 1cc2 c0a8 0324  E...#.@.@......$
	0x0010:  5db8 d822 dd3e 0050 6da0 08ca af79 fedd  ]..".>.Pm....y..
	0x0020:  8018 00e5 aa0b 0000 0101 080a 02c2 d7ce  ................
	0x0030:  f505 5c25 4745 5420 2f20 4854 5450 2f31  ..\%GET./.HTTP/1
	0x0040:  2e31 0d0a 5573 6572 2d41 6765 6e74 3a20  .1..User-Agent:.
	0x0050:  5767 6574 2f31 2e31 392e 3420 286c 696e  Wget/1.19.4.(lin
	0x0060:  7578 2d67 6e75 290d 0a41 6363 6570 743a  ux-gnu)..Accept:
	0x0070:  202a 2f2a 0d0a 4163 6365 7074 2d45 6e63  .*/*..Accept-Enc
	0x0080:  6f64 696e 673a 2069 6465 6e74 6974 790d  oding:.identity.
	0x0090:  0a48 6f73 743a 2065 7861 6d70 6c65 2e63  .Host:.example.c
	0x00a0:  6f6d 0d0a 436f 6e6e 6563 7469 6f6e 3a20  om..Connection:.
	0x00b0:  4b65 6570 2d41 6c69 7665 0d0a 0d0a       Keep-Alive....


traceroute is a useful tool for determining the route that a packet takes across a network, including the Internet. It does this manipuation of the TTL field in an IP packet. For IPv6, there is traceroute6.

$ traceroute
traceroute to (, 30 hops max, 60 byte packets
 1 (  3.946 ms  4.160 ms  4.130 ms
 2 (  0.419 ms  0.419 ms  0.403 ms
 3 (  1833.655 ms  1833.916 ms  0.523 ms
 4  * * *
 5 (  6.875 ms  6.831 ms  6.835 ms
 6 (  20.624 ms (  18.713 ms (  20.704 ms
 7 (  31.190 ms (  23.426 ms (  18.573 ms
 8 (  16.629 ms (  23.921 ms (  18.547 ms
 9 (  21.140 ms (  21.085 ms (  21.260 ms
10 (  18.578 ms  18.445 ms  16.449 ms
$ traceroute6
traceroute to (2001:4998:44:41d::4), 30 hops max, 80 byte packets
 1  2605:de00:1::2 (2605:de00:1::2)  0.265 ms  0.222 ms  0.195 ms
 2  2605:de00:bb::32 (2605:de00:bb::32)  0.504 ms  0.312 ms  0.253 ms
 3 (2001:1900:2100::4949)  362.501 ms  362.551 ms  0.560 ms
 4 (2001:1900::3:156)  5.811 ms  5.660 ms  5.632 ms
 5 (2001:1900:2100::3746)  7.174 ms  6.620 ms  6.829 ms
 6 (2001:4998:f000:205::)  23.219 ms  23.291 ms (2001:4998:f000:3::)  17.481 ms
 7  2001:4998:f000:12::1 (2001:4998:f000:12::1)  27.759 ms 2001:4998:f000:210::1 (2001:4998:f000:210::1)  19.224 ms 2001:4998:f000:11::1 (2001:4998:f000:11::1)  20.740 ms
 8  2001:4998:44:fe1c::1 (2001:4998:44:fe1c::1)  21.207 ms 2001:4998:44:fc1d::1 (2001:4998:44:fc1d::1)  18.703 ms 2001:4998:44:fc1c::1 (2001:4998:44:fc1c::1)  18.744 ms
 9  2001:4998:44:fa12::1 (2001:4998:44:fa12::1)  23.508 ms 2001:4998:44:fa13::1 (2001:4998:44:fa13::1)  19.453 ms 2001:4998:44:fa12::1 (2001:4998:44:fa12::1)  21.701 ms
10 (2001:4998:44:41d::4)  16.486 ms  18.640 ms  18.624 ms
$ ping6 2001:4998:44:41d::4
PING 2001:4998:44:41d::4(2001:4998:44:41d::4) 56 data bytes
64 bytes from 2001:4998:44:41d::4: icmp_seq=1 ttl=55 time=18.6 ms

Didn't find an answer to your question? Post your issue below or in our new FORUM, and we'll try our best to help you find a solution.

And please note that we update our site daily with new content related to our open source approach to network security and system design. If you would like to be notified about these changes, then please join our mailing list.

Related articles on this site:

subscribe to mailing list:

Please help us improve this article by adding your comment or question:

your email address will be kept private
authenticate with a 3rd party for enhanced features, such as image upload
previous month
next month