Networking commands
This section gather commands that are used quite used in networking. It doesn't include commands for each protocol, such as ftp or ssh.
- DNS protocol: dig, whois...
- ...
Refer to the list of protocols.
Configuration
Usage π: show the name of the host
Example π₯:
$ hostname
Show host domain
$ hostname -d
Usage π: merge of multiple commands (route, arp, ipconfig). Note that ipconfig is still used on Windows.
Example π₯:
Show all interfaces (a=addr=address, l=link, s=show)
$ ip a
$ ip -4 a s # only IPV4
$ ip -brief a s # only a brief description
$ ip l
Show one interface "eth0" addresses/links
$ ip addr show dev0
$ ip link show dev0
Useful option π§ͺ: -r to show names instead of IPs.
Show routing table (r=route)
$ ip r
To add a route, you need a "_dest", a "_gateway", and an "_interface". See Routing.
$ ip r add _dest via _gateway dev _interface
Show ARP cache (n=neigh=neighbor)
$ ip n
Usage π: on Linux, ipconfig is deprecated over ip a, but on Windows, it's still the command used.
Example π₯ - Linux:
Show information about the network. Note that RT = received, TX = emitted. Print info about all interfaces:
$ ifconfig -a
Only one interface "eth0"
$ ifconfig eth0
Example π₯ - Windows:
List more or less information about each network interface.
CMD> ifconfig
CMD> ipconfig /all
Release an IP address
CMD> ipconfig /release
Request a new IP address
CMD> ipconfig /release
Show ARP cache. Obsolete, see ip n.
Show Routing table. Obsolete, see ip r.
Usage π: list open ports
Example π₯:
$ ss
$ ss -a # all
$ ss -4 # ipv4
$ ss -t # tcp
$ ss -u # udp
$ ss -l # listening
$ ss -n # no resolve
Usage π: show network information and stats.
Example π₯:
$ netstat -l # list ports
$ netstat -i # list interfaces
$ netstat -r # routes
$ netstat -rn # routable networks
$ netstat -a # all ports
$ netstat [...] -t # TCP only
$ netstat [...] -u # UDP only
$ netstat -s # stats per protocol
$ netstat -p # service name + pid
$ netstat -tulpn # common usage
Communication
Usage π: send a message to see if a host is up and replying to pings.
Example π₯:
$ ping example.com
$ ping 8.8.8.8
Do "x" pings
$ ping -c x example.com
Other options
-b ip: ping all addresses in the IP range-t ttl: set the time to live of the ping-s size: the size of the "ping"-i interval: the interval between pings-v: verbose-i interface: pass via interface
Usage π: you can create a server, and create clients, and exchange messages between them.
Variants: ncat, netcat.
Example π₯ - server: listen on a port
$ nc ip -l port
$ nc ip -l -p port
$ nc ip -lp port
$ nc ip -lnvp port # π
# keep listening after last client disconnect
$ nc ip -lnvpk port
$ nc --source-port port [...]
Example π₯ - client: connect to a server at IP using a specific port
$ nc ip port
$ nc ip -p port
β‘οΈ Connect to a python webserver...
β‘οΈ Use -vv for quite verbose.
Usage π: trace the route that a packet is taking.
Example π₯:
$ traceroute ip
Specify an interface, such as eth0
$ traceroute ip -i eth0
Use TCP/SYN
$ sudo traceroute ip -T
Usage π: trace the route that a packet is taking.
Example π₯:
$ tracepath ip
Usage π: Windows traceroute command.
Example π₯:
CMD> tracert ip
Monitoring
Usage π: monitor the network. Root required.
Example π₯:
Listen for requests passing by the interface tun0
$ sudo tcpdump -i tun0
Common general options are:
-D: list interfaces-i interface: listen to this interface-w /path/to/file.pcap: write results to this file-l: copy results in a buffer (XXX | tee file)-F: read from a file-o: no optimizations-v, and-vv: show more, or even more verbosity
Common display options are:
-e: show the header of the request-n: show names instead of addresses-t: do not show time
You can apply filters:
$ sudo tcpdump -i tun0 host IP # a specific IP
$ sudo tcpdump -i tun0 net IP/n # a specific network
$ sudo tcpdump -i tun0 port XXX # a specific port
$ sudo tcpdump -i tun0 portrange 0-1024 # a range of ports
$ sudo tcpdump -i tun0 less 64 # size in bytes
$ sudo tcpdump -i tun0 greater 500 # size in bytes
$ sudo tcpdump -i tun0 ip proto [icmp|ip|tcp] # a protocol
$ sudo tcpdump -i tun0 ip proto 17 # a protocol by number
π Before every filter such as host, net, port, etc., you can add src or dest to specify where the filter is applied. It defaults to both.
Usage π: monitor network.
Example π₯:
-f "filter": see wireshark capture filters-F file: read from a file
$ tshark -i eth0 -f "host some_ip"
$ tshark -i eth0 -w /tmp/test.pcap
Reading a capture:
$ tshark -r xxx.pcap
$ tshark -r xxx.pcap -T json
A popular tool to monitor a network. See Wireshark.
Termshark (8.6k β) is a text-based user interface similar to wireshark.
Security
Usage π: UFW, Uncomplicated Firewall, is the default firewall for Ubuntu. Like others, you define rules for incoming/outgoing traffic.
Example π₯:
$ sudo ufw status # list
$ sudo ufw allow 22/tcp # allow
$ sudo ufw deny 22/tcp # deny
$ sudo ufw delete deny 22/tcp # delete
You can only allow/deny some hosts:
$ sudo ufw allow from IP to IP port 22
$ sudo ufw allow from IP to any port 22
$ sudo ufw allow from CIDR to any port 22
Usage π: define rules for incoming/outgoing traffic.
Example π₯:
List tables
$ sudo iptables -L
DROP any packet using TCP, on port 22, having our machine as destination, and emitted by 172.16.1.1.
$ sudo iptables -t filter -A INPUT -s 172.16.1.1 -p tcp --dport 22 -j DROP
Hide the source IP address using 50.50.50.50, for any packet passing by our interface "eth2".
$ sudo iptables -t NAT -A POSTROUTING -o eth2 -j SNAT --to-source 50.50.50.50
Common chains are:
INPUT: incoming trafficOUTPUT: outgoing trafficFORWARD: traffic passing through
-t table: FILTER by default-A chain: add a rule at the end of the chain-I chain: add a rule at the start of the chain-D chain: delete a rule-o interface: exit via "interface"-i interface: enter using "interface"-j action: a chain or:SNAT/DNAT: translation source/destinationACCEPT: allowDENY/DROP: deny without notifying the senderREJECT: deny, but notify the sender
-s ip: source (separated by colons)-d ip: destination (s(separated by colons)--sport port: source port--dport port: destination port--to ip: if SNAT/DNAT, the new source/destination-p protocol: which protocol
Note: you can use ! (NOT), such as -s !127.0.0.1 meaning every packet not having "127.0.0.1" as source will be filtered.
Usage π: define rules for incoming/outgoing traffic. It's replacing the legacy iptables, and supposedly more scalable and performant.
Example π₯:
A table is used to store chains.
$ nft add table t_name # create
$ nft list table t_name # list chain+rules
$ nft delete table t_name # delete
A chain is a suite of rules.
# incoming traffic
$ nft add chain t_name c_name { type filter hook input priority 0 \; }
# outgoing traffic
$ nft add chain t_name c_name { type filter hook output priority 0 \; }
Add rules.
# accept traffic from port 22
$ nft add fwfilter c_name tcp sport 22 accept
# drop traffic to port 22
$ nft add fwfilter c_name tcp dport 22 drop
sport/dport: based on the portsaddr/daddr: based on the IPaccept/drop: accept or drop the packetlimit rate 5/minute: example to limit rate
π» To-do π»
Stuff that I found, but never read/used yet.
- DNS commands
- NFS commands
arp -a,arp -a -diptables [...] -j REJECT --reject-with tcp-reset,iptables -m(timeout 1 bash -c '</dev/tcp/IP/port' && echo OPEN || echo CLOSED) 2> /dev/null
$ # sudo apt install bridge-utils
$ sudo brctl addbr xxx
$ sudo brctl show
$ sudo brctl delbr
$ sudo brctl addif name interface # can more multiple interfaces
$ # which will bridge them altogether
$ sudo ip link set dev xxx up # set up
$ sudo ip link set eth0 up # sudo ifconfig eth0 up
$ sudo ifconfig eth0 IP # assign IP to interface
$ sudo route add default gw IP eth0 # gateway for interface
// /etc/network/interfaces: persistent changes
- vnstat:
sudo vnstat -l -i tun0