[bookmark] Cheat system administrator for Linux network tools

Original author: Archit Modi
  • Transfer
The daily tasks of system administrators include working with networks and with equipment connected to them. Often, the role of the administrator’s workplace is played by the computer on which any Linux distribution is installed. Linux utilities and commands, which will be discussed in the material that we are translating today, include a list of tools of varying complexity - from simple to advanced, which are designed to solve a wide range of network management and network troubleshooting tasks. In some of the examples considered here, you will come across the abbreviation (fully qualified domain name). When you meet him, replace him, depending on the circumstances, with the address of the site or server you are interested in, for example, with something like that .



The utility ping, as can be judged by its name, is used to test communication between network nodes, between the computer on which it is started, and another system. This utility uses the ICMP protocol , sending pings that are answered by the remote system that receives them. Using ping, in addition, is a good way to check network connectivity, as the first step in diagnosing a network when there is a problem. The command pingcan be used with IPv4 and IPv6 addresses. Here you can read details about IP-addresses and about working with them.


IPv4: ping <ipaddress>/<fqdn>
IPv6: ping6 <ipaddress>/<fqdn>

Ping, in addition, can be used to find out the IP addresses of sites based on their names. Here's what it looks like.

Use ping to find out the site’s IP address by its name.


Traceroute- This is a nice utility that allows you to explore the routes of data transfer between computers. While the team pingaims to find out whether it is possible to establish a connection between two network nodes, tracerouteit gives information about the IP addresses of the routers through which data passes from your system to the final one, for example, to a website or server. The command is tracerouteusually applied in the second step of network diagnostics, after the command ping.


traceroute <ipaddress>/<fqdn>


The utility telnetallows you to connect to a remote computer via the Telnet protocol and interact with it using the appropriate commands.


To organize a Telnet session with another computer, use the following command:

telnet <ipaddress>/<fqdn>


This command allows you to collect information about the network and is used in the course of searching and correcting network problems, is used to verify data on the operation of interfaces and ports, to study the routing tables, to study information on the operation of protocols. This team must be present in the arsenal of the system administrator.


To get a list of all ports that are in listening mode, use the following command:

netstat -l

The following command displays information about all ports. In order to be limited to only TCP ports, you need to use a key -at, in order to obtain data on UDP ports, use a key -au.

netstat -a

To view the routing tables, use the following command:

netstat -r

Here is the result of executing this command.

Information about the routing table

Here is a variant of this command that displays statistics on protocols:

netstat -s

Statistics by protocols

The following call optionnetstatallows you to find out information about sent and received packets (transmission / receive, TX / RX) for each interface:

Information about sent and received packets


The utility is nmcligreat for managing network connections, for making settings and for solving other similar tasks. With its help, you can manage the program NetworkManagerand modify the network parameters of various devices.


Here’s how nmclito list the network interfaces:

nmcli device

So you can display information on a specific interface:

nmcli device show <interface>

The following command call option allows you to check the device’s connection to the network:

nmcli connection

Examples of using nmcli

This command allows you to disable the specified interface:

nmcli connection down <interface>

And this allows you to enable the interface:

nmcli connection up <interface>

Here is an example of a command that adds a VLAN interface with a given VLAN number, IP address and gateway to the specified interface:

nmcli con addtype vlan con-name <connection-name> dev <interface> id <vlan-number> ipv4 <ip/cidr> gw4 <gateway-ip>


There are many commands that can be used to check the routing rules and their settings. Consider the most useful ones.


The following command shows all the current routes configured for the corresponding interfaces:

ip route

Routes configured for interfaces

This command allows you to add a default gateway to the routing table:

route adddefault gw <gateway-ip>

The following command adds a new network route to the routing table. There are many other parameters that allow you to perform operations such as adding a route and a gateway, used by default, and so on.

route add -net <networkip/cidr> gw <gatewayip><interface>

With this command, you can delete an entry for a given route from the routing table:

route del -net <network ip/cidr>

Here are examples of using the command route.

Using the route

command This is the command that is used to display the current neighbor table. In addition, it can be used to add, modify, or delete information about neighbors:

ip neighbor

Let's look at examples of its use.

Data received using the ip neighbor command.

Here is the command ip neigh

information. About the ip neigh

command command arp(ARP is short for Address Resolution Protocol) is similar to ip neighbor. The utility arpdisplays data on the compliance of IP addresses with MAC addresses. Here is how to use it:


Here is an example of her call.

Calling the arp command

Tcpdump and Wireshark

Linux gives the administrator a variety of tools for capturing and analyzing packets. Among them, for example tcpdump, wireshark, tshark, and others. They are used to capture network traffic in packets transmitted by the system or in packets received by it. This makes them a very valuable administrator tool to help determine the causes of various network problems. Those who prefer the command line to all other ways to communicate with computers will like it tcpdump. Those who like graphical interfaces can be recommended wireshark- a great tool for capturing and analyzing packets. The utility tcpdumpis a Linux tool for capturing network traffic. It can be used to capture and output traffic with filtering by ports, protocols, and other features.


This command shows, in real time, packets from a given interface:

tcpdump -i <interface-name>

Packages can be saved to a file using the flag -wand specifying the file name:

tcpdump -w <output-file.> -i <interface-name>

Here is an example of use tcpdump.

Using tcpdump

The following command is used to capture packets coming from a given IP of the source system:

tcpdump -i <interface> src <source-ip>

So you can capture the packets going to the specified address of the receiving system:

tcpdump -i <interface> dst <destination-ip>

Here is an example of using tcpdumppacket capture for a given port number, for example, it can be port 53, 80, 8080, and so on:

tcpdump -i <interface> port <port-number>

Here is how to tcpdumpcapture packets of a given protocol, such as TCP, UDP, or others:

tcpdump -i <interface><protocol>


The utility iptablesis similar to a firewall, it supports packet filtering, which allows you to manage traffic by passing or blocking it. The range of possibilities of this utility is huge. Consider a few of the most common options for its use.


The following command displays all existing rules iptables:

iptables -L

This command deletes all existing rules:

iptables -F

The following commands allow traffic from the specified port number to the specified interface:

iptables -A INPUT -i <interface> -ptcpdport <port-number> -mstatestateNEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o <interface> -ptcp -sport <port-number> -mstatestateESTABLISHED -jACCEPT

The following commands allow loopback access to the system:

iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT


The tool is nslookupused to obtain information about assigning IP addresses to network resources. It can also be used to obtain information from DNS servers, for example, such as all DNS records for a certain website (we will consider an example below). It nslookuplooks like a utility dig(Domain Information Groper).


The following command displays the IP addresses of your DNS server in the Server field, and, below, gives the IP address of the desired site:

nslookup <website-name.com>

This command shows all available entries for a given website or domain:

nslookup -type=any <website-name.com>


Here is a set of commands and a list of important files used to identify network problems.


  • ss - utility to display statistical information about sockets.
  • nmap <ip-address>- the name of this command is short for Network Mapper. It scans network ports, detects hosts, discovers MAC addresses and performs many other tasks.
  • ip addr/ifconfig -a - this command provides information about IP-addresses and other data on all interfaces of the system.
  • ssh -vvv user@<ip/domain>- this command allows you to connect via SSH to another computer using the specified IP address or domain name of the computer and user name. The flag -vvvallows you to get detailed information about what is happening.
  • ethtool -S <interface> - this command allows you to display statistical information on a given interface.
  • ifup <interface> - this command enables the specified interface.
  • ifdown <interface> - this command disables the specified interface.
  • systemctl restart network - With this command, you can restart the system network subsystem.
  • /etc/sysconfig/network-scripts/<interface-name>- this is the interface configuration file used to specify the IP address, network, gateway, and other parameters for a given interface. Here you can set the interface to use the DHCP mode.
  • /etc/hosts - this file contains information on the correspondence of hosts or domains to IP addresses configured by the administrator.
  • /etc/resolv.conf - The DNS settings are stored in this file.
  • /etc/ntp.conf - this file stores NTP settings.


In this small cheat sheet, we talked about Linux networking tools for system administrators. We hope you find these tools useful.

Dear readers! What do you use to administer networks and to determine the causes of network problems?

Also popular now: