This page is a intro to networking commands on Linux. For a intro to computer networking concepts, see: Computer Networking, TCP/IP Basics. For Microsoft Windows networking commands, see: Windows: Networking Commands.
How to list all Network Adapter?
Type ip link show. Sample output:
◆ ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 08:00:27:76:bb:55 brd ff:ff:ff:ff:ff:ff
ignore the “lo” one (that's the local loopback). The rest are your Network Adapters.
What's my IP address?
Technically, you are probably asking the public IP address of your network's router.
Go to https://www.google.com/, then type “What's my IP address?”. It'll show on top.
Or, find your router's IP address first, then use web browser to visit that IP address. Then, usually the router software will show the info somewhere there.
How to find the IP address of my machine?
Technically, you want to find the IP address of your machine's network adapter.
Type ip addr.
◆ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 08:00:27:76:bb:55 brd ff:ff:ff:ff:ff:ff
inet 10.0.2.15/24 brd 10.0.2.255 scope global eth0
inet6 fe80::a00:27ff:fe76:bb55/64 scope link
valid_lft forever preferred_lft forever
For each network adapter, its IPv4 address is shown in the line “inet”, and your IPv6 address is shown in “inet6”.
How to find my machine's MAC address?
Technically, you want to find the MAC address of your machine's network adapter.
Type ip link.
◆ ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 08:00:27:76:bb:55 brd ff:ff:ff:ff:ff:ff
The line with the format “08:00:27:76:bb:55” is the MAC address of that network adapter.
How to find the IP address of my router?
Type ip route. The line “default via” contains your router's IP address.
◆ ip route default via 10.0.2.2 dev eth0 proto static 10.0.2.0/24 dev eth0 proto kernel scope link src 10.0.2.15 metric 1 169.254.0.0/16 dev eth0 scope link metric 1000
Or, type route. The line “default” and the IP in column “Gateway” shows the IP address of router.
How to find my router's MAC address?
First, find out your router's IP address. Then, type arp -a.
Sample output:
Address HWtype HWaddress Flags Mask Iface 10.0.2.2 ether 52:54:00:12:35:02 C eth0
iproute2 is a collection of utilities for controlling TCP and UDP IP networking and traffic control in Linux, in both IPv4 and IPv6 networks.
iproute2 is intended to replace an entire suite of standard Unix networking tools (often called “net-tools”) that were previously used for the tasks of configuring network interfaces, routing tables, and managing the ARP table.
iproute2 unifies the syntax for these various commands, which evolved over many years of Unix development.
Tools replaced by iproute2 are:
| purpose | legacy commands | iproute2 commands |
|---|---|---|
| Address and link configuration | ifconfig | ip addr, ip link |
| Routing tables | route | ip route |
| Neighbors | arp | ip neigh |
| VLAN | vconfig | ip link |
| Tunnels | iptunnel | ip tunnel |
| Multicast | ipmaddr | ip maddr |
| Statistics | netstat | ss |
the general syntax is this: ip ‹object› ‹command›, where the ‹object› is one of { link, addr, addrlabel, route, rule, neigh, tunnel, maddr, mroute }.
each object will accept different commands. To see what commands are available, type help after the object. ⁖ ip link help
How to show all network adapters?
ip link show
How to find out if a network adapter is on or off?
ip link show. If it's on, it'll show “state UP”.
If it's off, it'll show “state DOWN”.
How to turn on/off a network adapter?
to turn on, type sudo ip link ‹name› up. Use “down” for off.
ifconfig (interface configuration). for configure, control, and query TCP/IP network interface parameters
Common uses for ifconfig include setting an interface's IP address and netmask, and disabling or enabling a given interface
ifconfig.ifconfig -a.sudo ifconfig ‹name› down , where the ‹name› is typically “eth0” or “wlan0”. But for wireless network adapter, it may turn on itself after you turn it off.sudo ifconfig ‹name› up .Sample output:
◆ ifconfig -a
eth0 Link encap:Ethernet HWaddr 08:00:27:76:bb:55
inet addr:10.0.2.15 Bcast:10.0.2.255 Mask:255.255.255.0
inet6 addr: fe80::a00:27ff:fe76:bb55/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:39 errors:0 dropped:0 overruns:0 frame:0
TX packets:125 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:5433 (5.4 KB) TX bytes:15303 (15.3 KB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:44 errors:0 dropped:0 overruns:0 frame:0
TX packets:44 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:3268 (3.2 KB) TX bytes:3268 (3.2 KB)
used to test the reachability of a host on an Internet Protocol (IP) network and to measure the round-trip time for messages sent from the originating host to a destination computer.
Ping operates by sending Internet Control Message Protocol (ICMP) echo request packets to the target host and waiting for an ICMP response. In the process it measures the time from transmission to reception (round-trip time) and records any packet loss. The results of the test are printed in the form of a statistical summary of the response packets received, including the minimum, maximum, and the mean round-trip times, and sometimes the standard deviation of the mean.
ping, ping6
traceroute is a computer network diagnostic tool for displaying the route (path) and measuring transit delays of packets across an Internet Protocol (IP) network.
Traceroute sends a sequence of Internet Control Message Protocol (ICMP) echo request packets addressed to a destination host. Determining the intermediate routers traversed involves adjusting the time-to-live (TTL), aka hop limit, Internet Protocol parameter. Frequently starting with a value like 128 (Windows) or 64 (Linux), routers decrement this and discard a packet when the TTL value has reached zero, returning the ICMP error message ICMP Time Exceeded.
Traceroute works by increasing the TTL value of each successive set of packets sent. The first set of packets sent have a hop limit value of 1, expecting that they are not forwarded by the first router. The next set have a hop limit value of 2, so that the second router will send the error reply. This continues until the destination host receives the packets and returns an ICMP Echo Reply message.
Traceroute uses the returned ICMP messages to produce a list of routers that the packets have traversed. The timestamp values returned for each router along the path are the delay (aka latency) values, typically measured in milliseconds for each packet.
on linux, by default, tracepath and tracepath6 is installed.
the traditional command traceroute requires superuser privilege. tracepath doesn't, and has fewer options.
netstat. Displays protocol statistics and current TCP/IP network connections.
netstat (network statistics) displays network connections (both incoming and outgoing), routing tables, and a number of network interface (network interface controller or software-defined network interface) and network protocol statistics.
It is used for finding problems in the network and to determine the amount of traffic on the network as a performance measurement.
Route (command) Manipulates network routing tables.
route is a command used to view and manipulate the TCP/IP routing table. Manual manipulation of the routing table is characteristic of static routing.
Address Resolution Protocol (arp) is a telecommunications protocol used for resolution of network layer addresses into link layer addresses, a critical function in multiple-access networks. ARP was defined by RFC 826 in 1982. It is Internet Standard STD 37. It is also the name of the program for manipulating these addresses in most operating systems.
ARP has been implemented in many combinations of network and overlaying internetwork technologies, such as IPv4, Chaosnet, DECnet and Xerox PARC Universal Packet (PUP) using IEEE 802 standards, FDDI, X.25, Frame Relay and Asynchronous Transfer Mode (ATM), IPv4 over IEEE 802.3 and IEEE 802.11 being the most common cases.
In Internet Protocol Version 6 (IPv6) networks, the functionality of ARP is provided by the Neighbor Discovery Protocol (NDP).
| command | description |
|---|---|
ifconfig | display the link and address status of active interfaces |
ip addr show | display the link and address status of active interfaces |
route -n | display all the routing table in numerical addresses |
ip route show | display all the routing table in numerical addresses |
arp | display the current content of the ARP cache tables |
ip neigh | display the current content of the ARP cache tables |
plog | display ppp daemon log |
ping yahoo.com | check the Internet connection to "yahoo.com" |
whois yahoo.com | check who registered "yahoo.com" in the domains database |
traceroute yahoo.com | trace the Internet connection to "yahoo.com" |
tracepath yahoo.com | trace the Internet connection to "yahoo.com" |
mtr yahoo.com | trace the Internet connection to "yahoo.com" (repeatedly) |
dig [@dns-server.com] example.com [{a|mx|any}] | check DNS records of "example.com" by "dns-server.com" for a "a", "mx", or "any" record |
iptables -L -n | check packet filter |
netstat -a | find all open ports |
netstat -l --inet | find listening ports |
netstat -ln --tcp | find listening TCP ports (numeric) |
dlint example.com | check DNS zone information of "example.com" |
netstat -rn = ip routhostname = display hostnameufw is a simple command line to Linux's firewall features.
short intro: Linux: What's Netfilter, iptables, Their Differences?
lsof -i Lsof slurmiptraftrafshowNetlink «Netlink is a socket family used for IPC between the kernel and user space processes, as well as between user processes (e.g. UNIX sockets) or a mixture of both types. However, unlike INET sockets, it cannot traverse host boundaries, as it addresses processes by their (inherently local) PIDs.»
Netfilter «Netfilter is a set of hooks inside the Linux kernel that allows kernel modules to register callback functions with the network stack. A registered callback function is then called back for every packet that traverses the respective hook within the network stack.[1].»