Linux Network Commands "Cheat Sheet"

post-thumb

Photo by welcomia from iStock

Table of Contents

When you are upgrading your home network and/or building a homelab, you will likely need to troubleshoot various network issues especially as the number of devices/services continues to grow. I have compiled a list of commands I find useful for troubleshooting connectivity and when I am setting up various Linux containers/virtual machines. I plan to update this list as I come across new useful commands or other commands I forgot to add at the time of this writing.

Interface Information

Interface information commands are used when you need to know more information about the network interface(s) of the device you are logged into and allows you to check if a device has properly assigned network addresses.

IP Commands

To see all of your IP addresses, you can use the ip command.

ip a

You can add a filter to only show IPv4 or IPv6 addresses, using the -4 or -6 option.

ip -4 a
ip -6 a

An alternative way to see the network information is to use ifconfig. You may need to install net-tools if your distro does come preinstalled with that command. I often use ifconfig since it is slightly easier to read than the ip command. There is not a huge difference in the amount of information being displayed. One notable difference is ifconfig displays some basic transmit/receive statistics which may be useful at a quick glance.

ifconfig

Netstat Command

The netstat command is useful for discovering the ports various services on your machine are listening on. You may need to install net-tools if your distro does come preinstalled with that command. If you use the netstat command with no options, you will see a huge listing of all the Unix sockets that are in use. Most likely you are not concerned with those since they are primarily used for local connections between processes on your system. To filter out those, you the -t option for TCP and -u for UDP. Use the -l option for listening ports. If you prefer to see the IP addresses rather than hostnames, use the -n option.

When you are adding multiple options, you can combine them together as shown below.

netstat -tul

If you want to see the process ID (pid) of the service listening on the port, use the -p option. You need to use sudo for this command to see the pid. Otherwise, it will not be displayed. The pid can be useful if you need to kill a process by using its ID.

sudo netstat -tulp

Network Availability

Network availability commands are useful to quickly checking if you can reach a host on a network or to determine if a host is powered on (assuming it is connected to the network).

Ping Command

The most well-known network command is likely ping. With ping you can quickly see if you can reach a device over the network assuming it is not blocked by a firewall. Pings within the same network are always allowed since traffic does not need to routed by the router (the traffic stays local).

You may use the ping command with an IP address or hostname.

ping 192.168.1.10
ping thehostname

ping will keep pinging until you stop the command (depending on the terminal you are using, you can close the command using a keyboard shortcut such as “Ctrl + Shift + C”)

To specify the number of pings, use the -c option along with the number of pings to execute.

ping -c 3 192.168.1.10

If you have IPv6 enabled, the ping command may default to using the IPv6 IP address. You can specify to use the IPv4 or IPv6 address by using the -4 or -6 option.

ping -4 192.168.1.10
ping -6 192.168.1.10

You can use multiple options together. The command below uses the IPv4 address and pings 3 times.

ping -4 -c 3 192.168.1.10

Some firewalls are configured to disable ping, but I recommend allowing ping on your local network if you have multiple internal networks even if you have ping blocked on your WAN address because it is very useful for troubleshooting. One possible exception is to not allow pings from your internal network to your DMZ or pings to originate from your DMZ if you are worried it will be easier to discover devices on your network if one of your internal networks or your DMZ is compromised. Blocking pings to/from the DMZ helps to isolate that network even further.

Trace Route Command

Trace route is useful to see the path that is taken to reach another network on the Internet. It is less useful on your local network unless you have multiple routers within your network. For most home users, that will not be the case, but some homelabs may use a router to run a separate internal network (while you can do it with one router, perhaps it is for learning purposes more than anything else). You may notice in some of the traceroute output that there are asterisks or question marks. The entire path of your trace may not always be displayed especially if firewalls are configured to drop ICMP traffic for security concerns.

The basic traceroute command is shown below. You may use the IP address or hostname.

traceroute 8.8.8.8
traceroute google.com

Like with ping, you can specify IPv4 and IPv6. When I ran traceroute, it seemed to default to IPv4 unlike ping so you may need to specify the -4 option.

traceroute -4 google.com
traceroute -6 google.com

There are many other options for traceroute, but the basic command may be enough for many users. I do not find myself using traceroute like to do other commands since it is not as useful for troubleshooting within my own networks.

DNS

DNS commands are useful especially when you are assigning hostnames and/or overriding DNS values in your router. They will help you determine if hostnames are pointed to the proper IP addresses.

Host Command

To lookup the IP addresses associated to a domain name on either your local network or the Internet, use the host command.

host google.com

If you want to specify the DNS server to use for the DNS lookup.

host google.com 1.1.1.1

Dig Command

If you wish to have more detailed DNS information, the dig command is useful. The basic usage is similar to the host command.

dig google.com

You may also specify which DNS server to use for the lookup.

dig @8.8.8.8 google.com

If you want all of the DNS records for a domain, you can use the any option.

dig google.com any

You can also specify other DNS records such as MX records.

dig google.com mx

Reverse DNS lookups are useful when you want to know the hostname/domain name for a given IP address. All you need to do is use the -x option along with the IP address.

dig -x 8.8.8.8

Systemd Resolve Command

The systemd-resolve command can be used to check what your current DNS server is set to. I found this helpful when I was troubleshooting DNS issues when setting up a new internal network or messing with DNS settings on my router. If you run the following command, you will see a line for Current DNS Server and DNS Servers which list the DNS which have been set either through DHCP or manually.

systemd-resolve --status

When I was changing some DNS settings to use split DNS (aka split horizon, split domain, etc.), I found it useful to be able flush the DNS resolver cache so that my PC started resolving to the new IP addresses sooner. To flush the cache, you simply use the --flush-caches option – a pretty straightforward option name.

sudo systemd-resolve --flush-caches

The systemd-resolve command is only useful for Linux distros that use systemd. If you are using Ubuntu 22.04 or newer including other Ubuntu-based distros, you will need to use the resolvectl command described below since systemd-resolve no longer works as I discovered once I upgraded.

Resolvectl Command

If you are using Ubuntu 22.04 or newer, the systemd-resolve no longer works. Instead you will need to use the resolvectl command if you wish to view DNS information or flush your DNS cache.

To view the current DNS statistics including the cache hit rate, use the following command.

resolvectl statistics

If you want to flush your DNS cache you may run the command which is somewhat similar to the systemd-resolve command.

resolvectl flush-caches

DHCP

DHCP commands are useful especially if you want to manually release and renew your DHCP lease due to changes you made on your router or your switch(es).

Dhclient Command

If you are statically assigning IP address with your router via DHCP, changing the DHCP address ranges on your router/switches, or some other network change which relates to DHCP, you may wish to use the dhclient command to make it easier to update your devices DHCP lease. Without using the command, you would either have to disconnect and reconnect to your network physically or via your OS control panel or wait until the DHCP lease expires. Running a simple command is more convenient than the other approaches.

To release and renew the DHCP lease on your device, you must enter both of the following commands in the order shown. You also need sudo privileges for this command.

sudo dhclient -r
sudo dhclient

Suggestions

If you have suggestions of other useful commands, please let me know in the comments below or via email, my forum, Twitter, etc. To keep the list somewhat compact and useful as a quick reference, I do not intend to list every variation of a command since some of the commands have quite a few options. Instead I included some of the most common options that a home user may find helpful.

comments powered by Disqus