Private Island Networks Inc.

Linux Command Line Tips for Networking

Various Notes and Examples for Using and Managing a Network from the Linux Command Line

Overview

We provide examples of various Linux network command line tools for testing and exploring a network.

Notes:

  • A line that start with a "$" denotes a command line entry in a user shell / terminal.
  • '#' can denote two things: root shell or comment. If a line starts with '$', then '#' and what follows is a comment.
  • Most examples will work equally well on an Ubuntu desktop or an embedded Linux system built with Yocto (assuming the right packages are installed).
  • Most commands have many options. Refer to the man pages for more information.

dhclient

If you want to see how or where your Linux box is getting its IP address (using DHCP), then run dhclient with elevated privileges. dhclient also comes in handy when bringing back up a network interface, so it can get it's dynamic IP address.

$ sudo dhclient -v

...
DHCPDISCOVER on enp2s0 to 255.255.255.255 port 67 interval 3 
DHCPREQUEST of <host> on enp2s0 to 255.255.255.255 port 67
DHCPOFFER of <host> from <server>
DHCPACK of <host> from <server>
...

nmap Network Scanner

nmap is an easy to use tool for determining the ports that are open on a particular machine and can be targeted at both local and remote machines (depending on firewall configuration).

# On Ubuntu, install it with apt
$ sudo apt install nmap

$ nmap -v -A <host>
...
Scanning <host> [1000 ports]
Discovered open port 80/tcp on <host>
Discovered open port 23/tcp on <host>
Discovered open port 445/tcp on <host>
Discovered open port 139/tcp on <host>
Discovered open port 111/tcp on <host>
Discovered open port 22/tcp on <host>
Discovered open port 2049/tcp on <host>
Discovered open port 7/tcp on <host>
...
PORT     STATE SERVICE     VERSION
7/tcp    open  echo
...
23/tcp   open  telnet      Linux telnetd
...

# Ouch!, what is telnet doing open?

Keep in mind that Linux maintains a resource file of commonly used port addresses:

$ grep http /etc/services
...
http		80/tcp		www		# WorldWideWeb HTTP
https		443/tcp				# http protocol over TLS/SSL
http-alt	8080/tcp	webcache	# WWW caching service
http-alt	8080/udp

Query a DNS Server with nslookup

Use nslookup to query a Domain Name Server for the IP address of a particular domain.

$ nslookup google.com
Server:		127.0.0.53
Address:	127.0.0.53#53

Non-authoritative answer:
Name:	google.com
Address: 172.217.10.142
Name:	google.com
Address: 2607:f8b0:4006:811::200e

In this case, we see both an IPv4 and IPv6 address. Also, the "127.0.0.53" address is that of our DNS server that we queried. This can be changed by specifying the DNS as a second argument, as shown next:

$ nslookup google.com ns1.google.com
Server:		ns1.google.com
Address:	216.239.32.10#53

Name:	google.com
Address: 172.217.12.206
Name:	google.com
Address: 2607:f8b0:4006:81b::200e

Note that host is another common command line utility for performing DNS queries.

Add a route

Add a route to see a camera on a remote subnet. 192.168.3.200 is the host interface on a multi-homed Linux machine that is the gateway to the 192.168.6.0/24 subnet.

$ sudo ip route add 192.168.6.164 via 192.168.3.200

Change the default route

Changing the default route can sometimes be necessary on a multi-homed machine where the Ethernet interfaces are dynamic and not always up.

# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         192.168.3.1     0.0.0.0         UG    0      0        0 eth2
192.168.0.0     *               255.255.255.0   U     0      0        0 eth0
192.168.3.0     *               255.255.255.0   U     0      0        0 eth2
192.168.5.0     *               255.255.255.0   U     0      0        0 wlan0
192.168.6.0     *               255.255.255.0   U     0      0        0 eth1

# ifconfig
eth0      Link encap:Ethernet  HWaddr 4D:69:6E:64:20:48  
          inet addr:192.168.0.102  Bcast:192.168.0.255  Mask:255.255.255.0
          ...

# ip route change default via 192.168.0.102 dev eth0

# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         192.168.0.102   0.0.0.0         UG    0      0        0 eth0
192.168.0.0     *               255.255.255.0   U     0      0        0 eth0
192.168.3.0     *               255.255.255.0   U     0      0        0 eth2
192.168.5.0     *               255.255.255.0   U     0      0        0 wlan0
192.168.6.0     *               255.255.255.0   U     0      0        0 eth1

tcpdump

Use tcpdump for a quick & easy way to see the packets going in and out of your Linux box. In the example below, we run tcpdump in one shell and execute wget example.com in another:

$ sudo tcpdump -i <interface> -vvvSXN port 80
...
	GET / HTTP/1.1
	User-Agent: Wget/1.19.4 (linux-gnu)
	Accept: */*
	Accept-Encoding: identity
	Host: example.com
	Connection: Keep-Alive
	
	0x0000:  4500 00be 23d1 4000 4006 1cc2 c0a8 0324  E...#.@.@......$
	0x0010:  5db8 d822 dd3e 0050 6da0 08ca af79 fedd  ]..".>.Pm....y..
	0x0020:  8018 00e5 aa0b 0000 0101 080a 02c2 d7ce  ................
	0x0030:  f505 5c25 4745 5420 2f20 4854 5450 2f31  ..\%GET./.HTTP/1
	0x0040:  2e31 0d0a 5573 6572 2d41 6765 6e74 3a20  .1..User-Agent:.
	0x0050:  5767 6574 2f31 2e31 392e 3420 286c 696e  Wget/1.19.4.(lin
	0x0060:  7578 2d67 6e75 290d 0a41 6363 6570 743a  ux-gnu)..Accept:
	0x0070:  202a 2f2a 0d0a 4163 6365 7074 2d45 6e63  .*/*..Accept-Enc
	0x0080:  6f64 696e 673a 2069 6465 6e74 6974 790d  oding:.identity.
	0x0090:  0a48 6f73 743a 2065 7861 6d70 6c65 2e63  .Host:.example.c
	0x00a0:  6f6d 0d0a 436f 6e6e 6563 7469 6f6e 3a20  om..Connection:.
	0x00b0:  4b65 6570 2d41 6c69 7665 0d0a 0d0a       Keep-Alive....
...

Traceroute

traceroute is a useful tool for determining the route that a packet takes across a network, including the Internet. It does this manipuation of the TTL field in an IP packet. For IPv6, there is traceroute6.

$ traceroute yahoo.com
traceroute to yahoo.com (98.138.219.231), 30 hops max, 60 byte packets
 1  148.72.160.2 (148.72.160.2)  3.946 ms  4.160 ms  4.130 ms
 2  ae1.cr-rigel.stl1.bb.godaddy.com (207.38.95.9)  0.419 ms  0.419 ms  0.403 ms
 3  lag-101.bear2.StLouis1.Level3.net (4.35.182.57)  1833.655 ms  1833.916 ms  0.523 ms
 4  * * *
 5  YAHOO-INC.ear2.Chicago2.Level3.net (4.15.84.226)  6.875 ms  6.831 ms  6.835 ms
 6  ae-7.pat2.nez.yahoo.com (216.115.104.126)  20.624 ms ae-5.pat1.nez.yahoo.com (216.115.96.76)  18.713 ms ae-7.pat2.nez.yahoo.com (216.115.104.126)  20.704 ms
 7  et-18-1-0.msr2.ne1.yahoo.com (216.115.105.185)  31.190 ms et-1-0-0.msr1.ne1.yahoo.com (216.115.105.29)  23.426 ms et-19-1-0.msr2.ne1.yahoo.com (216.115.105.181)  18.573 ms
 8  et-1-1-0.clr2-a-gdc.ne1.yahoo.com (98.138.97.67)  16.629 ms et-0-0-0.clr1-a-gdc.ne1.yahoo.com (98.138.97.61)  23.921 ms et-19-1-0.clr2-a-gdc.ne1.yahoo.com (98.138.97.75)  18.547 ms
 9  po254.bas1-1-flk.ne1.yahoo.com (98.138.0.85)  21.140 ms po255.bas2-1-flk.ne1.yahoo.com (98.138.0.99)  21.085 ms po254.bas2-1-flk.ne1.yahoo.com (98.138.0.87)  21.260 ms
10  media-router-fp1.prod1.media.vip.ne1.yahoo.com (98.138.219.231)  18.578 ms  18.445 ms  16.449 ms
$ traceroute6 yahoo.com
traceroute to yahoo.com (2001:4998:44:41d::4), 30 hops max, 80 byte packets
 1  2605:de00:1::2 (2605:de00:1::2)  0.265 ms  0.222 ms  0.195 ms
 2  2605:de00:bb::32 (2605:de00:bb::32)  0.504 ms  0.312 ms  0.253 ms
 3  lag-101.bear2.StLouis1.Level3.net (2001:1900:2100::4949)  362.501 ms  362.551 ms  0.560 ms
 4  lo-0-v6.ear2.Chicago2.Level3.net (2001:1900::3:156)  5.811 ms  5.660 ms  5.632 ms
 5  YAHOO-INC.ear2.Chicago2.Level3.net (2001:1900:2100::3746)  7.174 ms  6.620 ms  6.829 ms
 6  ae-7.pat2.nez.yahoo.com (2001:4998:f000:205::)  23.219 ms  23.291 ms ae-5.pat1.nez.yahoo.com (2001:4998:f000:3::)  17.481 ms
 7  2001:4998:f000:12::1 (2001:4998:f000:12::1)  27.759 ms 2001:4998:f000:210::1 (2001:4998:f000:210::1)  19.224 ms 2001:4998:f000:11::1 (2001:4998:f000:11::1)  20.740 ms
 8  2001:4998:44:fe1c::1 (2001:4998:44:fe1c::1)  21.207 ms 2001:4998:44:fc1d::1 (2001:4998:44:fc1d::1)  18.703 ms 2001:4998:44:fc1c::1 (2001:4998:44:fc1c::1)  18.744 ms
 9  2001:4998:44:fa12::1 (2001:4998:44:fa12::1)  23.508 ms 2001:4998:44:fa13::1 (2001:4998:44:fa13::1)  19.453 ms 2001:4998:44:fa12::1 (2001:4998:44:fa12::1)  21.701 ms
10  media-router-fp2.prod1.media.vip.ne1.yahoo.com (2001:4998:44:41d::4)  16.486 ms  18.640 ms  18.624 ms
$ ping6 2001:4998:44:41d::4
PING 2001:4998:44:41d::4(2001:4998:44:41d::4) 56 data bytes
64 bytes from 2001:4998:44:41d::4: icmp_seq=1 ttl=55 time=18.6 ms
...

Didn't find an answer to your question? Post your issue below or in our new FORUM, and we'll try our best to help you find a solution.

And please note that we update our site daily with new content related to our open source approach to network security and system design. If you would like to be notified about these changes, then please join our mailing list.

Related articles on this site:

share
subscribe to mailing list:

Please help us improve this article by adding your comment or question:

your email address will be kept private
authenticate with a 3rd party for enhanced features, such as image upload
previous month
next month
Su
Mo
Tu
Wd
Th
Fr
Sa
loading