dotlinux guide

Linux Networking Commands Cheat Sheet: A Comprehensive Guide

In the world of Linux, networking is the backbone of connectivity—whether you’re a system administrator managing servers, a developer debugging application traffic, or a DevOps engineer automating infrastructure. Mastering Linux networking commands is critical for troubleshooting, configuring, monitoring, and securing networked systems. This blog serves as a comprehensive cheat sheet for Linux networking commands. We’ll cover fundamental concepts, core commands (grouped by use case), common workflows, and best practices. By the end, you’ll have the tools to diagnose network issues, configure interfaces, manage routing, and monitor traffic like a pro.

Table of Contents

Fundamentals of Linux Networking

Before diving into commands, let’s clarify key networking concepts that Linux commands interact with:

  • Network Interfaces: Physical (e.g., eth0, wlan0) or virtual (e.g., lo for loopback, docker0 for containers) devices that connect a system to a network.
  • IP Addressing: Unique identifiers (IPv4: 192.168.1.100; IPv6: 2001:db8::1) assigned to interfaces for communication. Subnet masks (e.g., /24) define network boundaries.
  • DNS (Domain Name System): Translates human-readable domain names (e.g., google.com) to IP addresses.
  • Routing: The process of forwarding traffic between networks via gateways. Routing tables define paths for packets.
  • Firewalls: Rulesets (e.g., iptables, ufw) that control inbound/outbound traffic to secure the system.

Core Networking Commands

1. Interface Information

These commands retrieve or modify network interface status and properties.

Part of the iproute2 suite (replaces legacy tools like ifconfig), ip link manages layer 2 (Ethernet) interface settings.

Syntax:

ip link [show | set] [INTERFACE] [OPTIONS]

Examples:

  • List all interfaces (physical and virtual): 
    ip link show
  • Bring an interface up/down: 
    sudo ip link set eth0 up   # Enable interface
sudo ip link set eth0 down # Disable interface
  • View MAC address of eth0: 
    ip link show eth0 | grep "link/ether"

ethtool (Ethernet Interface Details)

Query or modify Ethernet interface settings (speed, duplex, wake-on-LAN).

Syntax:

ethtool [INTERFACE]

Example:
Check speed and duplex mode of eth0:

ethtool eth0

2. IP Address Configuration

Assign or view IP addresses (layer 3) to interfaces.

ip addr (Modern Alternative to ifconfig)

Manage IP addresses (IPv4/IPv6) on interfaces.

Syntax:

ip addr [show | add | del] [IP/NETMASK] dev [INTERFACE]

Examples:

  • List IP addresses of all interfaces: 
    ip addr show
  • Assign a static IPv4 address to eth0: 
    sudo ip addr add 192.168.1.100/24 dev eth0
  • Remove an IP address from eth0: 
    sudo ip addr del 192.168.1.100/24 dev eth0

dhclient (Dynamic IP Assignment)

Request an IP address from a DHCP server.

Syntax:

sudo dhclient [INTERFACE]

Example:
Force eth0 to request a new DHCP lease:

sudo dhclient -r eth0  # Release current lease
sudo dhclient eth0     # Request new lease

3. DNS & Hostname Management

Resolve domain names, configure hostnames, and manage DNS settings.

hostnamectl (Hostname Management)

Set or view the system hostname (persistent across reboots).

Syntax:

hostnamectl [status | set-hostname NEW_HOSTNAME]

Examples:

  • View current hostname: 
    hostnamectl status
  • Set hostname to web-server-01: 
    sudo hostnamectl set-hostname web-server-01

dig (DNS Lookup)

Query DNS servers for domain records (A, AAAA, MX, TXT).

Syntax:

dig [DOMAIN] [RECORD_TYPE]

Examples:

  • Get IPv4 address of google.com: 
    dig google.com A +short
  • Check MX records for example.com: 
    dig example.com MX

/etc/resolv.conf (DNS Resolver Configuration)

Text file storing DNS server IPs (used by the system resolver).

Example:
Edit to use Google DNS:

sudo nano /etc/resolv.conf
# Add:
nameserver 8.8.8.8
nameserver 8.8.4.4

4. Routing

Manage the system’s routing table to direct traffic between networks.

ip route (Modern Alternative to route)

View or modify the routing table (layer 3).

Syntax:

ip route [show | add | del] [DESTINATION] via [GATEWAY] dev [INTERFACE]

Examples:

  • List all routes: 
    ip route show
  • Add a default gateway (for internet access): 
    sudo ip route add default via 192.168.1.1 dev eth0
  • Route traffic for 10.0.0.0/24 via 192.168.1.254: 
    sudo ip route add 10.0.0.0/24 via 192.168.1.254 dev eth0

traceroute (Path to Destination)

Trace the network path from your system to a remote host (identifies hops and latency).

Syntax:

traceroute [HOSTNAME/IP]

Example:
Trace route to google.com:

traceroute google.com

5. Connectivity Testing

Verify reachability and port availability.

ping (ICMP Echo Request)

Test if a host is reachable via ICMP (layer 3).

Syntax:

ping [-c COUNT] [-i INTERVAL] [HOSTNAME/IP]

Examples:

  • Send 4 pings to 8.8.8.8 (Google DNS): 
    ping -c 4 8.8.8.8
  • Ping IPv6 address: 
    ping6 2001:4860:4860::8888  # IPv6 Google DNS

nc (Netcat - Port Scanning/Testing)

Swiss Army knife for TCP/UDP testing (check if a port is open).

Syntax:

nc -zv [HOST] [PORT]  # -z: Scan mode, -v: Verbose

Example:
Check if port 80 (HTTP) is open on example.com:

nc -zv example.com 80

6. Traffic Monitoring

Analyze real-time network traffic and connections.

ss (Socket Statistics - Modern netstat)

Replaces netstat to list active network sockets (TCP/UDP connections).

Syntax:

ss [-t | -u | -l | -n]
  • -t: TCP sockets
  • -u: UDP sockets
  • -l: Listening sockets
  • -n: Show IP/port numbers (no DNS lookup)

Examples:

  • List all listening TCP ports: 
    ss -tuln
  • Find processes using port 8080: 
    ss -tulnp | grep ":8080"  # -p: Show process ID (requires sudo)

tcpdump (Packet Capture)

Capture and analyze raw network packets (great for debugging).

Syntax:

sudo tcpdump -i [INTERFACE] [FILTER]

Examples:

  • Capture all traffic on eth0: 
    sudo tcpdump -i eth0
  • Filter HTTP traffic (port 80) from 192.168.1.100: 
    sudo tcpdump -i eth0 port 80 and src 192.168.1.100
  • Save packets to a file for later analysis (with Wireshark): 
    sudo tcpdump -i eth0 -w capture.pcap

7. Firewall Management

Control inbound/outbound traffic with firewall rules.

ufw (Uncomplicated Firewall - Simplified iptables)

User-friendly frontend for iptables (default on Ubuntu/Debian).

Syntax:

sudo ufw [allow | deny | status] [PORT/PROTOCOL]

Examples:

  • Allow SSH (port 22) and HTTP (port 80): 
    sudo ufw allow 22/tcp
sudo ufw allow 80/tcp
  • Enable the firewall: 
    sudo ufw enable
  • Check firewall status: 
    sudo ufw status verbose

iptables (Advanced Firewall Rules)

Low-level tool for configuring IPv4 firewall rules (use ufw for simplicity).

Example:
Block all incoming traffic from 192.168.1.200:

sudo iptables -A INPUT -s 192.168.1.200 -j DROP

Quick Reference Table

CommandPurposeBasic SyntaxExample Usage
ip link showList interfacesip link showip link show eth0
ip addr showList IP addressesip addr showip addr show wlan0
ip route showList routing tableip route showip route show
pingTest host reachabilityping -c 4 HOSTping -c 4 google.com
tracerouteTrace path to hosttraceroute HOSTtraceroute 8.8.8.8
ss -tulnList listening portsss -tulnss -tuln
tcpdump -i eth0Capture packets on eth0sudo tcpdump -i eth0sudo tcpdump -i eth0 port 443
ufw allow 22/tcpAllow SSH trafficsudo ufw allow PORT/PROTOCOLsudo ufw allow 22/tcp
dig example.com ADNS lookup for A recorddig DOMAIN RECORD_TYPEdig example.com MX

Common Practices & Workflows

Troubleshooting Network Issues: Step-by-Step

  1. Check interfaces: Ensure the interface is up with ip link show eth0.
  2. Verify IP address: Confirm IP/subnet with ip addr show eth0.
  3. Test gateway reachability: ping 192.168.1.1 (replace with your gateway).
  4. Check DNS resolution: nslookup google.com (fails? Check /etc/resolv.conf).
  5. Trace route to target: traceroute google.com (identify where traffic is blocked).
  6. Inspect traffic: sudo tcpdump -i eth0 port 80 (debug HTTP issues).

Automation with Scripts

Save time by scripting repetitive tasks. Example: Reset eth0 interface:

#!/bin/bash
sudo ip link set eth0 down
sudo ip addr flush dev eth0  # Clear old IPs
sudo dhclient eth0           # Request new DHCP lease
echo "Interface eth0 reset."

Best Practices

  1. Use Modern Tools: Prefer ip, ss, and nftables over legacy tools like ifconfig, netstat, and iptables (though iptables is still widely used).
  2. Least Privilege: Run commands with sudo only when necessary (e.g., ip link set requires root).
  3. Document Configs: Save static IP/routing changes to /etc/network/interfaces (Debian) or /etc/sysconfig/network-scripts/ (RHEL) for persistence across reboots.
  4. Monitor Traffic: Use tcpdump or iftop to baseline traffic patterns before troubleshooting.
  5. Secure with Firewalls: Always enable ufw or nftables and restrict only necessary ports (e.g., 22 for SSH, 443 for HTTPS).

Conclusion

Linux networking commands are indispensable for managing and troubleshooting networked systems. From configuring interfaces with ip addr to debugging traffic with tcpdump, mastering these tools will empower you to resolve issues quickly and maintain robust networks.

Refer to the quick reference table for daily tasks, and adopt best practices like using modern tools and documenting changes. With practice, these commands will become second nature.

References