Essential networking commands for troubleshooting, analysis, and configuration.
Network Information
IP Configuration
ip addr show # Show all IP addresses
ip addr show eth0 # Show specific interface
ip link show # Show link status
ip route show # Show routing table
ip neigh show # Show ARP cache
# Legacy commands (ifconfig, route)
ifconfig # Show all interfaces
ifconfig eth0 # Show specific interface
route -n # Show routing table
arp -a # Show ARP cache
Interface Management
ip link set eth0 up # Bring interface up
ip link set eth0 down # Bring interface down
ip addr add 192.168.1.10/24 dev eth0 # Add IP address
ip addr del 192.168.1.10/24 dev eth0 # Remove IP address
ip route add default via 192.168.1.1 # Add default gateway
Connectivity Testing
Basic Connectivity
ping 8.8.8.8 # Test connectivity
ping -c 4 8.8.8.8 # Send 4 packets
ping -i 0.2 8.8.8.8 # Ping every 0.2 seconds
ping6 2001:4860:4860::8888 # IPv6 ping
traceroute google.com # Trace route to host
traceroute -n google.com # Don't resolve hostnames
traceroute -I google.com # Use ICMP instead of UDP
mtr google.com # Interactive traceroute
Port Connectivity
telnet host 80 # Test TCP port
nc -zv host 80 # Test TCP port (netcat)
nc -zuv host 53 # Test UDP port
timeout 5 bash -c '</dev/tcp/host/80' 2>/dev/null && echo "Open" || echo "Closed"
DNS Queries
DNS Lookup
dig google.com # Full DNS query
dig google.com A # Query A record
dig google.com MX # Query MX record
dig google.com NS # Query nameservers
dig google.com ANY # Query all records
dig @8.8.8.8 google.com # Use specific DNS server
dig +short google.com # Short output
dig -x 8.8.8.8 # Reverse DNS lookup
nslookup google.com # Basic DNS lookup
nslookup google.com 8.8.8.8 # Use specific DNS server
host google.com # Simple DNS lookup
host -t MX google.com # Query MX record
Port Scanning & Services
Listening Ports
ss -tulpn # Show all listening ports
ss -tulpn | grep :80 # Find what's on port 80
ss -s # Socket statistics
netstat -tulpn # Show listening ports (older)
netstat -an # Show all connections
lsof -i :80 # Show what's using port 80
lsof -i TCP # Show all TCP connections
Port Scanning (nmap)
nmap target # Basic scan
nmap -p 80,443 target # Scan specific ports
nmap -p 1-65535 target # Scan all ports
nmap -sV target # Service/version detection
nmap -O target # OS detection
nmap -sS target # SYN scan (stealth)
nmap -sU target # UDP scan
nmap -A target # Aggressive scan
nmap -Pn target # Skip ping (treat as online)
nmap 192.168.1.0/24 # Scan subnet
Traffic Analysis
tcpdump
tcpdump -i eth0 # Capture on interface
tcpdump -i eth0 -n # Don't resolve names
tcpdump -i eth0 -c 100 # Capture 100 packets
tcpdump -i eth0 port 80 # Filter by port
tcpdump -i eth0 host 192.168.1.1 # Filter by host
tcpdump -i eth0 net 192.168.1.0/24 # Filter by network
tcpdump -i eth0 tcp # TCP only
tcpdump -i eth0 udp # UDP only
tcpdump -i eth0 -w capture.pcap # Write to file
tcpdump -r capture.pcap # Read from file
tcpdump -i eth0 -A # ASCII output
tcpdump -i eth0 -X # Hex and ASCII output
# Capture HTTP traffic
tcpdump -i eth0 -s 0 -A 'tcp port 80'
# Capture specific subnet traffic
tcpdump -i eth0 'src net 192.168.1.0/24'
Bandwidth Monitoring
iftop -i eth0 # Real-time bandwidth by connection
nethogs eth0 # Bandwidth by process
iptraf-ng # Interactive network monitor
vnstat -i eth0 # Network statistics
bmon # Bandwidth monitor
Network Testing
Performance Testing
iperf3 -s # Start server
iperf3 -c server_ip # Start client
iperf3 -c server_ip -u # UDP test
iperf3 -c server_ip -t 60 # 60 second test
iperf3 -c server_ip -P 4 # 4 parallel streams
speedtest-cli # Internet speed test
HTTP Testing
curl https://example.com # GET request
curl -I https://example.com # HEAD request (headers only)
curl -v https://example.com # Verbose output
curl -o file.html https://example.com # Save to file
curl -X POST -d "data" url # POST request
curl -H "Header: value" url # Custom header
curl --max-time 10 url # Timeout after 10s
wget https://example.com/file # Download file
wget -O output.html https://example.com # Save with custom name
wget -c https://example.com/file # Continue partial download
Firewall (iptables)
View Rules
iptables -L # List all rules
iptables -L -n # List rules (no DNS)
iptables -L -v # Verbose output
iptables -L INPUT # List INPUT chain
iptables -S # Show rules as commands
Basic Rules
# Allow incoming SSH
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
# Allow incoming HTTP/HTTPS
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
# Allow established connections
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Drop all other input
iptables -P INPUT DROP
# Delete rule by number
iptables -D INPUT 3
# Flush all rules
iptables -F
SSH & Tunneling
SSH Connections
ssh user@host # Basic SSH
ssh -p 2222 user@host # Custom port
ssh -i key.pem user@host # Use specific key
ssh -v user@host # Verbose (debugging)
ssh -J jump@host user@target # Jump host
# Copy SSH key
ssh-copy-id user@host
# Generate SSH key
ssh-keygen -t ed25519 -C "comment"
ssh-keygen -t rsa -b 4096 -C "comment"
SSH Tunneling
# Local port forwarding
ssh -L 8080:localhost:80 user@remote
# Remote port forwarding
ssh -R 8080:localhost:80 user@remote
# Dynamic port forwarding (SOCKS proxy)
ssh -D 1080 user@remote
# Keep tunnel alive
ssh -L 8080:localhost:80 -N user@remote
SCP & RSYNC
scp file user@host:/path # Copy file to remote
scp user@host:/path/file . # Copy file from remote
scp -r dir user@host:/path # Copy directory
scp -P 2222 file user@host:/path # Custom SSH port
rsync -avz source/ dest/ # Sync directories
rsync -avz source/ user@host:/dest/ # Sync to remote
rsync -avz --delete source/ dest/ # Delete extra files
rsync -avz -e "ssh -p 2222" source/ user@host:/dest/ # Custom SSH port
Wireless (if applicable)
iwconfig # Show wireless interfaces
iwlist wlan0 scan # Scan for networks
iwconfig wlan0 essid "NetworkName" # Connect to network
iw dev wlan0 scan # Modern scan command
iw dev wlan0 link # Connection status
Network Configuration Files
# Network interfaces (Debian/Ubuntu)
/etc/network/interfaces
# NetworkManager connections
/etc/NetworkManager/system-connections/
# DNS configuration
/etc/resolv.conf
# Hosts file
/etc/hosts
# Hostname
/etc/hostname
hostnamectl set-hostname newhostname
Useful One-Liners
# Find your public IP
curl ifconfig.me
dig +short myip.opendns.com @resolver1.opendns.com
# Find your local IP
hostname -I
ip -4 addr show scope global | grep inet
# List all open connections
lsof -i
# Find which process is using a port
lsof -i :8080
ss -tulpn | grep :8080
# Show top bandwidth hogs
netstat -an | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
# Test if port is open
nc -zv host 22
# Download and execute script
curl -sSL https://example.com/script.sh | bash
# Check SSL certificate expiration
echo | openssl s_client -connect example.com:443 2>/dev/null | openssl x509 -noout -dates
# Simple port scan without nmap
for port in {1..1024}; do timeout 1 bash -c "</dev/tcp/192.168.1.1/$port" 2>/dev/null && echo "Port $port is open"; done
# Monitor specific connection
watch -n 1 "netstat -an | grep :80"
# Generate network traffic
yes | pv | nc host 1234
# Check MTU path
tracepath google.com