14 Useful Linux Networking Commands
Geekflare is supported by our audience. We may earn affiliate commissions from buying links on this site.
Configuring, monitoring, and securing networks form an essential part of a Sysadmin’s job. When it comes to managing Linux networks, there are many commands and utilities available.
At times networked systems fail. You as an administrator are required to diagnose and resolve issues. Monitoring helps in detecting problems and fixing them before things get out of hand. Monitoring for security and performance also forms an essential part of an admin’s activities.
Here we discuss some commonly used commands to manage Linux networks.
The iproute2 package includes the IP command which is used for network and routing configuration. This replaces the traditional ifconfig and route commands.
ip takes a second argument that specifies the object on which you wish to execute a command and an action like add, delete, or show.
ip link
ip link is for configuring, adding, and deleting network interfaces. Use ip link show command to display all network interfaces on the system :
You can see the man page for ip link with:
ip address
Use ip address command to display addresses, bind new address or delete old ones. The man page ip address command is named as ip-address.
For example, the following command shows the IP address assigned to the network interface enp0s8:
ip route
Use the IP route to print or display the routing table. The following command displays the contents of the routing table:
While Nmap had been used in many movies, The Matrix Reloaded ( Wikipedia , IMDB , Amazon ) turned Nmap into a movie star!.
Nmap (“Network Mapper”) is a powerful utility used for network discovery, security auditing, and administration. Many system admins use it to determine which of their systems are online, and also for OS detection and service detection.
The default Nmap scan shows the ports, their state (open/closed), and protocols. It sends a packet to 1000 most common ports and checks for the response.
To check which hosts on your network are up:
Use -O flag to identify which operating system a host is running.
A word of caution: Nobody appreciates their systems being scanned over the internet. So before you do so, seek permission.
You can also use Nmap on Windows, check out this installation guide.
Use ping to see if a host is alive. This super simple command helps you check the status of a host or a network segment. Ping command sends an ICMP ECHO_REQUEST packet to the target host and waits to see if it replies.
However, some hosts block ICMP echo requests with a firewall. Some sites on the internet may also do the same.
By default, ping runs in an infinite loop. To send a defined number of packets, use -c flag.
With -o flag ping exits successfully after receiving one reply packet.
You can use -n flag to avoid reverse DNS lookups. The ICMP sequence number is particularly important. A Break in sequence numbers indicates lost packets.
A failed ping could be due to
- network failure
- host being not alive
- firewall blocking ICMP ECHO requests
You can also perform an online ping test to check the connectivity from different parts of the world.
iPerf
While ping verifies the availability of a host, iPerf helps analyze and measure network performance between two hosts. With iPerf, you open a connection between two hosts and send some data. iPerf then shows the bandwidth available between the two hosts.
You can install an iPerf using your distribution package manager. For example on Ubuntu-based distributions you can install like this:
Once you have installed iPerf on both the machines, start the iPerf server on one of them. The following example starts the iPerf server on a host with IP address 10.0.0.51.
On the second machine start iPerf with the -c flag. This connects with the server and sends some data.
iPerf returns with the bandwidth results in a few seconds.
traceroute
If ping shows missing packets, you should use traceroute to see what route the packets are taking. Traceroute shows the sequence of gateways through which the packets travel to reach their destination. For example, traceroute from my machine to google.com shows the following:
Line 4 in this output shows a * in the round trip times. This indicates no response was received. This can be due to many reasons – as the traceroute ICMP packets are low-priority, these may be dropped by a router. Or there could be simply congestion. If you see a * in all the time fields for a given gateway, then possibly the gateway is down.
Many web-based route tracing tools allow you to do a reverse traceroute, that is, from a website to your host. You can check these at traceroute.org or Geekflare Traceroute.
tcpdump
tcpdump is a packet sniffing tool and can be of great help when resolving network issues. It listens to the network traffic and prints packet information based on the criteria you define.
For example, you can examine all packets sent to or from a particular host, Ubuntu18 in this example:
By default, tcpdump resolves IP addresses to hostnames. Use -n flag, if you do not want tcpdump to perform name lookups.
tcpdump output prints one line for each packet. Use -c flag to limit output, 5 in the example above.
tcpdump is useful for solving network problems and also identifying potential problems. It is a good idea to run a tcpdump on your network occasionally to verify everything is in order.
netstat
Netstat command is used to examine network connections, routing tables, and various network settings and statistics.
Use -i flag to list the network interfaces on your system.
Here is an example:
Using -r flag will display the routing table. This shows the path configured for sending network packets.
An asterisk in the last two lines indicates that no gateway is required to send packets to any host on these networks. This host is directly connected to the networks 10.0.0.0 and 10.0.2.0.
In the first line, the destination is the default, which means any packet destined for a network not listed in this table is handled by the router 10.0.2,2.
netstat command without any options displays a list of open sockets. Use -l flag to show only listening sockets, which by default, are not shown. You can use -a flag to show listening and non-listening sockets. Here is an example:
More Netstat command example here
Linux installations have a lot of services running by default. These should be disabled or preferably removed, as this helps in reducing the attack surface. You can see what services are running with the netstat command. While netstat is still available, most Linux distributions are transitioning to ss command.
use ss command with -t and -a flags to list all TCP sockets. This displays both listening and non-listening sockets.
To display only TCP connections with state established:
ssh enables you to connect securely with remote hosts over the internet. Earlier rlogin and telnet were used to connect to and administer remote hosts. However, both suffer from a fundamental flaw, that is, they send all information including login names and passwords in cleartext.
ssh enables secure communication over the internet with the following two features :
- It confirms that the remote host is, who it says it is.
- It encrypts all communication between the hosts.
To connect to a remote host you need to have an OpenSSH server running on the remote host. You can install it using your distribution package manager. For example on Ubuntu you can install it like this:
Here is an example showing how you can connect to the remote host 10.0.0.50 using the ssh command:
You get a message saying that the authenticity of the host 10.0.0.50 cannot be established, this is because it’s the first time a connection is being made with 10.0.0.50 (server) and the ssh client has never seen this remote host before. Enter yes to continue connecting. Once the connection has been established, you are prompted for a password:
After you enter the correct password, you are logged into the remote host.
You can exit this remote shell with the exit command.
Also, you can easily execute a single command on the remote host using ssh. For example, to run df -h on the remote host:
scp and sftp
scp (secure copy) is very similar to cp command for copying files, with an addition – you can include remote hostnames in the source or destination pathnames. The hostname and the directory path are separated by a colon. This enables you to copy files securely over the network in an encrypted form. The following command copies a.txt from the local machine to 10.0.0.50 :
sftp (secure ftp) is also a file copy program similar to ftp . However, it uses an SSH encrypted tunnel to copy files, instead of sending everything in cleartext. Also, you do not need an FTP server running on the remote host. You only need an ssh server. Here is an example session:
Ifconfig
Mostly we use ifconfig command to check the IP address assigned to the system.
dig (Domain Information Groper) is a flexible tool for interrogating DNS name servers.
It performs DNS lookups and displays the answers that are returned from the name servers.
telnet
telnet connect destination’s host and port via a telnet protocol if a connection establishes means connectivity between two hosts is working fine.
nslookup
nslookup is a program to query domain name servers and resolving IP.
Summary
Networking in Linux is a vast subject, with a large number of commands and utilities. In this article, we have discussed some commonly used commands which hopefully, will help you in managing and securing your network.
Источник
16 Linux server monitoring commands you really need to know
Want to know what’s really going on with your server? Then you need to know these essential commands. Once you’ve learned them, you’ll be well on your way to being an expert Linux system administrator.
Sure, you can use a GUI program to pull up much of the information that these shell commands can give you, depending on the Linux distribution. SUSE Linux Enterprise Server and openSUSE, for example, have an excellent graphical configuration and management tool, YaST. And there are universal tools, such as Webmin and cPanel, which can be used on any Linux server.
However, it’s a Linux administrator truism that you should run a GUI on a server only when you absolutely must. That’s because Linux GUIs take up system resources that could be better used elsewhere. So, while using a GUI program is fine for basic server health checkups, if you want to know what’s really happening, turn off the GUI and use these tools from the Linux command shell.
This also means you should start a GUI on a server only when it’s required; don’t leave it running. For optimum performance, a Linux server should run at runlevel 3, which fully supports networking and multiple users but doesn’t start the GUI when the machine boots. If you really need a graphical desktop, you can always get one by running startx from a shell prompt.
If your server starts by booting into a graphical desktop, you need to change this. To do so, head to a terminal window, su to the root user, and use your favorite editor on /etc/inittab.
Once there, find the initdefault line and change it from:
If there is no inittab file, create it and add the id:3 line. Save and exit. The next time you boot into your server, it will boot into runlevel 3. If you don’t want to reboot after this change, you can also set your server’s run level immediately with the command:
Once your server is running at init 3, you can start using the following shell programs to see what’s happening inside your server.
iostat
The iostat command shows in detail what your storage subsystem is up to. You usually use iostat to monitor how well your storage subsystems are working in general and to spot slow I/O problems before your clients notice that the server is running slowly. Trust me, you want to spot these problems before your users do!
meminfo and free
Meminfo gives you a detailed list of what’s going on in memory. Typically you access meminfo ’s data by using another program such as cat or grep . For example,
gives you the details of what’s going on in your server’s memory at any given moment.
For a quick “just the facts” look at memory, you can use the free command. In short, free gives you the overview; meminfo gives you the details.
mpstat
The mpstat command reports on the activities of each of the available CPUs on a multi-processor server. These days, thanks to multi-core processors, that’s almost all servers. Mpstat also reports on the average activities of all your server’s CPUs. It enables you to display overall CPU statistics per system or per processor. This overview can alert you to possible application problems before they get to the point of annoying users.
Keep up with the latest in IT-driven business innovation with our weekly newsletter.
netstat
Netstat , like ps , is a Linux tool that administrators use every day. It displays a lot of network-related information, such as socket usage, routing, interface, protocol, network statistics, and more. Some of the most commonly used options are:
Nmon , short for Nigel’s Monitor, is a popular open-source tool to monitor Linux system performance. Nmon watches the performance information for several subsystems, such as processor utilization, memory utilization, run queue information, disk I/O statistics, network I/O statistics, paging activity, and process metrics. You can then view nmon ’s real-time system measurements via its curses «graphical» interface.
To run nmon , you start the tool from the shell. Once up, you select the subsystems to monitor by typing in its one-key commands. For example, to get CPU, memory, and disk statistics, you type c , m , and d . You can also use nmon with the -f flag to save performance statistics to a CSV file for later analysis.
For day-to-day server monitoring, I find nmon to be the single most useful program in my Linux system management toolkit.
The https://linux.die.net/man/1/pmap command reports the amount of memory that your server’s processes are using. You can use this tool to determine which processes on the server are being allocated memory and whether any of these processes are being piggy with RAM.
ps and pstree
The ps and pstree commands are two of the Linux administrator’s best friends. They both provide a list of all currently running processes. The ps command tells you how much memory and processor time the server’s programs are using; pstree shows less information but highlights which processes are the children of other processes. Armed with this information, you can spot out-of-control processes and kill them off with Linux’s «take no prisoners» kill command.
The sar program is the Swiss Army knife of system monitoring tools. The sar command is actually made up of three separate programs: sar , which displays the data, and sa1 and sa2 , which collect and store it. Once installed, sar creates a detailed overview of CPU utilization, memory paging, network I/O and transfer statistics, process creation activity, and storage device activity. The big difference between sar and nmon is that the former is better at long-term system monitoring; I find nmon to be better at giving me a quick read on my server’s status.
strace
Strace is often thought of as a programmer’s debugging tool, but it’s more than that. It intercepts and records the system calls that are called by a process. This makes it a useful diagnostic, instructional, and debugging tool. For example, you can use strace to find out which configuration file a program is actually using when it starts up.
Strace does have one flaw, though. When it’s checking out a specific process, that process’ performance falls through the floor. Thus, I use strace only when I already have a darned good reason to think that that program is causing trouble.
tcpdump
Tcpdump is a simple, robust network monitoring utility. Its basic protocol analyzing capability enables you to get a rough view of what is happening on your network. To really dig into what’s going on with your network, however, you want to use Wireshark (see below).
The top command shows what’s going on with your active processes. By default, it displays the most CPU-intensive tasks running on the server and updates the list every five seconds. You can sort the processes by PID (Process ID); age, newest first; time, by cumulative time; and resident memory usage and total time it’s been using the CPU since startup. I find this a fast and easy way to see if any process is starting to lurch out of control and into trouble.
uptime
Use uptime to see how long the server has been running and how many users are logged on. It also gives you an overview of the average server load. The optimal value of the load is 1 or less, which means that each process has immediate access to the CPU and there are no CPU cycles lost.
vmstat
For the most part, you use vmstat to monitor what’s going on with virtual memory. Linux constantly uses virtual memory to get the best possible storage performance.
If your applications are taking up too much memory, you get excessive page-outs—programs moving from RAM to your system’s swap space, which is on the hard drive. Your server can reach a point where it’s spending more time managing memory paging than running your applications, a condition called thrashing. When your computer is thrashing, its performance falls through the floor. Vmstat , which can display either average data or actual samples, can help you spot memory pig programs and processes before they bring your server to a crawl.
Wireshark
Wireshark , formerly known as Ethereal (and still often referred to that way), is tcpdump ’s big brother, though more sophisticated and with far more advanced protocol analysis and reporting. Wireshark has both a GUI interface and a shell interface. If you do any serious network administration, you must use ethereal . And, if you’re using Wireshark/ethereal , I highly recommend Chris Sander’s Practical Packet Analysis, a great book on how to get the most out of this useful program.
This is only a 10,000-foot overview of some of Linux’s most valuable system monitoring programs. Still, by learning these programs you’ll have taken a first step toward Linux system administrator proficiency.
Источник
