Network troubleshooting requires mastery of command-line tools for diagnostics and analysis. This comprehensive networking cheat sheet covers essential commands including ping, traceroute, netstat, ss, tcpdump, nmap, and ip for connectivity testing, traffic analysis, and network configuration.
Quick Navigation: Network Info | Connectivity | DNS | Port Scan | Traffic | Firewall
Network Information
IP Configuration
ip addr show # Show all IP addresses
ip addr show eth0 # Show specific interface
ip link show # Show link status
ip route show # Show routing table
ip neigh show # Show ARP cache
# Legacy commands (ifconfig, route)
ifconfig # Show all interfaces
ifconfig eth0 # Show specific interface
route -n # Show routing table
arp -a # Show ARP cache
Interface Management
ip link set eth0 up # Bring interface up
ip link set eth0 down # Bring interface down
ip addr add 192.168.1.10/24 dev eth0 # Add IP address
ip addr del 192.168.1.10/24 dev eth0 # Remove IP address
ip route add default via 192.168.1.1 # Add default gateway
Connectivity Testing
Basic Connectivity
ping 8.8.8.8 # Test connectivity
ping -c 4 8.8.8.8 # Send 4 packets
ping -i 0.2 8.8.8.8 # Ping every 0.2 seconds
ping6 2001:4860:4860::8888 # IPv6 ping
traceroute google.com # Trace route to host
traceroute -n google.com # Don't resolve hostnames
traceroute -I google.com # Use ICMP instead of UDP
mtr google.com # Interactive traceroute
Port Connectivity
telnet host 80 # Test TCP port
nc -zv host 80 # Test TCP port (netcat)
nc -zuv host 53 # Test UDP port
timeout 5 bash -c '</dev/tcp/host/80' 2>/dev/null && echo "Open" || echo "Closed"
DNS Queries
DNS Lookup
dig google.com # Full DNS query
dig google.com A # Query A record
dig google.com MX # Query MX record
dig google.com NS # Query nameservers
dig google.com ANY # Query all records
dig @8.8.8.8 google.com # Use specific DNS server
dig +short google.com # Short output
dig -x 8.8.8.8 # Reverse DNS lookup
nslookup google.com # Basic DNS lookup
nslookup google.com 8.8.8.8 # Use specific DNS server
host google.com # Simple DNS lookup
host -t MX google.com # Query MX record
Port Scanning & Services
Listening Ports
ss -tulpn # Show all listening ports
ss -tulpn | grep :80 # Find what's on port 80
ss -s # Socket statistics
netstat -tulpn # Show listening ports (older)
netstat -an # Show all connections
lsof -i :80 # Show what's using port 80
lsof -i TCP # Show all TCP connections
Port Scanning (nmap)
nmap target # Basic scan
nmap -p 80,443 target # Scan specific ports
nmap -p 1-65535 target # Scan all ports
nmap -sV target # Service/version detection
nmap -O target # OS detection
nmap -sS target # SYN scan (stealth)
nmap -sU target # UDP scan
nmap -A target # Aggressive scan
nmap -Pn target # Skip ping (treat as online)
nmap 192.168.1.0/24 # Scan subnet
Traffic Analysis
tcpdump
tcpdump -i eth0 # Capture on interface
tcpdump -i eth0 -n # Don't resolve names
tcpdump -i eth0 -c 100 # Capture 100 packets
tcpdump -i eth0 port 80 # Filter by port
tcpdump -i eth0 host 192.168.1.1 # Filter by host
tcpdump -i eth0 net 192.168.1.0/24 # Filter by network
tcpdump -i eth0 tcp # TCP only
tcpdump -i eth0 udp # UDP only
tcpdump -i eth0 -w capture.pcap # Write to file
tcpdump -r capture.pcap # Read from file
tcpdump -i eth0 -A # ASCII output
tcpdump -i eth0 -X # Hex and ASCII output
# Capture HTTP traffic
tcpdump -i eth0 -s 0 -A 'tcp port 80'
# Capture specific subnet traffic
tcpdump -i eth0 'src net 192.168.1.0/24'
Bandwidth Monitoring
iftop -i eth0 # Real-time bandwidth by connection
nethogs eth0 # Bandwidth by process
iptraf-ng # Interactive network monitor
vnstat -i eth0 # Network statistics
bmon # Bandwidth monitor
Network Testing
Performance Testing
iperf3 -s # Start server
iperf3 -c server_ip # Start client
iperf3 -c server_ip -u # UDP test
iperf3 -c server_ip -t 60 # 60 second test
iperf3 -c server_ip -P 4 # 4 parallel streams
speedtest-cli # Internet speed test
HTTP Testing
curl https://example.com # GET request
curl -I https://example.com # HEAD request (headers only)
curl -v https://example.com # Verbose output
curl -o file.html https://example.com # Save to file
curl -X POST -d "data" url # POST request
curl -H "Header: value" url # Custom header
curl --max-time 10 url # Timeout after 10s
wget https://example.com/file # Download file
wget -O output.html https://example.com # Save with custom name
wget -c https://example.com/file # Continue partial download
Firewall (iptables)
View Rules
iptables -L # List all rules
iptables -L -n # List rules (no DNS)
iptables -L -v # Verbose output
iptables -L INPUT # List INPUT chain
iptables -S # Show rules as commands
Basic Rules
# Allow incoming SSH
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
# Allow incoming HTTP/HTTPS
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
# Allow established connections
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Drop all other input
iptables -P INPUT DROP
# Delete rule by number
iptables -D INPUT 3
# Flush all rules
iptables -F
SSH & Tunneling
SSH Connections
ssh user@host # Basic SSH
ssh -p 2222 user@host # Custom port
ssh -i key.pem user@host # Use specific key
ssh -v user@host # Verbose (debugging)
ssh -J jump@host user@target # Jump host
# Copy SSH key
ssh-copy-id user@host
# Generate SSH key
ssh-keygen -t ed25519 -C "comment"
ssh-keygen -t rsa -b 4096 -C "comment"
SSH Tunneling
# Local port forwarding
ssh -L 8080:localhost:80 user@remote
# Remote port forwarding
ssh -R 8080:localhost:80 user@remote
# Dynamic port forwarding (SOCKS proxy)
ssh -D 1080 user@remote
# Keep tunnel alive
ssh -L 8080:localhost:80 -N user@remote
SCP & RSYNC
scp file user@host:/path # Copy file to remote
scp user@host:/path/file . # Copy file from remote
scp -r dir user@host:/path # Copy directory
scp -P 2222 file user@host:/path # Custom SSH port
rsync -avz source/ dest/ # Sync directories
rsync -avz source/ user@host:/dest/ # Sync to remote
rsync -avz --delete source/ dest/ # Delete extra files
rsync -avz -e "ssh -p 2222" source/ user@host:/dest/ # Custom SSH port
Wireless (if applicable)
iwconfig # Show wireless interfaces
iwlist wlan0 scan # Scan for networks
iwconfig wlan0 essid "NetworkName" # Connect to network
iw dev wlan0 scan # Modern scan command
iw dev wlan0 link # Connection status
Network Configuration Files
# Network interfaces (Debian/Ubuntu)
/etc/network/interfaces
# NetworkManager connections
/etc/NetworkManager/system-connections/
# DNS configuration
/etc/resolv.conf
# Hosts file
/etc/hosts
# Hostname
/etc/hostname
hostnamectl set-hostname newhostname
Useful One-Liners
# Find your public IP
curl ifconfig.me
dig +short myip.opendns.com @resolver1.opendns.com
# Find your local IP
hostname -I
ip -4 addr show scope global | grep inet
# List all open connections
lsof -i
# Find which process is using a port
lsof -i :8080
ss -tulpn | grep :8080
# Show top bandwidth hogs
netstat -an | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
# Test if port is open
nc -zv host 22
# Download and execute script
curl -sSL https://example.com/script.sh | bash
# Check SSL certificate expiration
echo | openssl s_client -connect example.com:443 2>/dev/null | openssl x509 -noout -dates
# Simple port scan without nmap
for port in {1..1024}; do timeout 1 bash -c "</dev/tcp/192.168.1.1/$port" 2>/dev/null && echo "Port $port is open"; done
# Monitor specific connection
watch -n 1 "netstat -an | grep :80"
# Generate network traffic
yes | pv | nc host 1234
# Check MTU path
tracepath google.com
📥 Download & Print
Want a PDF version? This cheat sheet is optimized for printing:
- Use your browser’s Print function (Ctrl/Cmd + P)
- Select “Save as PDF”
- Choose landscape orientation for best results
Stay Updated: Bookmark this page for the latest commands and best practices.
Last Updated: March 8, 2026