Master Linux Networking: Essential Commands Every Sysadmin Should Know
This comprehensive guide covers the most commonly used Linux networking commands—including ifconfig, ip, ping, traceroute, nslookup, dig, netstat, ss, tcpdump, arp, and nmap—explaining their syntax, options, and practical examples to help administrators configure interfaces, diagnose connectivity, and secure their networks.
Introduction
This document outlines key Linux network management commands such as ifconfig for interface configuration, ip for routing, ping for connectivity testing, and nmap for security scanning. It also introduces nslookup and dig for DNS resolution, tcpdump for packet capture, and arp for ARP table manipulation.
1. ifconfig
The ifconfig command displays or sets network interface parameters and originates from the net-tools package.
ifconfig [interface] [down|up|options] [add<address>] [del<address>] ... [IP address]Common usage examples:
# Show interface information ifconfig # Bring an interface down or up ifconfig eth0 down or ifconfig eth0 up # Set MTU ifconfig eth0 mtu 1500 # Assign a temporary IP address ifconfig ens33 192.168.10.20/24 # Create a virtual alias interface
ifconfig ens33:0 192.168.10.212. ip
The ip command replaces ifconfig with more powerful functionality and is part of the iproute2 suite.
Typical examples:
# Show all interfaces<br/>ip a<br/># Show link layer status<br/>ip link<br/># Show routing table<br/>ip route show<br/># Add a static IP address<br/>ip addr add 20.0.0.19/24 dev eth0<br/># Delete an IP address<br/>ip addr del 20.0.0.19/24 dev eth0<br/># Set default gateway<br/>ip route add default via 20.0.0.2 dev eth0Reference: "Try the ip command on Linux".
3. ping
The ping utility sends ICMP echo requests to test host reachability. ping [options] [hostname|IP] Common options:
-c: number of packets to send
-i: interval between packets
-s: packet size
-w: timeout in seconds
Example:
# Ping Baidu five times<br/>ping -c 5 www.baidu.com4. route
The route command displays and manipulates the IP routing table.
route add -net 192.168.0.0 netmask 255.255.255.0 gw 172.16.0.1 dev eth0<br/>route del -host 192.168.1.3 gw 172.16.0.1 dev eth0To make routes persistent, add them to /etc/rc.local, /etc/sysconfig/network, or a static‑router configuration file.
5. lsof
lsof(list open files) lists files opened by processes.
-a : list all open files<br/>-c <process> : list files opened by a specific process<br/>-u <UID> : list files for a user ID<br/>-p <PID> : list files for a specific PID6. netstat
netstat(from net-tools ) shows network connections, routing tables, and interface statistics. The newer ss command provides similar information more efficiently.
# Show all sockets with processes<br/>netstat -anpt<br/># Filter for SSH<br/>netstat -anpt | grep sshd7. ss
ssis part of the iproute package and replaces netstat.
# List listening ports<br/>ss -l<br/># Show detailed socket info<br/>ss -s<br/># Show all TCP sockets<br/>ss -at<br/># Show established SSH connections<br/>ss -o state established '( dport = :ssh or sport = :ssh )'8. traceroute
traceroutedisplays the path packets take to a destination host. traceroute [options] [host|IP] Common options:
-n : use numeric IP addresses
-w : timeout per hop
-m : max TTL
Example:
# Trace to Baidu<br/>traceroute www.baidu.com9. nslookup
nslookupqueries DNS records.
# Query Baidu<br/>nslookup www.baidu.com10. dig
digprovides detailed DNS query information.
# Query Baidu with dig<br/>dig www.baidu.com11. nmcli
nmclimanages NetworkManager connections and devices.
# Show all connections<br/>nmcli con show<br/># Show active connections<br/>nmcli con show --active<br/># Add a new Ethernet connection named "default"
nmcli con add con-name default type Ethernet ifname eth0<br/># Bring a connection up<br/>nmcli con up default12. tcpdump
tcpdumpcaptures network packets for analysis.
# Capture on eth0, limit to 1000 packets, write to file<br/>tcpdump -i eth0 -c 1000 -w /tmp/capture.capCommon options include -i (interface), -c (packet count), -w (output file), -n (no name resolution), and filter expressions such as tcp port 22 and src host 10.0.0.100.
13. arp
The arp command manipulates the ARP cache.
# Display ARP table<br/>arp -n<br># Add a static entry<br/>arp -s 10.0.0.6 00:0c:29:32:80:38<br># Delete an entry<br/>arp -d 10.0.0.614. nmap
nmapis a powerful port scanner and security assessment tool.
# Scan TCP ports on localhost<br/>nmap -sT 127.0.0.1<br># Scan UDP ports on localhost<br/>nmap -sU 127.0.0.1<br># Scan for HTTP services in a subnet<br/>nmap -p 80 192.168.80.0/24<br># Ping sweep a subnet<br/>nmap -n -sP 192.168.80.0/24Common scan options include -p (port selection), -sS (SYN scan), -sU (UDP scan), -n (no DNS resolution), and -Pn (skip host discovery).
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
MaGe Linux Operations
Founded in 2009, MaGe Education is a top Chinese high‑end IT training brand. Its graduates earn 12K+ RMB salaries, and the school has trained tens of thousands of students. It offers high‑pay courses in Linux cloud operations, Python full‑stack, automation, data analysis, AI, and Go high‑concurrency architecture. Thanks to quality courses and a solid reputation, it has talent partnerships with numerous internet firms.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.