Essential Linux Network Commands Every Sysadmin Should Know

Introduction

This reference lists essential Linux networking commands for interface configuration, routing, connectivity testing, packet capture, name resolution, and security assessment. Each command includes its purpose, common syntax, important options, and example usage.

1. ifconfig

The ifconfig utility (from the net-tools package) displays or configures network interfaces.

ifconfig [interface] [down|up|add<addr>|del<addr>|...]

Key parameters: add<addr>: add an IPv6 address del<addr>: delete an IPv6 address down: deactivate the interface up: activate the interface mtu <bytes>: set the maximum transmission unit netmask <mask>: set the subnet mask

Examples:

# Show all interfaces
ifconfig
# Bring eth0 down
ifconfig eth0 down
# Set MTU for eth0
ifconfig eth0 mtu 1500
# Assign a temporary IP
ifconfig ens33 192.168.10.20/24
# Create a virtual alias interface
ifconfig ens33:0 192.168.10.21

2. ip

The ip command from the iproute2 suite replaces ifconfig with richer functionality.

# Show interfaces
ip a   # or ip addr show
# Show link‑layer status (no IP)
ip link
# Show detailed statistics
ip -s link
# Show neighbour (ARP) entries
ip neighbour
# Bring eth0 up or down
ip link set eth0 up
ip link set eth0 down
# Add or delete an IP address
ip addr add 20.0.0.19/24 dev eth0
ip addr del 20.0.0.19/24 dev eth0
# Set default gateway
ip route add default via 20.0.0.2 dev eth0
# Show routing table
ip route show
# Monitor netlink messages
ip monitor all

3. ping

ping

sends ICMP echo requests to verify host reachability. ping [options] <host-or-ip> Common options: -c <count>: number of echo requests to send -i <interval>: interval between packets -s <size>: packet size -w <deadline>: quit after given seconds

Example:

# Send 5 pings to Baidu
ping -c 5 www.baidu.com

4. route

route

displays and manipulates the IP routing table.

route [-nee]
route add [-net|-host] <target> netmask <mask> gw <gateway> dev <iface>
route del [-net|-host] <target> netmask <mask> gw <gateway> dev <iface>

Key flags: add: add a route del: delete a route -net: target is a network -host: target is a single host

Example – add a default route:

route add default gw 172.16.0.1

5. lsof

lsof

(list open files) shows files opened by processes, useful for identifying which process is using a network socket. -a: list all files -c <process>: list files opened by a named process -u <uid>: list files for a user ID -g <gid>: list files for a group ID -d <fd>: list processes using a specific file descriptor +d <dir>: list files opened under a directory (recursive with +D) -i <cond>: filter by IP/port criteria -p <pid>: list files opened by a specific PID -n: show numeric addresses only

6. netstat

netstat

(from net-tools ) reports network connections, routing tables, and interface statistics. The newer ss command provides similar information more efficiently. netstat [-anpt] Important options: -a: all sockets -n: numeric addresses -p: show PID/program name -t: TCP sockets -u: UDP sockets -r: routing table

7. ss

ss

(socket statistics) is part of the iproute package and replaces netstat. ss [OPTIONS] [FILTER] Common options: -t: TCP -u: UDP -l: listening sockets -a: all sockets -n: numeric output -p: show process

Examples:

# List listening ports
ss -l
# Show all TCP sockets
ss -at
# Show processes owning sockets
ss -pl

8. traceroute

traceroute

traces the path packets take to a destination, displaying each hop and its round‑trip time. traceroute [options] <host-or-ip> Key options: -n: numeric output (no DNS lookup) -m <max_ttl>: maximum hop count -w <wait>: per‑probe timeout -I: use ICMP echo instead of UDP

Example:

# Trace route to Baidu
traceroute www.baidu.com

9. nslookup

nslookup

queries DNS servers for name resolution.

nslookup <domain>

10. dig

dig

provides detailed DNS query information and is part of the bind-utils package.

dig <domain>

11. nmcli

nmcli

is the command‑line interface for NetworkManager, allowing permanent configuration of network connections. nmcli [OPTIONS] OBJECT { COMMAND | help } Objects include general, networking, radio, connection, device, agent, monitor.

Common commands:

# Show all connections
nmcli con show
# Show active connections
nmcli con show --active
# Add a DHCP‑configured Ethernet connection named "default"
nmcli con add con-name default type Ethernet ifname eth0
# Add a static IP connection (no autoconnect)
nmcli con add con-name static type Ethernet ifname eth0 ip4 172.25.10.10/24 gw4 172.25.10.1
# Bring a connection up
nmcli con up static
# Modify DNS for a connection
nmcli con mod "static" +ipv4.dns 8.8.8.8

12. tcpdump

tcpdump

captures network packets for analysis. It supports extensive filtering expressions. tcpdump [options] [filter] Important options: -i <iface>: capture on a specific interface -c <count>: stop after a number of packets -w <file>: write captured packets to a file -n: numeric output (no name resolution) -vvv: very verbose output

Example filters:

# Capture all traffic on eth0
tcpdump -i eth0
# Capture only TCP packets to port 22 from 10.0.0.100
tcpdump tcp port 22 and src host 10.0.0.100
# Save 1000 packets to a file
tcpdump -c 1000 -w /tmp/capture.cap

13. arp

arp

manipulates the kernel ARP cache, allowing display, addition, or deletion of entries.

arp -n                # show ARP table (numeric)
arp -s 10.0.0.6 00:0c:29:32:80:38   # add static entry
arp -d 10.0.0.6      # delete entry

Static ARP entries can mitigate ARP spoofing attacks.

14. nmap

nmap

is a powerful network scanner used for host discovery and port enumeration.

# Basic SYN scan of a host
nmap -sS 192.168.1.1
# UDP scan
nmap -sU 192.168.1.1
# Scan for HTTP services on a subnet
nmap -p 80 192.168.80.0/24
# Ping sweep (no DNS reverse lookup)
nmap -n -sP 192.168.80.0/24

Common scan types and flags: -sS: SYN (half‑open) scan -sT: TCP connect scan -sU: UDP scan -sP: ping sweep -p: specify ports -n: skip DNS resolution