- 22 Linux Networking Commands for Sysadmin
- On this page
- Network Configuration, Troubleshooting, and Debugging Tools
- 1. ifconfig Command
- 2. IP Command
- 3. ifup, ifdown, and ifquery command
- 4. Ethtool Command
- 5. Ping Command
- 6. Traceroute Command
- 7. MTR Network Diagnostic Tool
- 8. Route Command
- 9. Nmcli Command
- Network Scanning and Performance Analysis Tools
- 10. Netstat Command
- 11. ss Command
- 12. NC Command
- 13. Nmap Command
- DNS Lookup Utilities
- 14. host Command
- 15. dig Command
- 16. NSLookup Command
- Linux Network Packet Analyzers
- 17. Tcpdump Command
- 18. Wireshark Utility
- 19. Bmon Tool
- Linux Firewall Management Tools
- 20. Iptables Firewall
- 21. Firewalld
- 22. UFW (Uncomplicated Firewall)
- If You Appreciate What We Do Here On TecMint, You Should Consider:
- net — Unix, Linux Command
- TIME SYSTEM
- TIME SET
- TIME ZONE
- [RPC|ADS] JOIN [TYPE] [-U username[%password]] [createupn=UPN] [createcomputer=OU] [options]
- [RPC] OLDJOIN [options]
- [RPC|ADS] USER
- [RPC|ADS] USER
- [RPC|ADS] USER DELETE target
- [RPC|ADS] USER INFO target
- [RPC|ADS] USER RENAME oldname newname
- [RPC|ADS] USER ADD name [password] [-F user flags] [-C comment]
- [RPC|ADS] GROUP
- [RPC|ADS] GROUP [misc options] [targets]
- [RPC|ADS] GROUP DELETE name [misc. options]
- [RPC|ADS] GROUP ADD name [-C comment]
- [RAP|RPC] SHARE
- [RAP|RPC] SHARE [misc. options] [targets]
- [RAP|RPC] SHARE ADD name=serverpath [-C comment] [-M maxusers] [targets]
- SHARE DELETE sharename
- [RPC|RAP] FILE
- [RPC|RAP] FILE
- [RPC|RAP] FILE CLOSE fileid
- [RPC|RAP] FILE INFO fileid
- [RAP|RPC] FILE USER user
- RAP SESSION
- RAP SESSION DELETE|CLOSE CLIENT_NAME
- RAP SESSION INFO CLIENT_NAME
- RAP SERVER DOMAIN
- RAP DOMAIN
- RAP PRINTQ
- RAP PRINTQ LIST QUEUE_NAME
- RAP PRINTQ DELETE JOBID
- RAP VALIDATE user [password]
- RAP GROUPMEMBER
- RAP GROUPMEMBER LIST GROUP
- RAP GROUPMEMBER DELETE GROUP USER
- RAP GROUPMEMBER ADD GROUP USER
- RAP ADMIN command
- RAP SERVICE
- RAP SERVICE START NAME [arguments. ]
- RAP SERVICE STOP
- RAP PASSWORD USER OLDPASS NEWPASS
- LOOKUP HOST HOSTNAME [TYPE]
- LOOKUP LDAP [DOMAIN]
- LOOKUP KDC [REALM]
- LOOKUP DC [DOMAIN]
- LOOKUP MASTER DOMAIN
- CACHE ADD key data time-out
- CACHE DEL key
- CACHE SET key data time-out
- CACHE SEARCH PATTERN
- CACHE LIST
- CACHE FLUSH
- GETLOCALSID [DOMAIN]
- SETLOCALSID S-1-5-21-x-y-z
- GROUPMAP ADD
- GROUPMAP DELETE
- GROUPMAP MODIFY
- GROUPMAP LIST
- RPC INFO
- [RPC|ADS] TESTJOIN
- [RPC|ADS] CHANGETRUSTPW
- RPC TRUSTDOM
- RPC TRUSTDOM ADD DOMAIN
- RPC TRUSTDOM DEL DOMAIN
- RPC TRUSTDOM ESTABLISH DOMAIN
- RPC TRUSTDOM REVOKE DOMAIN
- RPC TRUSTDOM LIST
- RPC RIGHTS
- RPC ABORTSHUTDOWN
- RPC SHUTDOWN [-t timeout] [-r] [-f] [-C message]
- RPC SAMDUMP
- RPC VAMPIRE
- RPC GETSID
- ADS LEAVE
- ADS STATUS
- ADS PRINTER
- ADS PRINTER INFO [PRINTER] [SERVER]
- ADS PRINTER PUBLISH PRINTER
- ADS PRINTER REMOVE PRINTER
- ADS SEARCH EXPRESSION ATTRIBUTES.
- ADS DN DN (attributes)
- ADS WORKGROUP
- SAM CREATEBUILTINGROUP
- SAM CREATELOCALGROUP
- SAM DELETELOCALGROUP
- SAM MAPUNIXGROUP
- SAM UNMAPUNIXGROUP
- SAM ADDMEM
- SAM DELMEM
- SAM LISTMEM
- SAM LIST [verbose]
- SAM SHOW
- SAM SET HOMEDIR
- SAM SET PROFILEPATH
- SAM SET COMMENT
22 Linux Networking Commands for Sysadmin
A system administrator’s routine tasks include configuring, maintaining, troubleshooting, and managing servers and networks within data centers. There are numerous tools and utilities in Linux designed for administrative purposes.
In this article, we will review some of the most used command-line tools and utilities for network management in Linux, under different categories. We will explain some common usage examples, which will make network management much easier in Linux.
On this page
This list is equally useful to full-time Linux network engineers.
Network Configuration, Troubleshooting, and Debugging Tools
1. ifconfig Command
ifconfig is a command-line interface tool for network interface configuration and is also used to initialize interfaces at system boot time. Once a server is up and running, it can be used to assign an IP Address to an interface and enable or disable the interface on demand.
It is also used to view the IP Address, Hardware / MAC address, as well as MTU (Maximum Transmission Unit) size of the currently active interfaces. ifconfig is thus useful for debugging or performing system tuning.
Here is an example to display the status of all active network interfaces.
To list all interfaces which are currently available, whether up or down, use the -a flag.
To assign an IP address to an interface, use the following command.
To activate a network interface, type.
To deactivate or shut down a network interface, type.
Note: Although ifconfig is a great tool, it is now obsolete (deprecated), its replacement is the ip command which is explained below.
2. IP Command
ip command is another useful command-line utility for displaying and manipulating routing, network devices, interfaces. It is a replacement for ifconfig and many other networking commands. (Read our article “What’s Difference Between ifconfig and ip Command” to learn more about it.)
The following command will show the IP address and other information about a network interface.
To temporarily assign IP Address to a specific network interface (eth0), type.
To remove an assigned IP address from a network interface (eth0), type.
To show the current neighbor table in the kernel, type.
3. ifup, ifdown, and ifquery command
ifup command actives a network interface, making it available to transfer and receive data.
ifdown command disables a network interface, keeping it in a state where it cannot transfer or receive data.
ifquery command used to parse the network interface configuration, enabling you to receive answers to query about how it is currently configured.
4. Ethtool Command
ethtool is a command-line utility for querying and modifying network interface controller parameters and device drivers. The example below shows the usage of ethtool and a command to view the parameters for the network interface.
5. Ping Command
ping (Packet INternet Groper) is a utility normally used for testing connectivity between two systems on a network (Local Area Network (LAN) or Wide Area Network (WAN)). It uses ICMP (Internet Control Message Protocol) to communicate to nodes on a network.
To test connectivity to another node, simply provide its IP or hostname, for example.
You can also tell ping to exit after a specified number of ECHO_REQUEST packets, using the -c flag as shown.
6. Traceroute Command
Traceroute is a command-line utility for tracing the full path from your local system to another network system. It prints a number of hops (router IPs) in that path you travel to reach the end server. It is an easy-to-use network troubleshooting utility after the ping command.
In this example, we are tracing the route packets take from the local system to one of Google’s servers with IP address 18.104.22.168.
7. MTR Network Diagnostic Tool
MTR is a modern command-line network diagnostic tool that combines the functionality of ping and traceroute into a single diagnostic tool. Its output is updated in real-time, by default until you exit the program by pressing q .
The easiest way of running mtr is to provide it a hostname or IP address as an argument, as follows.
You can limit the number of pings to a specific value and exit mtr after those pings, using the -c flag as shown.
8. Route Command
The route is a command-line utility for displaying or manipulating the IP routing table of a Linux system. It is mainly used to configure static routes to specific hosts or networks via an interface.
You can view the Kernel IP routing table by typing.
There are numerous commands you can use to configure routing. Here are some useful ones:
Add a default gateway to the routing table.
Add a network route to the routing table.
Delete a specific route entry from the routing table.
9. Nmcli Command
Nmcli is an easy-to-use, scriptable command-line tool to report network status, manage network connections, and control the NetworkManager.
To view all your network devices, type.
To check network connections on your system, type.
To see only the active connections, add the -a flag.
Network Scanning and Performance Analysis Tools
10. Netstat Command
netstat is a command-line tool that displays useful information such as network connections, routing tables, interface statistics, and much more, concerning the Linux networking subsystem. It is useful for network troubleshooting and performance analysis.
Additionally, it is also a fundamental network service debugging tool used to check which programs are listening on what ports. For instance, the following command will show all TCP ports in listening mode and what programs are listening on them.
To view the kernel routing table, use the -r flag (which is equivalent to running the route command above).
Note: Although Netstat is a great tool, it is now obsolete (deprecated), its replacement is the ss command which is explained below.
11. ss Command
ss (socket statistics) is a powerful command-line utility to investigate sockets. It dumps socket statistics and displays information similar to netstat. In addition, it shows more TCP and state information compared to other similar utilities.
The following example shows how to list all TCP ports (sockets) that are open on a server.
To display all active TCP connections together with their timers, run the following command.
12. NC Command
NC (NetCat) also referred to as the “Network Swiss Army knife”, is a powerful utility used for almost any task related to TCP, UDP, or UNIX-domain sockets. It is used to open TCP connections, listen on arbitrary TCP and UDP ports, perform port scanning plus more.
You can also use it as a simple TCP proxy, for network daemon testing, to check if remote ports are reachable, and much more. Furthermore, you can employ nc together with pv command to transfer files between two computers.
The following example will show how to scan a list of ports.
You can also specify a range of ports as shown.
The following example shows how to use nc to open a TCP connection to port 5000 on server2.tecmint.lan, using port 3000 as the source port, with a timeout of 10 seconds.
13. Nmap Command
Nmap (Network Mapper) is a powerful and extremely versatile tool for Linux system/network administrators. It is used to gather information about a single host or explores networks an entire network. Nmap is also used to perform security scans, network audits and finding open ports on remote hosts and so much more.
You can scan a host using its hostname or IP address, for instance.
Alternatively, use an IP address as shown.
Read our following useful articles on the nmap command.
DNS Lookup Utilities
14. host Command
host command is a simple utility for carrying out DNS lookups, it translates hostnames to IP addresses and vice versa.
15. dig Command
dig (domain information groper) is also another simple DNS lookup utility, that is used to query DNS related information such as A Record, CNAME, MX Record etc, for example:
16. NSLookup Command
Nslookup is also a popular command-line utility to query DNS servers both interactively and non-interactively. It is used to query DNS resource records (RR). You can find out the “A” record (IP address) of a domain as shown.
You can also perform a reverse domain lookup as shown.
Linux Network Packet Analyzers
17. Tcpdump Command
Tcpdump is a very powerful and widely used command-line network sniffer. It is used to capture and analyze TCP/IP packets transmitted or received over a network on a specific interface.
To capture packets from a given interface, specify it using the -i option.
To capture a specific number of packets, use the -c option to enter the desired number.
You can also capture and save packets to a file for later analysis, use the -w flag to specify the output file.
18. Wireshark Utility
Wireshark is a popular, powerful, versatile, and easy-to-use tool for capturing and analyzing packets in a packet-switched network, in real-time.
You can also save data it has captured to a file for later inspection. It is used by system administrators and network engineers to monitor and inspect the packets for security and troubleshooting purposes.
Monitor Local Network Traffic
19. Bmon Tool
bmon is a powerful, command line-based network monitoring and debugging utility for Unix-like systems, it captures networking-related statistics and prints them visually in a human-friendly format. It is a reliable and effective real-time bandwidth monitor and rate estimator.
bmon – Linux Network Bandwidth Monitoring
Linux Firewall Management Tools
20. Iptables Firewall
iptables is a command-line tool for configuring, maintaining, and inspecting the tables IP packet filtering and NAT ruleset. It is used to set up and manage the Linux firewall (Netfilter). It allows you to list existing packet filter rules; add or delete or modify packet filter rules; list per-rule counters of the packet filter rules.
You can learn how to use Iptables for various purposes from our simple yet comprehensive guides.
Firewalld is a powerful and dynamic daemon to manage the Linux firewall (Netfilter), just like iptables. It uses “networks zones” instead of INPUT, OUTPUT, and FORWARD CHAINS in iptables. On current Linux distributions such as RHEL/CentOS 7 and Fedora 21+, iptables is actively being replaced by firewalld.
To get started with firewalld, consult these guides listed below:
Important: Iptables is still supported and can be installed with the YUM package manager. However, you can’t use Firewalld and iptables at the same time on the same server – you must choose one.
22. UFW (Uncomplicated Firewall)
UFW is a well-known and default firewall configuration tool on Debian and Ubuntu Linux distributions. It is used to enable/disable system firewall, add/delete/modify/reset packet filtering rules, and much more.
To check UFW firewall status, type.
If the UFW firewall is not active, you can activate or enable it using the following command.
To disable the UFW firewall, use the following command.
If you want to find more information about a particular program, you can consult its man pages as shown.
That’s all for now! In this comprehensive guide, we reviewed some of the most used command-line tools and utilities for network management in Linux, under different categories, for system administrators, and equally useful to full-time network administrators/engineers.
You can share your thoughts about this guide via the comment form below. If we have missed any frequently used and important Linux networking tools/utilities or any useful related information, also let us know.
If You Appreciate What We Do Here On TecMint, You Should Consider:
TecMint is the fastest growing and most trusted community site for any kind of Linux Articles, Guides and Books on the web. Millions of people visit TecMint! to search or browse the thousands of published articles available FREELY to all.
If you like what you are reading, please consider buying us a coffee ( or 2 ) as a token of appreciation.
We are thankful for your never ending support.
net — Unix, Linux Command
This tool is part of the samba(7) suite.
The Samba net utility is meant to work just like the net utility available for windows and DOS. The first argument should be used to specify the protocol to use when executing a certain command. ADS is used for ActiveDirectory, RAP is using for old (Win9x/NT3) clients and RPC can be used for NT4 and Windows 2000. If this argument is omitted, net will try to determine it automatically. Not all commands are available on all protocols.
-h|—help Print a summary of command line options.
-w target-workgroup Sets target workgroup or domain. You have to specify either this option or the IP address or the name of a server.
-W workgroup Sets client workgroup or domain
-U user User name to use
-I ip-address IP address of target server to use. You have to specify either this option or a target workgroup or a target server.
-p port Port on the target server to connect to (usually 139 or 445). Defaults to trying 445 first, then 139.
This option allows you to override the NetBIOS name that Samba uses for itself. This is identical to setting the netbios name parameter in the smb.conf file. However, a command line setting will take precedence over settings in smb.conf.
-s The file specified contains the configuration details required by the server. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide. See smb.conf for more information. The default configuration file name is determined at compile time.
-S server Name of target server. You should specify either this option or a target workgroup or a target IP address.
-l When listing data, give more information on each item.
-P Make queries to the external server using the machine account of the local server.
-d|—debuglevel=level level is an integer from 0 to 10. The default value if this parameter is not specified is 0.
The higher this value, the more detail will be logged to the log files about the activities of the server. At level 0, only critical errors and serious warnings will be logged. Level 1 is a reasonable level for day-to-day running — it generates a small amount of information about operations carried out.
Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic.
Note that specifying this parameter here will override the log level parameter in the smb.conf file.
This command allows the Samba machine account password to be set from an external application to a machine account password that has already been stored in Active Directory. DO NOT USE this command unless you know exactly what you are doing. The use of this command requires that the force flag (-f) be used also. There will be NO command prompt. Whatever information is piped into stdin, either by typing at the command line or otherwise, will be stored as the literal machine password. Do NOT use this without care and attention as it will overwrite a legitimate machine password without warning. YOU HAVE BEEN WARNED.
The NET TIME command allows you to view the time on a remote server or synchronise the time on the local server with the time on the remote server.
Without any options, the NET TIME command displays the time on the remote server.
Displays the time on the remote server in a format ready for /bin/date.
Tries to set the date and time of the local server to that on the remote server using /bin/date.
Displays the timezone in hours from GMT on the remote computer.
[RPC|ADS] JOIN [TYPE] [-U username[%password]] [createupn=UPN] [createcomputer=OU] [options]
Join a domain. If the account already exists on the server, and [TYPE] is MEMBER, the machine will attempt to join automatically. (Assuming that the machine has been created in server manager) Otherwise, a password will be prompted for, and a new account may be created.
[TYPE] may be PDC, BDC or MEMBER to specify the type of server joining the domain.
[UPN] (ADS only) set the principalname attribute during the join. The default format is host/netbiosname@REALM.
[OU] (ADS only) Precreate the computer account in a specific OU. The OU string reads from top to bottom without RDNs, and is delimited by a ‘/’. Please note that ‘\’ is used for escape by both the shell and ldap, so it may need to be doubled or quadrupled to pass through, and it is not used as a delimiter.
[RPC] OLDJOIN [options]
Join a domain. Use the OLDJOIN option to join the domain using the old style of domain joining — you need to create a trust account in server manager first.
[RPC|ADS] USER DELETE target
Delete specified user
[RPC|ADS] USER INFO target
List the domain groups of the specified user.
[RPC|ADS] USER RENAME oldname newname
Rename specified user.
[RPC|ADS] USER ADD name [password] [-F user flags] [-C comment]
Add specified user.
[RPC|ADS] GROUP [misc options] [targets]
List user groups.
[RPC|ADS] GROUP DELETE name [misc. options]
Delete specified group.
[RPC|ADS] GROUP ADD name [-C comment]
Create specified group.
[RAP|RPC] SHARE [misc. options] [targets]
Enumerates all exported resources (network shares) on target server.
[RAP|RPC] SHARE ADD name=serverpath [-C comment] [-M maxusers] [targets]
Adds a share from a server (makes the export active). Maxusers specifies the number of users that can be connected to the share simultaneously.
SHARE DELETE sharename
Delete specified share.
List all open files on remote server.
[RPC|RAP] FILE CLOSE fileid
Close file with specified fileid on remote server.
[RPC|RAP] FILE INFO fileid
Print information on specified fileid. Currently listed are: file-id, username, locks, path, permissions.
[RAP|RPC] FILE USER user
List files opened by specified user. Please note that net rap file user does not work against Samba servers.
Without any other options, SESSION enumerates all active SMB/CIFS sessions on the target server.
RAP SESSION DELETE|CLOSE CLIENT_NAME
Close the specified sessions.
RAP SESSION INFO CLIENT_NAME
Give a list with all the open files in specified session.
RAP SERVER DOMAIN
List all servers in specified domain or workgroup. Defaults to local domain.
Lists all domains and workgroups visible on the current network.
RAP PRINTQ LIST QUEUE_NAME
Lists the specified print queue and print jobs on the server. If the QUEUE_NAME is omitted, all queues are listed.
RAP PRINTQ DELETE JOBID
Delete job with specified id.
RAP VALIDATE user [password]
Validate whether the specified user can log in to the remote server. If the password is not specified on the commandline, it will be prompted.
Currently NOT implemented.
RAP GROUPMEMBER LIST GROUP
List all members of the specified group.
RAP GROUPMEMBER DELETE GROUP USER
Delete member from group.
RAP GROUPMEMBER ADD GROUP USER
Add member to group.
RAP ADMIN command
Execute the specified command on the remote server. Only works with OS/2 servers.
Currently NOT implemented.
RAP SERVICE START NAME [arguments. ]
Start the specified service on the remote server. Not implemented yet.
Currently NOT implemented.
RAP SERVICE STOP
Stop the specified service on the remote server.
Currently NOT implemented.
RAP PASSWORD USER OLDPASS NEWPASS
Change password of USER from OLDPASS to NEWPASS.
LOOKUP HOST HOSTNAME [TYPE]
Lookup the IP address of the given host with the specified type (netbios suffix). The type defaults to 0x20 (workstation).
LOOKUP LDAP [DOMAIN]
Give IP address of LDAP server of specified DOMAIN. Defaults to local domain.
LOOKUP KDC [REALM]
Give IP address of KDC for the specified REALM. Defaults to local realm.
LOOKUP DC [DOMAIN]
Give IP’s of Domain Controllers for specified DOMAIN. Defaults to local domain.
LOOKUP MASTER DOMAIN
Give IP of master browser for specified DOMAIN or workgroup. Defaults to local domain.
Samba uses a general caching interface called ‘gencache’. It can be controlled using ‘NET CACHE’.
All the timeout parameters support the suffixes:
|s — Seconds|
|m — Minutes|
|h — Hours|
|d — Days|
|w — Weeks |
CACHE ADD key data time-out
Add specified key+data to the cache with the given timeout.
CACHE DEL key
Delete key from the cache.
CACHE SET key data time-out
Update data of existing cache entry.
CACHE SEARCH PATTERN
Search for the specified pattern in the cache data.
List all current items in the cache.
Remove all the current items from the cache.
Prints the SID of the specified domain, or if the parameter is omitted, the SID of the local server.
Sets SID for the local server to the specified SID.
Prints the local machine SID and the SID of the current domain.
Sets the SID of the current domain.
Manage the mappings between Windows group SIDs and UNIX groups. Common options include: