Tuesday, 2 March 2021

List of 16 Linux Networking and Troubleshooting Commands for Beginners

 Network configuration and troubleshooting are the essential part of Linux administration. Even for a developer who works with Linux Systems, knowledge about Linux networking commands is an added advantage.

Specifically, if you are in DevOps or SRE domain, it is essential to know all the Linux troubleshooting commands as they will be part of your day-to-day activities.

This post will cover the important networking and troubleshooting commands that are natively available in the Linux systems.

List of Linux Networking and Troubleshooting Commands

Following is the list of natively available troubleshooting commands.

CommandDescription 
hostname  To check and set the hostname of the server.
hostTo get host DNS details
pingChecks if the remote server is reachable using ICMP protocol. It also shows the round trip time of packets.
curlA cross-platform utility that is used to transfer data. It can be used for troubleshooting several network issues.
wgetUtility to download files. Can be used for troubleshooting proxy connections and connectivity.
ipA replacement for ifconfig. Can be used to configure and retrieve information about systems network interfaces
arpUtility to view and manage arp cache.
ss/netstatPrimarily used to check the connections and PID on ports and Unix sockets.
tracerouteThis utility uses the ICMP protocol and finds the hops involved in reading the destination server. It also shows the time it takes between hops.
mtrmtr is a mix of ping and traceroute. It also provides additional information like intermediate hosts and responsiveness.
digHelps you get the DNS records associated with a domain name.
nslookupCommand similar to dig.
ncutility to debug TCP/UDP sockets.
telnetIt can be used to test remote connectivity on ports
routeHelps you get all the route table information
tcpdumpThis utility helps you to capture network packets and analyze them for network issues.

Let’s understand each command and see how we can use it to troubleshoot Linux.

Important Note: Every command/utility mentioned in this post has many options and flags. Every command has a man page and you can use it to identify the flags and options that are required for your use case. For example, for ip command, you can just type it man ip in the terminal to get all the details about that command.

1. hostname

Hostname command is used to view the hostname of the machine and to set the hostname.

hostname

You can use the hostname command to set a new hostname for the machine. For example,

sudo hostname temp.com

If you set the hostname using “hostname” command, when you restart the machine, the hostname will change to the name specified in the hostname file ( eg: /etc/hostname).

So if you want to change the hostname permanently, you can use the /etc/hosts file or relevant hostname file present on the server.

  1. For ubuntu machines, you can change it in the /etc/hostname file.
  2. For RHEL, CentOS and Fedora you can change it in the /etc/sysconfig/network file.

Also read: List of Linux Commands Every Developer Should Know

2. host

Host command is for the reverse lookup of IP or a DNS name.

For example, If you want to find a DNS attached with an IP you can use the host commands as follows.

host 8.8.8.8

You can also do the reverse to find the IP address associated with the domain name. For example,

host devopscube.com

3. ping

The ping networking utility is used to check if the remote server is reachable or not. It is primarily used for checking the connectivity and troubleshooting network.

It provides the following details.

  1. Bytes sent and received
  2. Packets sent, received, and lost
  3. Approximate round-trip time (in milliseconds)

Ping command has the following syntax.

ping <IP or DNS>

For example,

ping devopscube.com

To ping IP address

ping 8.8.8.8

If you want to limit the ping output without using ctrl+c, then you can use the “-c” flag with a number as shown below.

ping -c 1 devopscube.com

4. curl

Curl utility is primarily used to transfer data from or to a server. However, you can use it for network troubleshooting.

For network troubleshooting, curl supports protocols such as DICTFILEFTPFTPSGOPHERHTTPHTTPSIMAPIMAPSLDAPLDAPSMQTTPOP3POP3SRTMPRTMPSRTSPSCPSFTPSMBSMBSSMTPSMTPSTELNET and TFTP

For example, curl can check connectivity on port 22 using telnet.

curl -v telnet://192.168.33.10:22

You can check the FTP connectivity using curl.

curl ftp://ftptest.net 

You can troubleshoot web server connectivity as well.

curl http://devopscube.com -I

5. wget

The wget command is primarily used to fetch web pages.

You can use wget to troubleshoot network issues as well.

For example, you can troubleshoot proxy server connections using wget.

wget -e use_proxy=yes http_proxy=<proxy_host:port> http://externalsite.com

You can check if a website is up by fething the files.

wget www.google.com

6. ip (ifconfig)

ip command is used to display and manipulate routes and network interfaces. ip command is the newer version of ifconfig. ifconfig works in all the systems, but it is better to use ip command instead of ifconfig.

Let’s have a look at few examples of ip command.

Display network devices and configuration

ip addr

You can use this command with pipes and grep to get more granular output like the IP address of the eth0 interface. It is very useful when you work on automation tools that require IP to be fetched dynamically.

The following command gets the IP address of eth0 network interface.

ip a | grep eth0  | grep "inet" | awk -F" " '{print $2}'

Get details of a specific interface

ip a show eth0

You can list the routing tables.

ip route
ip route list

7. arp

ARP (Address Resolution Protocol) shows the cache table of local networks’ IP addresses and MAC addresses that the system interacted with.

arp

Example output,

vagrant@dcubelab:~$ arp
Address                  HWtype  HWaddress           Flags Mask            Iface
10.0.2.3                 ether   52:54:00:12:35:03   C                     eth0
192.168.33.1             ether   0a:00:27:00:00:00   C                     eth1
10.0.2.2                 ether   52:54:00:12:35:02   C                     eth0

8. ss (netstat)

The ss command is a replacement for netstat. You can still use the netstat command on all systems.

Using ss command, you can get more information than netstat command. ss command is fast because it gets all the information from the kernel userspace.

Now let’s have a look at few usages of ss command.

Listing all connections

The “ss” command will list all the TCP, UDP, and Unix socket connections on your machine.

ubuntu@devopscube:~$ ss
Netid  State      Recv-Q Send-Q   Local Address:Port       Peer Address:Port
u_str  ESTAB      0      0                    * 7594                  * 0
u_str  ESTAB      0      0      @/com/ubuntu/upstart 7605                  * 0  
u_str  ESTAB      0      0                    * 29701                 * 0
u_str  ESTAB      0      0      /var/run/dbus/system_bus_socket 29702                 * 0
tcp    ESTAB      0      400      172.31.18.184:ssh         1.22.167.31:61808

The output of the ss command will be big so you can use ” ss | less ” command to make the output scrollable.

Filtering out TCP, UDP and Unix sockets

If you want to filter out TCP , UDP or UNIX socket details, use “-t” “-u” and “-x” flag with the “ss” command. It will show all the established connections to the specific ports. If you want to list both connected and listening ports using “a” with the specific flag as shown below.

ss -ta
ss -ua
ss -xa

List all listening ports

To list all the listening ports, use “-l” flag with ss command. To list specific TCP, UDP or UNIX socket, use “-t”, “-u” and “-x” flag with “-l” as shown below.

ubuntu@devopscube:~$ ss -lt
State      Recv-Q Send-Q      Local Address:Port          Peer Address:Port
LISTEN     0      128                     *:ssh                      *:*
LISTEN     0      50                     :::http-alt                 :::*
LISTEN     0      50                     :::55857                   :::*
LISTEN     0      128                    :::ssh                     :::*
LISTEN     0      50                     :::53285                   :::*
ubuntu@devopscube:~$

List all established

To list all the established ports, use the state established flag as shown below.

ss -t -r state established

To list all sockets in listening state,

ss -t -r state listening

9. traceroute

If you do not have a traceroute utility in your system or server, you can install it from the native repository.

traceroute is a network troubleshooting utility. Using traceroute you can find the number of hops required for a particular packet to reach the destination.

For example,

traceroute google.com

Here is the output.

traceroute to google.com (173.194.33.163), 30 hops max, 60 byte packets
 1  ec2-50-112-0-84.us-west-2.compute.amazonaws.com (50.112.0.84)  1.974 ms  1.895 ms  1.899 ms
 2  100.64.1.247 (100.64.1.247)  1.414 ms 100.64.1.137 (100.64.1.137)  1.127 ms 100.64.1.97 (100.64.1.97)  1.313 ms
 3  100.64.0.198 (100.64.0.198)  1.443 ms 100.64.0.62 (100.64.0.62)  2.160 ms 100.64.0.60 (100.64.0.60)  2.116 ms
10  66.249.94.214 (66.249.94.214)  6.313 ms  7.104 ms 209.85.249.34 (209.85.249.34)  5.986 ms
11  209.85.244.65 (209.85.244.65)  6.157 ms  6.341 ms  6.574 m.
.
12  sea09s18-in-f3.1e100.net (173.194.33.163)  6.302 ms  6.517 ms  6.071 ms
ubuntu@devopscube:~$

The above output shows the hop count (12) to reach google.com from devopscube AWS ec2 server.

10. mtr

The mtr utility is a network diagnostic tool to troubleshoot the network bottlenecks. It combines the functionality of both ping and traceroute

For example, the following command shows the traceroute output in real-time.

mtr google.com

Here is the output.

mtr network diagnostic tool

mtr report

You can generate a report using the –report flag. When you run the mtr report, it sends 10 packets to the destination and creates the report.

mtr -n --report google.com
network troubleshooting with mtr report

11. dig

If you have any task related to DNS lookup, you can use “dig” command to query the DNS name servers.

Get all DNS records with dig

The following command returns all the DNS records and TTL information of a twitter.com

dig twiter.com ANY
all DNS records with dig

Use +short to get the output without verbose.

dig google.com ANY +short

Get Specific DNS Record with dig

For example, If you want to get the A record for the particular domain name, you can use the dig command. +short will provide the information without verbose

dig www.google.com A +short

Similarly, you can get the other record information separately using the following commands.

dig google.com CNAME +short
dig google.com MX +short
dig google.com TXT +short
dig google.com NS +short

12. nslookup

Nslookup (Name Server Lookup) utility is used to check the DNS entries. It is similar to dig command.

To check the DNS records of a domain, you can use the following command.

nslookup google.com

You can also do a reverse lookup with the IP address.

nslookup 8.8.8.8

To get all the DNS records of a domain name, you can use the following.

nslookup -type=any google.com

Similarly, you can query for records like mxsoa etc

13. nc (netcat)

The nc (netcat) command is known as the swiss army of networking commands.

Using nc, you can check the connectivity of a service running on a specific port.

For example, to check if ssh port if open, you can use the following command.

nc -v -n 192.168.33.10 22

netcat can also be used for data transfer over TCP/UDP and port scanning.

Port scanning is not recommended in cloud environments. You need to request the cloud provider to perform port scanning operations in your enviroment.

14. telnet

The telnet command is used to troubleshoot the TCP connections on a port.

To check port connectivity using telnet, use the following command.

telnet 10.4.5.5 22

15. route

The “route” command is used to get the details of the route table for your system and to manipulate it. Let us look at few examples for the route command.

Listing all routes

Execute the “route” command without any arguments to list all the existing routes in your system or server.

ubuntu@devopscube:~$ route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         ip-172-31-16-1. 0.0.0.0         UG    0      0        0 eth0
172.17.0.0      *               255.255.0.0     U     0      0        0 docker0
172.31.16.0     *               255.255.240.0   U     0      0        0 eth0
ubuntu@devopscube:~$

If you want to get the full output in numerical form without any hostname, you can use “-n” flag with the route  command.

ubuntu@devopscube:~$ route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         172.31.16.1     0.0.0.0         UG    0      0        0 eth0
172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0
172.31.16.0     0.0.0.0         255.255.240.0   U     0      0        0 eth0
ubuntu@devopscube:~$

If you think we missed any important command,  let us know in the comments section.

16. tcpdump

The tcpdump command is primarily used for troubleshooting network traffic.

Note: To analyze the output of tcpdump command requires some learning, so explaining it is out of the scope of this article.

tcpdump command works with the network interfaces of the system. So you need to use administrative privileges to execute the command.

List all network interfaces

Use the following command to list all the interfaces.

sudo  tcpdump --list-interfaces

Capture Packets on Specific Interface

To get the dump of packets on a specific interface, you can use the following command.

Note: press ctrl + cto stop capturing the packets.

sudo tcpdump -i eth0

To limit the packet capturing, you can use the -c flag with the number.

For example,

sudo tcpdump -i eth0 -c 10

Capture Packets on All Interfaces

To capture packets on all the interfaces, use the any flag as shown below.

sudo tcpdump -i any

Third-Party Network Troubleshooting Utilities

There are more networking troubleshooting command-line utilities available from third-party solutions.

You need to install them separately and use them for your troubleshooting purposes. Not every company will allow you to do it. However, if you have to option to use third-party tools, you can explore them.

Conclusion

In this article, we have covered the important Linux command-line utilities for network troubleshooting and configuration.

If you are getting started with system administration, DevOps, or SRE roles, it is essential to learn about these utilities to support the projects you are working on.

Each utility has many functionalities, and you can explore further to meet your requirements

No comments:

Post a Comment