Introduction to Linux Networking

Do not miss this exclusive book on Binary Tree Problems. Get it now for free.

In this article we discuss five commonly used linux networking commands.

Table of contents.

  1. Introduction.
  2. Ping.
  3. netstat.
  4. nslookup.
  5. tcpdump
  6. traceroute.
  7. Summary.
  8. References.

Introduction.

A network refers to interconnected computers which share data and resources. We discuss networking both within a small internal network and across the whole internet. Networking involves troubleshooting and configuration therefore we shall learn about linux networking commands and how to troubleshoot issues within a network.

ping.

Ping is the most widely used troubleshooting networking tool, it verifies network connectivity between two computers by sending ICMP echo requests and receiving echo reply messages.

To execute a ping command write,

ping 8.8.8.8

The above command checks if google servers are reachable.
You can cancel a ping by Ctrl+C and some information will be displayed.
min: is the minimum time it takes to get a response from the host.
max: is the maximum time it takes to get a response from the host.
avg: is the average time for the same.
ttl: stands for time to live, also known as a hop limit.

In linux, we can use the -c option to send out n number of pings.
To send out 6 pings we write,

ping -c 6 8.8.8.8

To send out 6 ping and only print out the statistics we write,

ping -c 6 -q 8.8.8.8

Here we have used the -q option for only printing out the statistics.

We can opt to run a ping with a specified interface if there exists more than one by writing,

ping -I wlan0 8.8.8.8

Where wlan0 is a wireless interface.

We can also specify ip versions(4 or 6) by using either -4 or -6 options.

netstat.

With this tool one can print out network connections, routing tables, interface statistics and more.

You can run netstat without any options and study the output.

netstat

From the output we can see four columns;

Proto represents the name of the protocol being used, these can either be TCP or UDP.
Local Address column represents the Ip address of the local computer and port being used separated by a colon.
Foreign address represents the Ip address and port number of the remote computer, a port number or protocol running on that port number can be shown, this is separated by a colon too.
State represents the state of the TCP connection, there are about 10 states, ESTABLISHED, TIME_WAIT, CLOSE_WAIT, CLOSED, SYN_SEND, SYN_RECEIVED, FIN_WAIT_1, FIN_WAIT_2, LAST_ACK, LISTENING.
You can research their descriptions to get the full meaning of each state.

We can list all ports and connection by writing,

netstat -a

For all TCP ports we write

netstat -at

For listening TCP ports we write,

netstat -lt

For all UDP ports we write,

netstat -au

For all listening UDP ports we write,

netstat -lu

Assuming we want to identify and kill a process, we need its PID, to list all processes with their PID we can write,

netstat -tp

nslookup.

This is another very useful linux networking command
It stands for name server lookup.
It is mainly used to perform DNS queries and receive specific DNS records such as domain names, ip addresses.

The syntax is as follows;

nslookup [-option] [name | -] [server]

To verify if an ip address is related to a domain we write,

nslookup 10.0.4.15

An A-record maps a host name to an ip address. To find out how many records there are and see their mappings to ip addresses we write,

nslookup google.com

A NS-record identifies the name servers which are responsible for a DNS zone. For a valid DNS configuration, NS-records configured in the DNS zone must match those configured as name servers at a domain name provider.

We can use nslookup to see the authoritative server for a specific domain by writing the following,

nslookup -type=ns example.com

Following the above after getting the authoritative server for example.com we can check the use of a specific server by writing,

nslookup example.com ns4.example.com

We can also find out the maximum records responsible for the email exchange by writing,

nslookup -query=mx example.com

tcpdump

This is a command line utility used for capturing and analysis of network traffic . It is used as a troubleshooting tool as well as a network security tool.
We begin by listing available interfaces,

tcpdump -D

Capturing packets.

To capture any and all packets going through the interfaces we write,

sudo tcpdump --interface any

This command will capture all packets from all interfaces, we can limit the output by using the -c option as follows.

sudo tcpdump -i any -c 10

Here we get only the first 10 packets that go through the interfaces.

When troubleshooting networking issues it is easier to use ip addresses and port numbers therefore we can disable name resolution by using the -n and port resolution by using the -nn option.

sudo tcpdump -i any -c5 -nn

From the command we get five packets now without name or port resolution, only ip addresses and port numbers.

Filtering captured packets.

We can also filter packets by various parameters such as source an destination ip addresses, protocols, ports and much more.

An example

To filter out imcp packets we can write,

sudo tcmdump -i any c10 icmp

You can generate icmp packets by opening another terminal and pinging another computer.

An example
To filter out packets related to a specific host we can write,

sudo tcpdump -i any -c10 -nn host 10.14.2.13

Now we only capture packets that are received by 10.14.2.13 and sent by it.

An example

We can also filter out packets based on a port by writing.

sudo tcpdump -i any -c10 -nn port 80

Port 80 is used for HTTP web traffic, the command will now only log packets going through this port.

An example
To filter packets based on a source or destination ip address, we write,

sudo tcpdump -i any -c10 -nn src 10.14.2.13

for source packets and

sudo tcpdump -i any -c10 -nn dst 8.8.8.8

for a destination address.

We can also combine filters to achieve a more specific output, for example, all source http packets on a certain port, or all ftp traffic from certain source ip address.

traceroute.

traceroute is a commonly used linux networking monitoring tool that serves three functions, getting the complete path used by packets from source to destination, discover identities of devices on this path and estimate time taken for a packet to reach a destination from source.

An example
To trace the root from your machine to google servers, type,

traceroute 8.8.8.8

From the output, each line represents a hop, the last number on the left is the number of hops taken from source to the destination.

Summary.

In this article at OpenGenus, we have discussed five commonly used linux networking commands, that serve the following functions checking connectivity, checking network statistics, looking up dns information, capturing packets for analysis and tracing a path from source to destination. This serves as an introduction to linux networking commands, we have not exhausted all commands, only the common ones used day to day by linux network admins.

References.

  1. man command in linux distributions.

Sign up for FREE 3 months of Amazon Music. YOU MUST NOT MISS.