Linux & Networking15 min
Linux Networking — Commands Cheat Sheet
Essential Linux networking commands — interface management, routing, port scanning, DNS lookup, HTTP testing, firewall rules, and packet capture.
Network Interfaces
# Modern: ip command (replaces ifconfig)
ip addr show # Show all interfaces + IPs
ip addr show eth0 # Specific interface
ip link show # Show link-layer state
ip link set eth0 up # Bring interface up
ip link set eth0 down # Bring interface down
# Add/remove IP address
ip addr add 192.168.1.10/24 dev eth0
ip addr del 192.168.1.10/24 dev eth0
# Legacy: ifconfig (still widely used)
ifconfig # Show all interfaces
ifconfig eth0 # Show specific
ifconfig eth0 192.168.1.10 netmask 255.255.255.0
Routing
ip route show # Show routing table
ip route get 8.8.8.8 # Show route for specific dest
ip route add default via 192.168.1.1 # Add default gateway
ip route add 10.0.0.0/8 via 172.16.0.1 # Add static route
ip route del 10.0.0.0/8
# Legacy
route -n # Show routing table (numeric)
netstat -rn # Same
# Persist routes (varies by distro)
# NetworkManager: nmcli, nmtui
# systemd-networkd: /etc/systemd/network/*.network
Active Connections & Ports
# ss (modern replacement for netstat)
ss -tuln # TCP+UDP listening, numeric, no DNS
ss -tulnp # + show process name
ss -s # Socket statistics summary
ss -tp # TCP connections with process
ss -o state established # Only established connections
ss -o state listening # Only listening
ss 'dst 8.8.8.8' # Filter by destination
# netstat (legacy, may need net-tools)
netstat -tuln # TCP+UDP listening
netstat -an # All connections, numeric
netstat -tp # TCP with process names
netstat -rn # Routing table
# lsof (who has a port open)
lsof -i :80 # Who's on port 80
lsof -i TCP:8080-9000 # Port range
lsof -i -P -n # All connections, numeric
# Check open ports locally
cat /proc/net/tcp # Raw kernel TCP table (hex)
DNS Lookups
# dig (recommended)
dig example.com # A record
dig example.com MX # Mail records
dig example.com ANY # All record types
dig @8.8.8.8 example.com # Use specific DNS server
dig +short example.com # Just the IP
dig -x 93.184.216.34 # Reverse DNS
dig example.com +trace # Trace delegation chain
# nslookup
nslookup example.com # Basic lookup
nslookup example.com 8.8.8.8 # Use specific DNS server
# host (simple)
host example.com
host -t MX example.com
# Check system DNS config
cat /etc/resolv.conf
resolvectl status # systemd-resolved
Ping, Traceroute & Reachability
ping -c 4 8.8.8.8 # 4 ping packets
ping -i 0.2 -c 100 host # Fast ping
ping6 2001:4860:4860::8888 # IPv6 ping
traceroute 8.8.8.8 # Trace path (UDP)
traceroute -T 8.8.8.8 # TCP SYN mode
mtr 8.8.8.8 # Live traceroute + ping stats
mtr --report 8.8.8.8 # One-shot report
# Check port reachability
nc -zv hostname 443 # TCP port check
nc -zvw3 hostname 22 # With 3s timeout
telnet hostname 80 # Legacy port check
curl — HTTP Testing
# Basic requests
curl https://example.com # GET
curl -I https://example.com # Headers only (HEAD)
curl -v https://example.com # Verbose
curl -s https://example.com # Silent (no progress)
curl -o output.html https://example.com # Save to file
curl -L https://short.url/redirect # Follow redirects
# POST / PUT
curl -X POST https://api.example.com/data \
-H "Content-Type: application/json" \
-d '{"key":"value"}'
curl -X PUT https://api.example.com/data/1 \
-H "Authorization: Bearer TOKEN" \
-d '{"key":"updated"}'
# File upload
curl -F "file=@/path/to/file.txt" https://upload.example.com
# Authentication
curl -u username:password https://example.com
curl -H "Authorization: Bearer mytoken" https://api.example.com
# Show response code only
curl -s -o /dev/null -w "%{http_code}" https://example.com
# Download with progress bar
curl --progress-bar -O https://example.com/file.tar.gz
nmap — Port & Network Scanning
nmap 192.168.1.1 # Basic scan (top 1000 ports)
nmap -p 22,80,443 host # Specific ports
nmap -p 1-1024 host # Port range
nmap -p- host # All 65535 ports
nmap -sV host # Service/version detection
nmap -O host # OS detection (needs root)
nmap -sC host # Default scripts
nmap -A host # Aggressive: OS+version+scripts
nmap -sU -p 161 host # UDP scan (SNMP)
nmap 192.168.1.0/24 # Scan entire subnet
nmap -iL hosts.txt # Scan from file
nmap --top-ports 20 host # Scan top 20 ports
Firewall — iptables & nftables
# iptables (legacy, still common)
iptables -L -n -v # List all rules
iptables -L INPUT -n -v # Input chain only
iptables -A INPUT -p tcp --dport 80 -j ACCEPT # Allow HTTP
iptables -A INPUT -p tcp --dport 443 -j ACCEPT # Allow HTTPS
iptables -A INPUT -p tcp --dport 22 -s 10.0.0.0/8 -j ACCEPT # SSH from 10/8
iptables -A INPUT -j DROP # Drop everything else
iptables -D INPUT -j DROP # Delete rule
# Save/restore
iptables-save > /etc/iptables/rules.v4
iptables-restore < /etc/iptables/rules.v4
# UFW (Ubuntu frontend)
ufw status
ufw allow 80/tcp
ufw allow from 10.0.0.0/8 to any port 22
ufw deny 23
ufw enable
ufw reload
Packet Capture — tcpdump
tcpdump -i eth0 # Capture on eth0
tcpdump -i any port 443 # HTTPS on any interface
tcpdump -i eth0 host 8.8.8.8 # To/from specific host
tcpdump -i eth0 -n -v port 80 # HTTP verbose, no DNS
tcpdump -i eth0 -w capture.pcap # Write to file
tcpdump -r capture.pcap # Read from file
tcpdump -i eth0 'tcp[tcpflags] & tcp-syn != 0' # SYN packets only
tcpdump -i eth0 icmp # Only ICMP (ping)
Bandwidth & Throughput
# iperf3 — measure bandwidth
# On server side:
iperf3 -s
# On client:
iperf3 -c server-ip # TCP test
iperf3 -c server-ip -u -b 100M # UDP at 100 Mbps
# nethogs — per-process bandwidth
nethogs eth0
# iftop — live interface bandwidth
iftop -i eth0
# vnstat — long-term usage stats
vnstat
vnstat -l # Live
vnstat -d # Daily stats
Useful Patterns
# Get external IP
curl -s ifconfig.me
# Check which process owns a port
ss -tlnp | grep :80
fuser 80/tcp
# Find all listening TCP ports
ss -tlnp | grep LISTEN | awk '{print $4}' | cut -d: -f2 | sort -n
# Simulate HTTP request latency
curl -s -o /dev/null -w "DNS: %{time_namelookup}s Connect: %{time_connect}s Total: %{time_total}s\n" https://example.com
# Test SSL certificate
echo | openssl s_client -connect example.com:443 2>/dev/null | openssl x509 -noout -dates