Networking

Four of my most-used CLI commands

Scott Reeves lists four of the commands in Linux that he uses most often along with some examples of how he uses them. What are the commands you can't live without?

My main workstation is a Linux laptop, which has a few applications installed that I need to use, such as Libre Office, Lyx, Jabref and g++. I invariably have a terminal window open somewhere on my workspace, which I use for various tasks. There are a few commands that I find myself using most days. This post is a list of four of these commands.

Netstat

The first command on my list is netstat. There are a few options with netstat; the options I tend to use are -r and -a. The -r option prints out the routing table. This is useful when you want to check the default gateway and subnet mask. But the option I generally use is the -a option, which shows all TCP and UDP connections. It also gives the name of the application (if known) that is using a connection. Finally, it shows the state of TCP connections. See for instance the below output, which is a sample of output from running netstat -a.

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 *:50450                 *:*                     LISTEN
tcp        0      0 localhost:ipp           *:*                     LISTEN
tcp        0      0 *:17500                 *:*                     LISTEN
tcp       38      0 gudaring.local:33581    v-d-2a.sjc.dropbo:https CLOSE_WAIT
tcp        0      0 gudaring.local:46072    tf-in-f125.1e100.:https ESTABLISHED
tcp        0      0 gudaring.local:49496    r-199-59-148-20.t:https ESTABLISHED
tcp        0      0 gudaring.local:42965    sjc-not15.sjc.dropb:www ESTABLISHED
tcp        0      0 gudaring.local:50959    kwaimuk.canonical:https ESTABLISHED
tcp        0      0 gudaring.local:58176    111.221.77.149:40005    ESTABLISHED
tcp       38      0 gudaring.local:51187    v-client-1a.sjc.d:https CLOSE_WAIT
tcp        0      0 gudaring.local:54352    rproxy2.msg.vip.sp2:www ESTABLISHED
tcp       38      0 gudaring.local:35819    75.126.110.108-st:https CLOSE_WAIT

Awk

Another command that I use is awk. I like being able to run a command and pipe the output to awk to view just the fields I want to look at, and use a regular expression to extract the lines I want to view. Going back to netstat, for example, I want to look at only the connections that are established, and of those, I want to look only at the fifth field. I can do this by simply typing in the command string netstat -a | awk ‘/ESTABLISHED/ {print $5}'. This will print out the data I want.

tf-in-f125.1e100.:https
sjc-not15.sjc.dropb:www
kwaimuk.canonical:https
111.221.77.149:40005
r-199-59-149-232.:https
rproxy2.msg.vip.sp2:www

Regular expressions are very handy to know, especially when using awk on the CLI. Going back to the netstat output, you could extract the lines beginning with "tcp" and again print the fifth field of the output.

root@gudaring:/home# netstat -a | awk '/^tcp / {print $5}'
*:*
*:*
*:*
v-d-2a.sjc.dropbo:https
r2.ycpi.vip.aue.yah:www
tf-in-f125.1e100.:https
sjc-not15.sjc.dropb:www
kwaimuk.canonical:https
111.221.77.149:40005
v-client-1a.sjc.d:https
rproxy2.msg.vip.sp2:www
75.126.110.108-st:https
root@gudaring:/home#

Time

Another command I use is time. What this does in its most basic form is tell you the time it takes to execute a command. As I am at present trying to optimise some code, I use time regularly in order to obtain a measurement of the execution time of a program. The output of time is shown below; it also tells you the time the process spends in system and in user mode.

root@gudaring:/home# time ls
scott
real  0m0.132s
user  0m0.000s
sys   0m0.004s
root@gudaring:/home#

Man

The final command would likely upset one of my oldest Linux/Unix colleagues if he saw it was last on my list. The command is of course man. My colleague would invariably start any Linux introductory shell programming course stating that man was possibly the most useful command to know on Linux, and that you should, as a start, type in man man.

These are commands that I invariably end up using from day to day. Some, such as netstat, I use daily, whereas others such as time, man and awk are every other day.

What are the commands you can't do without?

About

Scott Reeves has worked for Hewlett Packard on HP-UX servers and SANs, and has worked in similar areas in the past at IBM. Currently he works as an independent IT consultant, specializing in Wi-Fi networks and SANs.

8 comments
anil_g
anil_g

It depends where you're going with this but I always need to set up a few alias for ls. ll is often established already these days for 'ls -l' but I also add lll which I set to do almost the same thing. I type ll so often that I find I occasionally type lll by mistake, so it's nice to have something similarly useful there when I do so rather than the error message. Also: diff wc less -S -x 24 And of course: vim ssh For network: ping nslookup (maybe someone can describe dig and traceroute)

rcugini
rcugini

Mainly I use the terminal for updates in Mint. This one will ensure that you have the latest greatest version of Linux. You will need to install Synaptic first, however. apt-get dist-upgrade -Vfy If you already have that, it'll also handle normal updates and bugfixes nicely. Run it once a week.

pjamer
pjamer

Hi! I think I use mostly these: apt-get install something mc - for browsing throught folders and editing config files df ifconfig route

pgit
pgit

and of course pgrep. Another thing to mention if usefulness is the topic is shell completion. (I use bash, ergo bash-completion) With cd and ls, it's easy to dive into file systems to find something you need to edit.

arvinsloane
arvinsloane

ipconfig nslookup dsquery (so much faster to look up than AD User and Computers)

ColinFromTheCrypt
ColinFromTheCrypt

1. ps 2. find 3. grep 4. tcpdump 5. traceroute 6. scp 7. mount 8. script 9. df ...together with their various switches and arguments. (Also use "# ping Elvis" occasionally to see if he's still alive)

pmabraham
pmabraham

# Show connects per IP address netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n # For mail server trouble shooting # show port 25 connections by IP and those that are involved in SYN netstat -ntu | grep ':25' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort netstat -an | grep SYN | grep :25 | sort

CharlieSpencer
CharlieSpencer

is a waste of time. It's not that he isn't alive, but he signed a contract requiring all attempts to ping him to forward to Col. Tom Parker. All the DNS providers have it mapped that way in their tables.