Linux: Networking Commands

By Xah Lee. Date: . Last updated: .

This page is a intro to networking commands on Linux. For a intro to computer networking concepts, see: TCP/IP Tutorial for Beginner. For Microsoft Windows networking commands, see: Windows: Networking Commands.

How to list all Network Adapter?

Type ip link show

linux ip link show output 2017
ip link show output

ignore the “lo” one (that's software-based local loopback). The rest are your Network Adapters.

What is my IP address?

To find the public IP address of your network's router,

go to, then type “What's my IP address?”. It'll show on top.

Or, find your router's IP address first, then use web browser to visit that IP address. Then, usually the router software will show the info somewhere there.

How to find the IP address of my machine?

To find the IP address of your machine's network adapter, type

ip addr

linux ip addre output 2017
ip addre output

For each network adapter, its IPv4 address is shown in the line “inet”, and your IPv6 address is shown in “inet6”.

How to find my machine's MAC address?

To find the MAC address of your machine's network adapter, type ip link.

◆ ip link

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 08:00:27:76:bb:55 brd ff:ff:ff:ff:ff:ff

The line with the format “08:00:27:76:bb:55” is the MAC address of that network adapter.

How to find the IP address of my router?

Type ip route. The line “default via” contains your router's IP address.

◆ ip route

default via dev eth0  proto static dev eth0  proto kernel  scope link  src  metric 1 dev eth0  scope link  metric 1000 

Or, type route. The line “default” and the IP in column “Gateway” shows the IP address of router.

How to find my router's MAC address?

First, find out your router's IP address. Then, type arp -a.

Sample output:

Address                  HWtype  HWaddress           Flags Mask            Iface                 ether   52:54:00:12:35:02   C                     eth0

Using modern iproute2 「ip」 Command


iproute2 is a collection of utilities for controlling TCP and UDP IP networking and traffic control in Linux, in both IPv4 and IPv6 networks.

iproute2 is intended to replace an entire suite of standard Unix networking tools (often called “net-tools”) that were previously used for the tasks of configuring network interfaces, routing tables, and managing the ARP table.

iproute2 unifies the syntax for these various commands, which evolved over many years of Unix development.

Tools replaced by iproute2 are:

purposelegacy commandsiproute2 commands
Address and link configurationifconfigip addr, ip link
Routing tablesrouteip route
Neighborsarpip neigh
VLANvconfigip link
Tunnelsiptunnelip tunnel
Multicastipmaddrip maddr

General Syntax of 「ip」 command

the general syntax is this: ip object command, where the object is one of:

each object will accept different commands. To see what commands are available, type help after the object. For example, ip link help

How to show all network adapters?

ip link show

How to find out if a network adapter is on or off?

ip link show. If it's on, it'll show “state UP”. If it's off, it'll show “state DOWN”.

How to turn on/off a network adapter?

to turn on, type sudo ip link name up. Use “down” for off.

classic commands



ifconfig (interface configuration). for configure, control, and query TCP/IP network interface parameters

Common uses for ifconfig include setting an interface's IP address and netmask, and disabling or enabling a given interface

Sample output:

◆ ifconfig -a
eth0      Link encap:Ethernet  HWaddr 08:00:27:76:bb:55
          inet addr:  Bcast:  Mask:
          inet6 addr: fe80::a00:27ff:fe76:bb55/64 Scope:Link
          RX packets:39 errors:0 dropped:0 overruns:0 frame:0
          TX packets:125 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:5433 (5.4 KB)  TX bytes:15303 (15.3 KB)

lo        Link encap:Local Loopback
          inet addr:  Mask:
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:44 errors:0 dropped:0 overruns:0 frame:0
          TX packets:44 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:3268 (3.2 KB)  TX bytes:3268 (3.2 KB)


Ping (networking utility)

used to test the reachability of a host on an Internet Protocol (IP) network and to measure the round-trip time for messages sent from the originating host to a destination computer.

Ping operates by sending Internet Control Message Protocol (ICMP) echo request packets to the target host and waiting for an ICMP response. In the process it measures the time from transmission to reception (round-trip time) and records any packet loss. The results of the test are printed in the form of a statistical summary of the response packets received, including the minimum, maximum, and the mean round-trip times, and sometimes the standard deviation of the mean.

ping, ping6

traceroute, tracepath


traceroute is a computer network diagnostic tool for displaying the route (path) and measuring transit delays of packets across an Internet Protocol (IP) network.

Traceroute sends a sequence of Internet Control Message Protocol (ICMP) echo request packets addressed to a destination host. Determining the intermediate routers traversed involves adjusting the time-to-live (TTL), aka hop limit, Internet Protocol parameter. Frequently starting with a value like 128 (Windows) or 64 (Linux), routers decrement this and discard a packet when the TTL value has reached zero, returning the ICMP error message ICMP Time Exceeded.

Traceroute works by increasing the TTL value of each successive set of packets sent. The first set of packets sent have a hop limit value of 1, expecting that they are not forwarded by the first router. The next set have a hop limit value of 2, so that the second router will send the error reply. This continues until the destination host receives the packets and returns an ICMP Echo Reply message.

Traceroute uses the returned ICMP messages to produce a list of routers that the packets have traversed. The timestamp values returned for each router along the path are the delay (aka latency) values, typically measured in milliseconds for each packet.

on Linux, by default, tracepath and tracepath6 is installed.

the traditional command traceroute requires superuser privilege. tracepath doesn't, and has fewer options.


netstat. Displays protocol statistics and current TCP/IP network connections.

netstat (network statistics) displays network connections (both incoming and outgoing), routing tables, and a number of network interface (network interface controller or software-defined network interface) and network protocol statistics.

It is used for finding problems in the network and to determine the amount of traffic on the network as a performance measurement.


Route (command) Manipulates network routing tables.

route is a command used to view and manipulate the TCP/IP routing table. Manual manipulation of the routing table is characteristic of static routing.

arp, Address Resolution Protocol, IP to MAC address

Address Resolution Protocol

Address Resolution Protocol (arp) is a telecommunications protocol used for resolution of network layer addresses into link layer addresses, a critical function in multiple-access networks. ARP was defined by RFC 826 in 1982. It is Internet Standard STD 37. It is also the name of the program for manipulating these addresses in most operating systems.

ARP has been implemented in many combinations of network and overlaying internetwork technologies, such as IPv4, Chaosnet, DECnet and Xerox PARC Universal Packet (PUP) using IEEE 802 standards, FDDI, X.25, Frame Relay and Asynchronous Transfer Mode (ATM), IPv4 over IEEE 802.3 and IEEE 802.11 being the most common cases.

In Internet Protocol Version 6 (IPv6) networks, the functionality of ARP is provided by the Neighbor Discovery Protocol (NDP).

ifconfigdisplay the link and address status of active interfaces
ip addr showdisplay the link and address status of active interfaces
route -ndisplay all the routing table in numerical addresses
ip route showdisplay all the routing table in numerical addresses
arpdisplay the current content of the ARP cache tables
ip neighdisplay the current content of the ARP cache tables
plogdisplay ppp daemon log
ping yahoo.comcheck the Internet connection to ""
whois yahoo.comcheck who registered "" in the domains database
traceroute yahoo.comtrace the Internet connection to ""
tracepath yahoo.comtrace the Internet connection to ""
mtr yahoo.comtrace the Internet connection to "" (repeatedly)
dig [] [{a|mx|any}]check DNS records of "" by "" for a "a", "mx", or "any" record
iptables -L -ncheck packet filter
netstat -afind all open ports
netstat -l --inetfind listening ports
netstat -ln --tcpfind listening TCP ports (numeric)
dlint example.comcheck DNS zone information of ""

using ufw

ufw is a simple command line to Linux's firewall features.

short intro: Linux: What's Netfilter, iptables, Their Differences?

Netlink «Netlink is a socket family used for IPC between the kernel and user space processes, as well as between user processes (e.g. UNIX sockets) or a mixture of both types. However, unlike INET sockets, it cannot traverse host boundaries, as it addresses processes by their (inherently local) PIDs.»

Netfilter «Netfilter is a set of hooks inside the Linux kernel that allows kernel modules to register callback functions with the network stack. A registered callback function is then called back for every packet that traverses the respective hook within the network stack.[1].»