A Guide to Master Linux Networking Commands: From Beginner to Expert

Network management in Linux centres on three fundamental commands that provide complete control over system connectivity. These command-line tools deliver precise information and configuration capabilities that graphical interfaces cannot match.

Understanding IP Addressing with ip addr

Modern Linux distributions use the ip command instead of the deprecated ifconfig, offering expanded functionality for network interface management . The ip addr command (shortened to ip a) displays comprehensive interface information including IP addresses, network states, and hardware details.

Basic Interface Information:

ip addr

This command reveals essential network data:

• Interface names (eth0, wlan0, etc.) • MAC addresses for hardware identification
• IPv4 and IPv6 address assignments • Subnet masks and network prefixes • Current interface states (up/down)

The output includes the loopback interface (lo) at 127.0.0.1 alongside physical network interfaces . Target specific interfaces by adding the interface name:

ip addr show eth0

Filtered Output Options: The -br (brief) flag provides condensed information:

ip -br addr show

Filter by IP version using -4 for IPv4 or -6 for IPv6 addresses :

ip -4 addr

IP Address Management: Add addresses to interfaces directly:

sudo ip addr add 192.168.1.200/24 dev eth0

Remove addresses using the del parameter:

sudo ip addr del 192.168.1.200/24 dev eth0

The /24 notation specifies CIDR prefix length, indicating how many bits define the network portion . This approach provides precise control over IP address allocation within network segments.

Checking Host Availability Using ping

Connectivity testing relies on the ping command, which sends ICMP echo requests to target hosts and measures response times . This fundamental tool determines host reachability and network latency across different destinations.

Basic Connectivity Test:

ping google.com

Linux sends continuous pings until interrupted with Ctrl+C, unlike Windows which defaults to four packets . Limit ping count with the -c option:

ping -c 5 192.168.2.200

Response Analysis: Ping responses indicate different network conditions:

• Successful replies: Confirm good connectivity and measure latency • Timeout messages: Suggest destination unreachability or network issues
• Unknown host errors: Indicate DNS resolution problems on your system 

Statistical Information: Ping results include valuable metrics:

• Packets transmitted and received counts • Packet loss percentage • Round-trip times (minimum, average, maximum, standard deviation)

Quick DNS Resolution: Single ping commands verify name resolution:

ping -c 1 server01

This approach provides rapid DNS lookup verification whilst displaying the resolved IP address .

Viewing Hostname and IP with hostname -I

System identification uses the hostname command for displaying or modifying the current hostname . Without parameters, it shows the system's current hostname:

hostname

Network Identity Information: The -I option displays all active IP addresses:

hostname -I

This command offers quick IP address discovery without parsing verbose ip addr output. Script writers find this particularly useful for automated network identification tasks.

Complete Hostname Information: Display the fully qualified domain name (FQDN):

hostname -f

These three commands: ip addr, ping, and hostname, establish the essential foundation for Linux network management. Each serves specific purposes: ip addr for interface configuration, ping for connectivity verification, and hostname for system identification. Mastering these tools creates the groundwork for advanced networking tasks and troubleshooting procedures.

Network configuration commands modify interface properties, IP addresses, and routing tables with precision. These tools move beyond information display to provide active control over your system's network behaviour.

Assigning IPs with ip address add

The ip address add command assigns IP addresses to network interfaces using this syntax:

ip addr add IP_ADDRESS/PREFIX dev INTERFACE_NAME

Practical application: Assigning a static IP to interface enp1s0:

sudo ip address add 192.168.1.254/24 dev enp1s0

Removing addresses uses the del parameter:

sudo ip address del 192.168.1.254/24 dev enp1s0

Multiple IP Assignment: The ip command supports multiple IP addresses on the same interface without aliases :

sudo ip address add 192.168.2.223/24 dev enp1s0
sudo ip address add 192.168.4.223/24 dev enp1s0

Important limitation: Changes made with the ip command do not persist after system reboots . Persistent configuration requires NetworkManager or system configuration files.

Managing Interfaces with ip link set

Interface state management controls whether network interfaces remain active or disabled. The ip link set command handles these operations:

Activating interfaces:

sudo ip link set eth0 up

Deactivating interfaces:

sudo ip link set eth0 down

Advanced Interface Configuration: MTU adjustment for jumbo frames:

sudo ip link set eth0 mtu 9000

Promiscuous mode activation for packet capture:

sudo ip link set eth0 promisc on

Setting Routes with ip route add

The ip route command controls packet routing through network paths. Route addition follows this pattern:

sudo ip route add DESTINATION via GATEWAY dev INTERFACE

Default route configuration:

sudo ip route add default via 192.168.1.254 dev eth0

Network-specific routing:

sudo ip route add 192.168.1.0/24 via 192.168.1.254

Direct interface routing:

sudo ip route add 192.168.1.0/24 dev eth0

Route removal uses the delete parameter:

sudo ip route delete 192.168.1.0/24 via 192.168.1.254

Using nmcli for GUI-less Network Setup

NetworkManager's command-line interface provides persistent way to configure networks without graphical tools. The nmcli command proves essential for servers and headless systems .

Connection Display: View all connections:

nmcli connection show

Active connections only:

nmcli connection show --active

Dynamic Connection Setup: Creating DHCP-enabled Ethernet connections:

nmcli con add type ethernet con-name my-office ifname ens3

This creates a connection profile using DHCP by default .

Connection activation:

nmcli con up my-office

Static IP Configuration:

nmcli con add type ethernet con-name test-lab ifname ens9 \
  ip4 10.10.10.10/24 gw4 10.10.10.254

DNS server configuration:

nmcli con mod test-lab ipv4.dns "8.8.8.8 8.8.4.4"

Key advantage: nmcli changes persist across reboots, making it ideal for permanent server configurations.

DNS troubleshooting requires specific tools that reveal how domain names resolve to IP addresses. These command-line utilities help diagnose connectivity issues that often stem from DNS misconfigurations or server problems.

dig +short for Quick DNS Lookups

The dig command serves as the standard tool for DNS queries across Linux systems. This utility queries DNS servers directly and displays detailed domain information for troubleshooting DNS configurations.

The +short option provides clean, minimal output:

dig +short google.com

This displays only IP addresses without headers or additional details. The streamlined output helps when you need quick domain-to-IP verification during troubleshooting sessions.

Query specific DNS record types by specifying the record after the domain:

dig -t MX google.com

Target specific DNS servers to validate DNS propagation:

dig @8.8.8.8 example.com

Example: dig +short github.com returns just the IP addresses, making it perfect for scripts or quick connectivity checks.

nslookup -type=mx for Mail Server Records

The nslookup command provides reliable DNS queries across different operating systems. For mail server troubleshooting, query MX records directly:

nslookup -type=mx example.com

This returns mail exchange records with their priority values. Lower numbers indicate preferred mail servers for email delivery.

Interactive mode supports multiple queries without retyping commands:

nslookup
> set q=mx
> example.com

Example: When email delivery fails, nslookup -type=mx company.com reveals whether mail server records exist and their correct priorities.

host command for Reverse DNS Queries

The host command offers straightforward DNS queries with concise output. Reverse DNS lookups identify domain names from IP addresses:

host 8.8.8.8

Output shows: 8.8.8.8.in-addr.arpa domain name pointer dns.googl.

Query specific record types with the -t option:

host -t mx google.com

Display all available records for a domain:

host -a example.com

Reverse DNS verification proves essential for mail servers, as many require proper reverse DNS configuration to accept connections.

whois for Domain Ownership Information

The whois command queries domain registration databases for ownership details:

whois example.com

Information includes:

• Registration and expiration dates
• Registrar details
• Owner contact information (if not protected)
• Nameserver configuration

Domain ownership information helps identify administrators for network issues that require direct contact. Check abuse contact details in WHOIS records when reporting domain-related problems.

Example: whois suspicious-domain.com reveals registration details that help verify legitimate domains during security investigations.

Network troubleshooting requires diagnostic tools that reveal connection states, traffic patterns, and routing behaviour. Linux provides several monitoring commands that enable real-time analysis and precise problem identification.

ss -ltnp for Listening Sockets

Modern Socket Monitoring: The ss command replaces the older netstat tool, delivering faster performance and more detailed socket information . This modern utility displays socket statistics with TCP state information and process details that traditional tools often miss.

ss -ltnp

Each flag serves a specific diagnostic purpose:

• -l displays only listening sockets
• -t limits output to TCP connections
• -n shows numerical addresses instead of resolving hostnames
• -p reveals the process IDs and names using each socket

The output provides structured connection details:

State    Recv-Q    Send-Q    Local Address:Port    Peer Address:Port    Process

For UDP socket monitoring, replace -t with -u:

ss -lunp

Example: When troubleshooting application connectivity issues, ss -ltnp immediately shows which processes are listening on specific ports, helping identify service availability problems.

netstat -s for Protocol Statistics

Comprehensive Protocol Analysis: The netstat -s command provides detailed protocol statistics for UDP, TCP, ICMP, and IP . These statistics reveal network behaviour patterns and help identify performance bottlenecks or abnormal traffic conditions.

netstat -s

To focus on specific protocols:

netstat -s -p tcp

Key statistics include:

• Packets received and transmitted
• Error counts by type
• Retransmitted segments
• Connection states
• Discarded packets

These metrics help diagnose issues like packet loss, retransmission problems, or connection failures that remain hidden during basic connectivity testing.

mtr for Real-Time Route Tracing

Interactive Network Path Analysis: The mtr (My Traceroute) command combines ping and traceroute functionality into a single interactive tool . Unlike static traceroute snapshots, mtr continuously updates route information with real-time network statistics.

Installation (if required):

sudo apt install mtr   # For Debian/Ubuntu

sudo yum install mtr   # For RHEL/CentOS

Basic usage provides continuous monitoring:

mtr google.com

The output refreshes automatically until you press q to quit, showing each hop with packet loss percentages and response times . For cleaner IPv4-only output:

mtr -4 google.com

To display IP addresses instead of hostnames:

mtr -4b google.com

This combination identifies precisely where packet loss or latency occurs along network paths .

traceroute for Hop-by-Hop Path Analysis

Static Route Mapping: The traceroute command maps packet journeys from your system to destinations, revealing each router along the path . It functions by sending packets with incrementally increasing TTL (Time To Live) values, forcing routers to return ICMP "time exceeded" messages.

traceroute google.com

Standard operation sends three packets per hop with three-second timeouts . Each hop displays IP addresses (and hostnames when available) with response times for all three packets.

For faster traces:

traceroute -w 1 google.com

To limit maximum hops:

traceroute -m 10 google.com

Advanced troubleshooting options include packet size modification and alternate source IP specification:

traceroute -s 192.168.1.7 google.com

Summary: Diagnostic Tool Selection

• ss -ltnp: Real-time socket monitoring for service availability
• netstat -s: Protocol statistics for performance analysis
• mtr: Interactive route tracing with continuous updates
• traceroute: Static path mapping for connectivity analysis

These diagnostic tools provide administrators with detailed insights into network behaviour, enabling precise identification and resolution of connectivity problems across different network layers.

Packet-level analysis and hardware configuration require specialised tools that examine network traffic at its most granular level. These advanced utilities enable detailed inspection of network behaviour, security assessment, and precise hardware control that basic commands cannot provide.

Packet Capture with tcpdump -i eth0

The tcpdump utility excels at capturing and analysing network packets as they flow through interfaces. This command-line packet analyser allows real-time inspection of network traffic, making it essential for diagnosing complex connectivity issues.

Basic packet capture targets a specific interface:

tcpdump -i eth0 -s 20

The -i flag specifies the network interface, whilst -s sets the snapshot length for each packet . Targeted filtering captures specific traffic types:

tcpdump host 8.8.8.8 and icmp

For detailed analysis sessions, save captured packets to files:

tcpdump -i eth0 -c 100 -w capture.pcap

Example: Running tcpdump -i wlan0 port 80 captures all HTTP traffic on your wireless interface, revealing which websites your system contacts and the timing of these connections.

Network Scanning with nmap -A

Nmap stands as the premier network scanning tool for security assessment and network discovery . The -A flag enables aggressive scanning that combines multiple detection techniques:

nmap -A 192.168.1.100

This scan identifies open ports, running services, operating system details, and traces network routes to the target . Security professionals rely on this information during vulnerability assessments and network audits.

Example: Scanning your home router with nmap -A 192.168.1.1 reveals all open services, their versions, and potential security vulnerabilities that require attention.

MAC Address Resolution with arp -a

The Address Resolution Protocol (ARP) maintains mappings between IP addresses and physical MAC addresses. The arp -a command displays your system's current ARP cache:

arp -a

This output shows IP addresses paired with their corresponding MAC addresses and network interfaces . These mappings help identify unknown devices on your network and diagnose IP address conflicts.

Example: Finding an entry like 192.168.1.50 at aa:bb:cc:dd:ee:ff on en0 reveals a device you don't recognise, indicating potential unauthorised network access.

Hardware Configuration with ethtool

The ethtool command manages Network Interface Card (NIC) hardware settings, including speed, duplex mode, and auto-negotiation . View current interface settings:

ethtool eth0

Modify network speed and duplex configuration:

sudo ethtool -s eth0 speed 1000 duplex full

Enable or disable auto-negotiation:

sudo ethtool -s eth0 autoneg on

These hardware-level controls prove essential when optimising network performance or resolving speed/duplex mismatches between network devices .

Example: Setting ethtool -s eth0 speed 100 duplex half forces an interface to 100Mbps half-duplex, useful when connecting to legacy network equipment that cannot auto-negotiate properly.

Secure file transfers and web requests form essential parts of network administration tasks. Linux provides robust command-line tools that handle these operations efficiently, offering precise control over data movement and web interactions.

scp -r for Secure Directory Copy

Secure Copy Protocol (SCP) transfers files over encrypted SSH connections, ensuring data protection during transit. The -r flag enables recursive copying of entire directory structures:

scp -r documents user@192.168.1.100:.

This command copies your local "documents" directory to the remote system, preserving the directory structure and creating it if necessary . The colon and dot (.:) specify the remote user's home directory as the destination.

When working with systems using non-standard SSH ports, specify the port with -P (note the capital P):

scp -P 2249 file.txt user@192.168.1.100:.

Example: System administrators regularly use SCP to deploy configuration files or backup directories between servers whilst maintaining security through SSH encryption.

ssh -p for Custom Port Access

SSH connections typically use port 22, but security-conscious administrators often change this default. The -p flag specifies alternative ports:

ssh -p 2233 user@192.168.1.100

This approach reduces automated attack attempts on the standard SSH port . Changing default SSH ports requires modifying the SSH configuration file and restarting the service .

wget -i for Batch File Downloads

The wget command excels at downloading multiple files through batch operations. Create a text file containing URLs, then process them sequentially:

wget --input-file=download-list.txt

This reads each URL from the specified file and downloads them automatically . Resume interrupted downloads using:

wget --continue --input-file=download-list.txt

Example: Network administrators use this method to download software packages, updates, or backup files from multiple sources without manual intervention.

curl -I to Fetch HTTP Headers

HTTP headers contain valuable information about web servers and responses. The curl command with -I flag retrieves headers without downloading content:

curl -I http://example.com

This reveals server types, response codes, content types, and caching information. Add custom headers to requests when needed:

curl -H "X-Test: Value" http://example.com

The -H option appends specified headers to your request, useful for API testing or debugging web applications.

Command Categories & Applications: Linux networking commands divide into distinct functional areas, each serving specific troubleshooting and administration needs. Basic interface management centres on ip addr for viewing network configurations and ping for connectivity verification. These foundational tools provide the essential information needed for most network diagnostics.

Example: Running ss -ltnp immediately reveals which services are listening on specific ports, whilst dig +short domain.com provides instant DNS resolution without verbose output.

Configuration Management: Network configuration commands like ip address add and nmcli offer different approaches to the same goal. The ip command provides immediate changes for testing, whilst nmcli creates persistent configurations that survive reboots. This distinction proves crucial for system administrators managing production environments.

Example: Use sudo ip addr add 192.168.1.100/24 dev eth0 for temporary testing, then implement permanent changes with nmcli con add type ethernet con-name production ifname eth0 ip4 192.168.1.100/24.

Diagnostic Capabilities: DNS resolution tools (dig, host, nslookup) and network monitoring commands (mtr, traceroute, tcpdump) provide different levels of network analysis. Each tool reveals specific aspects of network behaviour that others cannot capture effectively.

Example: mtr google.com shows real-time packet loss along the route, whilst tcpdump -i eth0 host 8.8.8.8 captures actual packet data for detailed analysis.

Summary Table

Master these essential Linux networking commands to gain complete control over your system's network infrastructure, from basic connectivity checks to advanced packet analysis.

• Replace outdated ifconfig with modern ip addr command for comprehensive interface management and IP configuration 

• Use ping and mtr for connectivity testing, whilst ss -ltnp replaces netstat for faster socket monitoring 

• Configure persistent network settings with nmcli instead of temporary ip commands that reset after reboot 

• Leverage DNS tools like dig +short and host for quick domain resolution and reverse lookups 

• Deploy advanced tools like tcpdump for packet capture and nmap -A for comprehensive network scanning 

• Secure file transfers with scp -r and custom SSH ports using ssh -p for enhanced security

Command-line networking tools offer unmatched speed, precision, and scriptability compared to graphical interfaces. These skills remain invaluable across all Linux environments, from personal systems to enterprise infrastructure, enabling rapid troubleshooting and network optimisation that GUI tools simply cannot match.

1. What is the network command in Linux?

In Linux, "network command" refers to tools used to view or manage network settings, connections, and traffic. Examples include ifconfig, ip, and ping. These commands help troubleshoot and configure network interfaces.

2. How to check the network in Linux command?

You can check the network status using commands like ip a or ifconfig to see interface details. To test connectivity, use ping followed by a host or IP address. For more details, netstat or ss can display active connections.

3. What is Linux networking?

Linux networking refers to the ability of a Linux system to connect, communicate, and share data with other systems. It involves configuring network interfaces, IP addresses, and routing. Tools like ip, ping, and netstat manage these tasks.

4. What is NC in Linux?

NC (Netcat) is a versatile networking tool in Linux used for reading, writing, and debugging network connections. It supports TCP and UDP protocols. Common uses include port scanning, file transfers, and simple chat servers.

5. What are the basic networking commands?

Basic Linux networking commands include ping (test connectivity), ip/ifconfig (view interfaces), netstat/ss (list connections), and traceroute (track packet path). These help in monitoring and troubleshooting networks.

6. What is the IP command in Linux?

The ip command manages network interfaces, routing, and IP addresses. For example, ip a lists all interfaces and their IPs, while ip route shows routing details. It replaces older commands like ifconfig.

7. What is the telnet command?

You can use the Telnet protocol to establish a connection with another machine by using the telnet command. It’s mainly used for remote management and testing services on specific ports. Due to security risks, SSH is preferred over Telnet today.

8. How many types of commands are there in Linux?

Linux commands can be grouped into categories like file management, process management, networking, system monitoring, and package management. Networking commands form one key category among them.

9. What are some essential Linux networking commands for beginners? 

Some essential Linux networking commands for beginners include 'ip addr' for viewing network interface information, 'ping' for checking host availability, and 'hostname -I' for displaying the system's IP addresses

10. How can I configure network settings in Linux that persist after a reboot? 

To configure persistent network settings in Linux, use the 'nmcli' command. It allows you to create and modify network connections that will remain active even after system restarts, unlike temporary changes made with the 'ip' command.

11. What tools can I use for DNS troubleshooting in Linux? 

For DNS troubleshooting in Linux, you can use tools like 'dig' for detailed DNS queries, 'nslookup' for looking up specific record types like MX records, and 'host' for performing reverse DNS lookups.

12. How can I monitor network traffic in real-time on a Linux system? 

To monitor network traffic in real-time on a Linux system, you can use commands like 'ss -ltnp' to view listening sockets, 'mtr' for continuous route tracing, or 'tcpdump' for detailed packet capture and analysis.

13. What are some advanced Linux networking commands for security and performance analysis? 

Advanced Linux networking commands for security and performance analysis include 'nmap' for port scanning and OS detection, 'ethtool' for managing NIC settings, and 'arp' for viewing MAC-IP address mappings. These tools provide deeper insights into network behaviour and potential security issues.

• https://www.cherryservers.com/blog/linux-network-commands
• https://phoenixnap.com/kb/linux-network-commands
• https://www.infosectrain.com/blog/top-20-networking-commands/
• https://www.cyberciti.biz/faq/linux-ip-command-examples-usage-syntax/
• https://www.digitalocean.com/community/tutorials/understanding-ip-addresses-subnets-and-cidr-notation-for-networking
• https://www.hostpapa.com/blog/web-hosting/easy-linux-commands-every-user-should-know/
• https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/7/html/networking_guide/sec-configuring_ip_networking_with_ip_commands
• https://man7.org/linux/man-pages/man8/ss.8.html
• https://www.ibm.com/docs/en/zos/2.4.0?topic=examples-netstat-stats-s-report
• https://linuxhandbook.com/traceroute/
• https://earthly.dev/blog/linux-network-commands/