Linux Network Commands

Dear students refresh your basic linux knowledge and try the linux commands you have learned in the FOSS lab ( fourth semster) .You can refer my FOSS blog for the same.http://binuvp.blogspot.in/.

In this course we will learn essential Linux network commands in Ubuntu. These commands may be used to configure, to troubleshoot your network or to obtain some more information all via the terminal in Linux. So let’s go!

ifconfig (interface configurator)

ifconfig (interface configurator) command is use to initialize an interface, assign IP Address to interface and enable or disable interface on demand. With this command you can view IP Address and Hardware / MAC address assign to interface and also MTU (Maximum transmission unit) size.

Eg:
$ifconfig
$ifconfig eth0
$ifconfig -a

Enable eth0
$ifup eth0

Disable eth0
$ifdown eth0

By default MTU size is 1500. We can set required MTU size with below command. Replace XXXX with size.
$ifconfig eth0 mtu xxxx

Set Interface in Promiscuous mode

Network interface only receive packets belongs to that particular NIC. If you put interface in promiscuous mode, it will received all the packets. This is very useful to capture packets and analyze later. For this you may require superuser access.

#ifconfig eth0 -promisc

Assigning an IP Address and Gateway to interface on the fly. The setting will be removed in case of system reboot.

# ifconfig eth0 192.168.50.5 netmask 255.255.255.0

You can also use variations of ip command to know the  network configuration.
$ip addr

Another application that can help identify all network interfaces available to your system is the lshw command.

 $sudo lshw -class network

ping command(Packet Internet Groper)

As a verb, ping means "to get the attention of" or "to check for the presence of" another party online. The computer acronym (for Packet Internet Groper) was contrived to match the submariners' term for the sound of a returned sonar pulse.

Ping is used diagnostically to ensure that a host computer the user is trying to reach is actually operating. Ping works by sending an Internet Control Message Protocol (ICMP) Echo Request to a specified interface on the network and waiting for a reply. Ping can be used for troubleshooting to test connectivity and determine response time.

Eg:
$ping www.google.com
$ping 192.168.2.1

127.0.0.1 is standard IP address assigned to your network card once you have installed network card driver correctly. A quick way to test whether new network card works with correct driver installed, you can test to ping 127.0.0.1 in command prompt (you can test this even your computer is not connected to network).

$ping 127.0.0.1 or $ping localhost

There are several options for ping command.For example the following command will use only 4 packets of data.

$ping www.google.com -c4

Learn the various options from man page.
http://manpages.ubuntu.com/manpages/trusty/man8/ping.8.html

netstat command(network statistics)

is a command line tool for monitoring network connections both incoming and outgoing as well as viewing routing tables, interface statistics etc. It is very useful in terms of network troubleshooting and performance measurement. netstat is one of the most basic network service debugging tools, telling you what ports are open and whether any programs are listening on ports.

Listing all ports ( TCP/UDP)
$netstat -a

Listing only TCP (Transmission Control Protocol) port connections.
$netstat -at

Listing only UDP (User Datagram Protocol ) port connections
$ netstat -au

Listing all active listening ports connections with netstat -l
$netstat -l

Listing all active listening TCP ports by using option netstat -lt
$netstat -lt

Listing all active listening UDP ports by using option netstat -lu
$netstat -lu

Listing all active UNIX listening ports using netstat -lx
$netstat -lx

Showing the statistics
$netstat -s

Showing statistics of only TCP protocol by using option netstat -st
$netstat -st

Showing statistics of only UDP protocol by using option netstat -su
$netstat -su

Displaying service name with their PID number, using option netstat -tp will display “PID/Program Name”.
$netstat -tp

Display Kernel IP routing table.
$netstat -r

Showing network interface packet transactions including both transferring and receiving packets with MTU size.
$netstat -i

Showing Kernel interface table, similar to ifconfig command.
$netstat -ie

Displays multicast group membership information for both IPv4 and Ipv6.
$netstat -g

To get netstat information every few second, then use the following command, it will print netstat information continuously, say every few seconds.

$netstat -c

Find out how many listening programs running on a port.
$netstat -ap|grep 'http'

Add the option -p to display information of programs connected to the open sockets.
$netstat -p

tcpdump

tcpdump is a most powerful and widely used command-line packets sniffer or package analyzer tool which is used to capture or filter TCP/IP packets that received or transferred over a network on a specific interface. It is available under most of the Linux/Unix based operating systems. tcpdump also gives us a option to save captured packets in a file for future analysis. It saves the file in a pcap format, that can be viewed by tcpdump command or a open source GUI based tool called Wireshark (Network Protocol Analyzier) that reads tcpdump pcap format files.

Capture packets from a specific interface
$tcpdump -i eth0

Capture only n number of packets
$tcpdump -c 5 -i eth0

Print captured packets in ASCII
$tcpdump -A -i eth0

Display available interfaces
$tcpdump -D

Display captured packets in Hex and ASCII
$tcpdump -xx -i eth0

Capture and save packets in a file
$tcpdump -w file.pcap -i eth0

Read captured packet files
$tcpdump -r file.pcap

Capture IP address packets
$tcpdump -n -i eth0

Capture only TCP packets
$tcpdump -i eth0 tcp

Capture packets from specific port
$tcpdump -i eth0 port 22

Capture packets from source IP
$tcpdump -i eth0 src 192.168.0.2


Capture packets from destination
$tcpdump -i eth0 dst 192.168.1.2

host command

Host command is a minimal and easy-to-use  utility for performing DNS lookups which translate domain names to IP addresses and vice versa. It can also be used to list and verify various types of DNS records such as NS and MX, test and validate ISP DNS server and Internet connectivity, spam and blacklisting records, detecting and troubleshooting DNS server issues among others.

This is the simplest host command you can run, just provide a domain name such as www.google.com to get the associated IP addresses.

$host www.google.com

To find out the domain name servers use -t option

$host -t ns www.ceknpy.ac.in


Find domain CNAME record
$host  -t cname mail.google.com

Find domain MX record
$host -n -t mx google.com

Find domain TXT record
$host -t txt google.com


Find domain SOA record
$host -c google.com

dig (domain information groper)

This command query DNS related information like A Record, CNAME, MX Record etc. This command mainly use to troubleshoot DNS related query.

$dig ceknpy.ac.in

query MX records
$dig yahoo.com MX

Query SOA record
$dig google.com SOA

Query TTL record
$dig yahoo.com TTL

DNS reverse look up
$dig -x 72.30.38.140 +short


traceroute command

traceroute is a network troubleshooting utility which shows number of hops taken to reach destination also determine packets travelling path. Below we are tracing route to global DNS server IP Address and able to reach destination also shows path of that packet is traveling.

$traceroute ceknpy.ac.in
$traceroute 4.2.2.2

tracepath command

Tracepath traces the path of the network to the destination you have provided. It attempts to list the series of hosts through which your packets travel on their way to a given destination. It can be very handy when trying to determine the points of slowness in your connection path.

$tracepath ceknpy.ac.in

nslookup command

nslookup is a command-line administrative tool for testing and troubleshooting DNS servers (Domain Name Server). It is used to query specific DNS resource records (RR) as well. Most operating systems comes with built-in nslookup feature.

$nslookup ceknpy.ac.in

Reverse domain lookup
$nslookup 202.88.241.72
Query name server record
$nslookup -query=ns www.yahoo.com


Query all available DNS record
$nslookup -query=any yahoo.com

arp command

ARP (Address Resolution Protocol) is useful to view / add the contents of the kernel’s ARP tables. To see default table use the command as.

$arp -e

hostname command

Execute the hostname command to know the name of your terminal
$hostname


route command

route command is used to display or modify the routing table.

You may add or delete routes or add a default gateway with the following commands.

route add -net 10.10.10.0/24 gw 192.168.0.1
route del -net 10.10.10.0/24 gw 192.168.0.1
route add default gw 192.168.0.1

whois command

Get the domain name registration record details

$whois ceknpy
If the command is not installed install using
$sudo apt-get install whois