logo

Shell Cheatsheet - Networking Commands

ip

# Show interfacees
$ ip link
$ ip link show dev ens4

# Show interface statistics
$ ip -s link
$ ip -s link show dev ens4

# Show addresses
$ ip addr
$ ip addr show dev ens4

# Show the neighbors
$ ip neigh show dev vxlan0

# Check IP Routes:
$ ip route

# Check route to a specific IP
$ ip route show to match 10.180.15.2
default via 10.180.0.1 dev ens4 proto dhcp src 10.180.1.201 metric 100

$ ip route get 10.180.15.2
10.180.15.2 via 10.180.0.1 dev ens4 src 10.180.1.201 uid 0
    cache

# `ip route add`: add a static route to the routing table of a Linux Kernel.
$ ip route add NETWORK/MASK via GATEWAYIP
$ ip route add NETWORK/MASK dev DEVICE
$ ip route add default NETWORK/MASK dev DEVICE
$ ip route add default NETWORK/MASK via GATEWAYIP

# route table can be found in /proc
$ cat /proc/net/route

# Only show the interface:
$ ip -o route get 10.180.15.2 | perl -nle 'if ( /dev\s+(\S+)/ ) {print $1}'
ens4

# Display multicast information for all devices
$ ip maddr
$ ip maddr show dev em1

# Get help
$ ip help

In the output:

  • BROADCAST,MULTICAST,UP,LOWER_UP are the interface flags. To check the details of the flags: $ man netdevice
    • e.g. LOWER_UP means there is a signal at the physical level (i.e. something active is plugged in the network interface).
  • lladdr: the link layer address of the neighbour.

Network Namespaces

# List network namespaces
$ ip netns list

# Add network namespace
$ ip netns add NAMESPACE

Linux Kernel routing table vs iptables

  • routing tables specify how to deliver a packet.
  • iptables specify whether to deliver it at all.

tcpdump

Display TCP/IP and other packets being transmitted or received over a network:

$ sudo tcpdump

# specify interface
$ sudo tcpdump -i eth0

Useful options/params:

  • -n: do not convert addresses to names.
  • -s0: set size of the packet to unlimited, to capture all the traffic.
  • -v / -vv / -vvv: increase verbose level.
  • port 80: filter by port.
  • udp: filter by protocal, equivalent to proto 17 (tcp=proto 16)
  • host xxx.xxx.xxx.xxx: filter by host.
  • src xxx.xxx.xxx.xxx / dst xxx.xxx.xxx.xxx: filter by source or destination.

How to check connectivity?

# sending ICMP echo request, Internet layer
$ ping wikipedia.org

# using Address Resolution Protocol (ARP), Link layer
$ arping 192.xxx.xxx.xxx

Check if a port is open on a remote machine

Or "How to 'ping' a port".

nc

Use nc (nc=netcat):

$ nc -vz <host> <port_number>
$ nc -vz <domain> <port_number>
  • -z = sets nc to simply scan for listening daemons, without actually sending any data to them.
  • -v = enables verbose mode.

Result:

  • if failed: nc: connect to xx.xx.xx.xx port 443 (tcp) failed: No route to host
  • if succeeded: Connection to xx.xx.xx.xx 443 port [tcp/https] succeeded!

nmap

Use nmap (note that param order is different from nc)

$ nmap -p <port> <ip>

# Check all valid IPs in range
$ nmap -sn 192.168.1.0/24

Use telnet:

$ telnet <ip_address> <port_number>
$ telnet <domain_name> <port_number>

/dev/tcp/host/port

$ cat < /dev/tcp/xx.xx.xx.xx/443
-bash: connect: No route to host
-bash: /dev/tcp/xx.xx.xx.xx/443: No route to host

get your sshd header

$ cat < /dev/tcp/localhost/22
SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.9

Check ip forward

$ sudo iptables-save

How to check if a port is being used?

$ lsof -i:$PORT # e.g. lsof -i:5000

# Linux
$ netstat -tulpn | grep LISTEN
$ ss -tln

# macOS
$ netstat -anp tcp | grep LISTEN

$ less /etc/services

Check a specific port, e.g. 6443:

$ ss -lptn | grep 6443
LISTEN 0      128        127.0.0.1:6443       0.0.0.0:*    users:(("haproxy",pid=89488,fd=7))
LISTEN 0      128       10.200.9.0:6443       0.0.0.0:*    users:(("haproxy",pid=89488,fd=6))

How to check sockets?

Use ss (socket statistics):

  • ss: get all connections
  • ss -t: get TCP connections not in listen mode (server programs)
  • ss -u: get UDP connections not in listen mode
  • ss -x: get unix socket pipe connections
  • ss -ta: get all tcp connections
  • ss -au: get all udp connections
  • ss -nt: all tcp without host name
  • ss -l: lists listening sockets
  • ss -a: shows both listening and non-listening sockets
  • ss -ltn: listening tcp without host resolution
  • ss -ltp: listening tcp with PID and name
  • ss -s: prints statstics
  • ss -tn -o: tcp connection with domain host and show keepalive timer
  • ss -tl4: ip4 connections

ss vs netstat:

  • netstat: read various /proc files to gather information. Slow when there are lots of connections to display. Now deprecated. Replaced by ss.
  • ss: get information directly from kernel space.

DNS

DNS (domain name system) translates domain names into numeric IP addresses.

  • /etc/resolv.conf file defines how the system uses DNS to resolve host names and IP addresses. This file usually contains a line specifying the search domains and up to three lines that specify the IP addresses of DNS server.
  • /etc/systemd/resolved.conf
  • /etc/hosts: list of hosts.
  • /etc/hostname: the hostname of the machine.
$ cat /etc/hosts
127.0.1.1   example-hostname

# DNS lookup
$ host $HOST_NAME
$ host example-hostname
example-hostname.foo.bar.example.com has address 10.64.xxx.xxx

# Show hostname
$ hostname
$ cat /etc/hosts

# Show IP
$ hostname -i

# Show all IPs
$ hostname -I

# Set hostname
$ hostname newname

# Query Name Servers:
$ nslookup wikipedia.org

dig

dig (domain information groper): DNS lookup utility

Unless it is told to query a specific name server, dig will try each of the servers listed in /etc/resolv.conf.

Example

$ dig google.com

; <<>> DiG 9.10.3-P4-Ubuntu <<>> google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13686
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;google.com.			IN	A

;; ANSWER SECTION:
google.com.		8	IN	A	xxx.xxx.xxx.xxx

;; Query time: 16 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Thu Jan 01 20:24:55 PDT 2020
;; MSG SIZE  rcvd: 55

nmcli

For controlling NetworkManager. Read more: NetworkManager

ethtool

# Check a network interface
$ sudo ethtool ens4

# Check driver
$ sudo ethtool --driver ens4

# Check stats
$ sudo ethtool --statistics ens4

iftop

There are top-like tools for network, but need to be installed separately, e.g. iftop

Deprecated Commands

Deprecated Linux commands and their replacements:

deprecated replaced by
arp ip neigh
ifconfig ip addr, ip link, ip -s
iptunnel ip tunnel
iwconfig iw
nameif ip link, ifrename
route ip route
ipmaddr ip maddr
netstat ip -s, ss
netstat -r ip route
netstat -i ip -s link
netstat -g ip maddr
ifup ip link set <interface> up
ifdown ip link set <interface> down
traceroute tracepath or mtr

How to debug network issue

Try

  • ping hosts (by IP address or DNS name)
  • look at ip link show, ip address show and ip route show
  • look at /etc/resolv.conf for name resolution issues.
  • look at the connection profiles that you have configured in NetworkManager (nmcli connection and nmcli connection show "$PROFILE") and the configured interfaces (nmcli device).
  • no such host => usually DNS problem

Start a web server

$ python -m http.server
Serving HTTP on 0.0.0.0 port 8000 ...
logo
PRIVACY POLICYABOUT中文