9 network commands every Linux admin should know

These are the basic Linux network commands every admin should be able to use for troubleshooting network connection problems.

Man and woman working at data center

Image: Mark Agnor/ Shutterstock

If you're considering adding Linux to your data center, or your company is looking at promoting you to become their first (or next) Linux admin, you probably understand there are lots of commands to learn. In fact, during your early days of Linux admin, it'll seem like all you do is learn new commands.

SEE: 5 Linux server distributions you should be using (TechRepublic Premium)

But you don't have to approach the task without having first learned a few commands that will carry you through the beginning steps and into your intermediate period of Linux admin. So why not concentrate on a particular area that you will be dealing with pretty consistently—the network? Chances are good your Linux systems will be used for one or more network services, so you'll need to have at least a basic understanding of the more useful network tools.

Let's take a look at nine network commands that you'll use right out of the gate. With only two exceptions, these commands are distribution agnostic.

ip

The ip command replaced the old ifconfig and route commands. The ip command allows you to configure, add, delete and view network interfaces. For example, if you issue the command ip a, you'll see all configurations for all of your network interfaces. That might be a bit overwhelming, so to get only the information you need, go with ip link show. This will still display information for all of your connected network interfaces, but it'll be more compact.

To view a specific interface, you could issue the command ip address show dev ens5, which will give you more detailed information, but for only the network interface named ens5.

You can also view the routing table with the command ip route

The ip command also allows you to enable and disable network interfaces. To bring up interface ens5, the command would be:

sudo ip link set ens5 up

To bring down that same interface, the command would be:

sudo ip link set ens5 down

netstat

The netstat command allows you to examine network connections, routing tables, interface statistics, masquerade connections, multicast memberships and more. This is a very good tool to help you troubleshoot network issues. For example, you could use netstat to listen to all tcp ports with the command:

netstat -at

As traffic comes in, netstat will report it. 

The netstat command can also be used to only display ports that are currently listening. This is done with the command:

netstat -l

You can also specify either listening TCP or UDP ports like so:

netstat -lt
netstat -lu

To listen to all statistics for all ports:

netstat -s

To add process IDs (PIDs) to the output:

netstat -pt

nmap

The nmap utility is used for network discovery, auditing, and administration. The more useful tasks nmap can take care of are what ports are open on a remote machine and OS/service detection.

To check and see what ports are open on a remote machine, issue the command:

nmap SERVER

Where SERVER is the IP address or domain of the remote server.

The output will list all open ports on the server, such as:

PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
443/tcp open https

You can also check to see what hosts are up on your network with the command:

nmap -sn 192.168.1.0/24

The output will display results like:

Nmap scan report for 192.168.1.1
Host is up (0.00096s latency).
Nmap scan report for 192.168.1.35
Host is up (0.0038s latency).
Nmap scan report for 192.168.1.42
Host is up (0.0032s latency).
Nmap scan report for 192.168.1.50
Host is up (0.0051s latency).
Nmap scan report for 192.168.1.53
Host is up (0.0031s latency).
Nmap scan report for 192.168.1.60
Host is up (0.0038s latency).
Nmap scan report for 192.168.1.67
Host is up (0.0035s latency).
Nmap scan report for 192.168.1.108

To find out what operating systems are being used by a host, add the -O flag, such as:

sudo nmap -O 192.168.1.120

You should see something like:

Running: Linux 2.6.X
OS CPE: cpe:/o:linux:linux_kernel:2.6.32
OS details: Linux 2.6.32

The output for this can be quite deceiving because the kernel on the host I scanned is 5.8.0-41. You can get more detailed information about that host with the command:

sudo nmap -A 192.168.1.120

traceroute

If you use the ping command (which is a very basic network command every admin should already know) and it displays missing packets, you'll want to use traceroute to find the route those packets are taking. This is a very handy tool to find out which hop in a route is causing problems.

If you issue the command:

traceroute google.com

You'll see a list of every hop the packet takes from the current machine to google.com. You'll see listed the time (in milliseconds) it took from hop to hop or if there's a problem with a hop, you'll see where exactly the packets are failing.

The output of the above command shouldn't take much time. If it does, you know there's a problem and where the problem is.

If you see * * * listed in the route (where a hop should be), that's where the problem is.

tcpdump

tcpdump is a packet sniffing tool that will display network packets being transmitted over the network. The tcpdump command can either read contents in real-time or from a previously captured session.

To listen for network packets on all interfaces, issue the command:

sudo tcpdump -i any

The problem with such a command is that it will display quite a large amount of information. Because of that, you might want to capture the packets to a file, so you can view them later. To do this, the command would be (and run this from the /tmp directory, otherwise you'll get a permission-denied error when you try to read the file later):

sudo tcpdump -i any -w capture.pcap

After you feel like enough packets have been captured, you can stop the command with the [Ctrl]+[c] combination. To view the packets from the command, you'd issue:

tcpdump -r capture.pcap

ssh

If you have any intention of doing remote network administration, you'll be using Secure Shell (SSH). There are several ways to use this tool, but the basic usage is:

ssh USER@SERVER

Where USER is the remote username and SERVER is either the IP address or domain of the remote server. If your server uses a non-standard port for SSH, the command would be:

ssh USER@SERVER -p PORT

Where USER is the remote username, SERVER is either the IP address or domain of the remote server, and PORT is the port number used by the SSH daemon on the remote server.

wget

The wget command allows you to download files to your server. This is useful when that server doesn't have a GUI to make downloading files easier. 

To download a file to the server with wget, the command would be:

wget http://SERVER/FILE

Where SERVER is either the IP address or domain of the remote server and FILE is the file to be downloaded.

netplan

Netplan is the tool used on Ubuntu Server to test and apply network interface configurations. Netplan reads YAML files from the /etc/netplan directory. You can configure multiple interfaces and then test the configuration with the command:

sudo netplan try

If the test comes back OK, you can then apply the configuration (which will also bring the interface up) with the command:

sudo netplan apply

To find out how to configure a static IP address with netplan, read "How to configure a static IP address in Ubuntu Server 18.04."

nmtui

Nmtui is an ncurses interface on Red Hat-based distributions that allows you to configure and bring up/take down network interfaces. This is a front end for the nmcli command, which is considerably easier to use. To find out how to use nmtui, read "How to edit a CentOS network connection from the command line."

And there you have it, 9 Linux network commands that should get you started with your first steps as a Linux systems/network administrator. With each of these tools, you can learn more by reading the man pages, as in man nmap.

Subscribe to TechRepublic's How To Make Tech Work on YouTube for all the latest tech advice for business pros from Jack Wallen.

Also see

By Jack Wallen

Jack Wallen is an award-winning writer for TechRepublic, The New Stack, and Linux New Media. He's covered a variety of topics for over twenty years and is an avid promoter of open source. For more news about Jack Wallen, visit his website jackwallen....