Essential Command-Line Tools Every Linux Sysadmin Should Know

Network Tools

ping : Sends ICMP echo requests to measure round‑trip time, jitter, and packet loss, useful for checking host reachability.

hping : Generates custom ICMP/TCP/UDP packets for advanced scanning, firewall testing, MTU path discovery, and fragmentation tests.

traceroute : Uses TTL‑limited packets to reveal the layer‑3 path between the local host and a remote target, aiding route troubleshooting.

mtr : Combines traceroute and ping, providing per‑hop loss and latency statistics for path quality assessment.

netcat / socat : Versatile TCP/UDP utilities that read and write raw byte streams, useful for testing firewalls and service availability.

dig : DNS query tool for forward/reverse lookups, record inspection (CNAME, MX, etc.) and testing specific name servers.

nslookup : Alternative DNS debugging utility supporting all query types.

dnsyo : Performs large‑scale DNS queries against many open resolvers to evaluate global DNS propagation.

lsof : Lists open files, pipes, and sockets of processes, helping monitor network connections.

iftop : ncurses‑based UI that shows real‑time bandwidth usage per interface, identifying bandwidth‑hungry hosts and ports.

netstat : Displays current network connections, routing tables, and interface statistics for diagnostics.

tcpdump : Captures packets using libpcap filters, allowing detailed traffic analysis.

tshark : Command‑line counterpart of Wireshark, supporting thousands of protocols for live packet inspection.

ip : Part of iproute2; manages routes, interfaces, tunnels, and address assignments.

ifup / ifdown : Activates or deactivates network interfaces, commonly used to restart networking.

autossh : Maintains persistent SSH tunnels, automatically reconnecting after drops.

iperf : Measures maximum TCP/UDP throughput between two hosts.

elinks / lynx : Text‑mode web browsers for command‑line environments.

Security Tools

iptables : Configures Linux kernel firewall rules for packet filtering, NAT, and forwarding.

nmap : Performs port scanning and network discovery for security assessments.

TCP Wrappers : Host‑based access control layer that works alongside iptables.

getfacl / setfacl : Views and modifies file and directory ACLs, extending traditional permissions.

cryptsetup : Creates and manages LUKS‑encrypted disk partitions.

lynis : Audits a Linux system for known vulnerabilities and suggests remediation.

maldet : Scans for malware, can run continuously to monitor for infections.

rkhunter / chkrootkit : Detects rootkits, hidden backdoors, and suspicious exploits.

Storage Tools

fdisk : Interactive disk partition editor.

sfdisk : Non‑interactive variant of fdisk for scripting partition changes.

parted : Handles GPT and large‑disk partitioning; gparted provides a GUI front‑end.

df : Shows used and available space on mounted filesystems (dfc is a friendlier variant).

du : Reports disk usage of files and directories (e.g., du -sh *).

mkfs : Formats a partition with a chosen filesystem (ext2/3/4, bfs, ntfs, vfat, etc.).

fsck : Checks and attempts to repair filesystem errors.

mount : Attaches a block device, network share, or remote storage to a local mount point.

mdadm : Manages software RAID arrays.

lvm : Provides logical volume management for flexible resizing, splitting, and merging of volumes.

Log Access Tools

tail : Views the end of a growing log file; variants include multitail and ztail (inotify‑aware).

logrotate : Rotates, compresses, and optionally emails old logs based on time or size.

grep / egrep : Filters log lines using regular expressions; faster alternatives include ack and ag.

awk : Extracts and processes columns or patterns from text streams.

sed : Stream editor for in‑place text transformations (deleting lines, substitutions, etc.).

Backup Tools

rsync : Fast incremental backup and mirroring, optionally over SSH or stunnel.

rdiff-backup : Bandwidth‑efficient incremental backups that store differences between snapshots.

duplicity : Encrypted incremental backups using GnuPG, with remote storage via SSH.

Performance Monitoring Tools

top : Real‑time process viewer; htop offers a richer UI.

ps : Snapshots current processes; pstree displays them as a tree.

nethogs : Shows bandwidth usage per process.

ngxtop : Parses web server access logs and presents live request statistics.

vmstat : Reports system metrics such as processes, memory, paging, CPU, and I/O.

iotop : ncurses UI for per‑process disk I/O monitoring.

iostat : Provides CPU utilization and device I/O statistics.

Efficiency Tools

screen : Splits a single terminal into multiple persistent virtual terminals, with remote sharing capabilities.

tmux : Terminal multiplexer supporting horizontal and vertical pane splitting.

cheat : Displays concise cheat‑sheets for common Linux commands, fully customizable.

apropos : Searches manual page descriptions for keywords.

Package Management Tools

apt : Default package manager for Debian‑based distributions.

apt-fast : Parallelizes apt downloads to speed up installation.

apt-file : Finds which package provides a given file, even for uninstalled packages.

dpkg : Low‑level tool for installing .deb packages; higher‑level tools are preferred.

yum : Automatic package manager for Red‑Hat‑based systems (RHEL, CentOS, Fedora).

rpm : Low‑level package query and management utility, often used with yum.

Hardware Tools

lspci : Lists detailed information about PCI devices.

lshw : Provides comprehensive hardware inventory in text, HTML, XML, or JSON.

inxi : Summarizes hardware components such as CPU, GPU, sensors, and more.