{"id":13199,"date":"2019-04-01T07:31:33","date_gmt":"2019-04-01T07:31:33","guid":{"rendered":"http:\/\/www.appservgrid.com\/paw92\/?p=13199"},"modified":"2019-04-01T07:41:35","modified_gmt":"2019-04-01T07:41:35","slug":"a-linux-sysadmins-guide-to-network-management-troubleshooting-and-debugging","status":"publish","type":"post","link":"https:\/\/www.appservgrid.com\/paw92\/index.php\/2019\/04\/01\/a-linux-sysadmins-guide-to-network-management-troubleshooting-and-debugging\/","title":{"rendered":"A Linux Sysadmin\u2019s Guide to Network Management, Troubleshooting and Debugging"},"content":{"rendered":"

A system administrator\u2019s routine tasks include configuring, maintaining, troubleshooting, and managing servers and networks within data centers. There are numerous tools and utilities in Linux designed for the administrative purposes.<\/p>\n

In this article, we will review some of the most used command-line tools and utilities for network management in Linux, under different categories. We will explain some common usage examples, which will make network management much easier in Linux.<\/p>\n\n\n\n\n\n\n\n\n
Table of Contents<\/td>\n<\/tr>\n
ifconfig Command<\/a><\/td>\nip Command<\/a><\/td>\nifup Command<\/a><\/td>\nethtool Command<\/a><\/td>\nping Command<\/a><\/td>\n<\/tr>\n
traceroute Command<\/a><\/td>\nmtr Command<\/a><\/td>\nroute Command<\/a><\/td>\nnmcli Command<\/a><\/td>\nnetstat Command<\/a><\/td>\n<\/tr>\n
ss Command<\/a><\/td>\nnc Command<\/a><\/td>\nnmap Command<\/a><\/td>\nhost Command<\/a><\/td>\ndig Command<\/a><\/td>\n<\/tr>\n
nslookup Command<\/a><\/td>\ntcpdump Command<\/a><\/td>\nWireshark Utility<\/a><\/td>\nbmon Tool<\/a><\/td>\niptables Firewall<\/a><\/td>\n<\/tr>\n
firewalld<\/a><\/td>\nUFW Firewall<\/a><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

This list is equally useful to full-time network engineers.<\/p>\n

Network Configuration, Troubleshooting and Debugging Tools<\/h3>\n

1. ifconfig Command<\/h4>\n

ifconfig<\/a>\u00a0is a command line interface tool for network interface configuration and also used to initialize an interfaces at system boot time. Once a server is up and running, it can be used to assign an IP Address to an interface and enable or disable the interface on demand.<\/p>\n

It is also used to view the status IP Address, Hardware \/ MAC address, as well as MTU (Maximum Transmission Unit) size of the currently active interfaces. ifconfig is thus useful for debugging or performing system tuning.<\/p>\n

Here is an example to display status of all active network interfaces.<\/p>\n

$ ifconfig<\/strong>\r\n\r\nenp1s0    Link encap:Ethernet  HWaddr 28:d2:44:eb:bd:98  \r\n          inet addr:192.168.0.103  Bcast:192.168.0.255  Mask:255.255.255.0\r\n          inet6 addr: fe80::8f0c:7825:8057:5eec\/64 Scope:Link\r\n          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1\r\n          RX packets:169854 errors:0 dropped:0 overruns:0 frame:0\r\n          TX packets:125995 errors:0 dropped:0 overruns:0 carrier:0\r\n          collisions:0 txqueuelen:1000 \r\n          RX bytes:174146270 (174.1 MB)  TX bytes:21062129 (21.0 MB)\r\n\r\nlo        Link encap:Local Loopback  \r\n          inet addr:127.0.0.1  Mask:255.0.0.0\r\n          inet6 addr: ::1\/128 Scope:Host\r\n          UP LOOPBACK RUNNING  MTU:65536  Metric:1\r\n          RX packets:15793 errors:0 dropped:0 overruns:0 frame:0\r\n          TX packets:15793 errors:0 dropped:0 overruns:0 carrier:0\r\n          collisions:0 txqueuelen:1 \r\n          RX bytes:2898946 (2.8 MB)  TX bytes:2898946 (2.8 MB)\r\n<\/pre>\n
To list all interfaces which are currently available, whether\u00a0up<\/strong>\u00a0or\u00a0down<\/strong>, use the\u00a0-a<\/code>\u00a0flag.<\/p>\n
$ ifconfig -a \t\r\n<\/pre>\n
To assign an IP address to an interface, use the following command.<\/p>\n
$ sudo ifconfig eth0 192.168.56.5 netmask 255.255.255.0\r\n<\/pre>\n
To activate an network interface, type.<\/p>\n
$ sudo ifconfig up eth0\r\n<\/pre>\n
To deactivate or shut down an network interface, type.<\/p>\n
$ sudo ifconfig down eth0\r\n<\/pre>\n
Note<\/strong>: Although\u00a0ifconfig<\/strong>\u00a0is a great tool, it is now obsolete (deprecated), its replacement is\u00a0ip command<\/strong>\u00a0which is explained below.<\/p>\n
2. IP Command<\/h4>\n
ip command<\/a>\u00a0is another useful command line utility for displaying and manipulating routing, network devices, interfaces. It is a replacement for\u00a0ifconfig<\/strong>\u00a0and many other networking commands. (Read our article \u201cWhat\u2019s Difference Between ifconfig and ip Command<\/a>\u201d to learn more about it.)<\/p>\n
The following command will show the IP address and other information about an network interface.<\/p>\n
$ ip addr show<\/strong>\r\n\r\n1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1\r\n    link\/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00\r\n    inet 127.0.0.1\/8 scope host lo\r\n       valid_lft forever preferred_lft forever\r\n    inet6 ::1\/128 scope host \r\n       valid_lft forever preferred_lft forever\r\n2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000\r\n    link\/ether 28:d2:44:eb:bd:98 brd ff:ff:ff:ff:ff:ff\r\n    inet 192.168.0.103\/24 brd 192.168.0.255 scope global dynamic enp1s0\r\n       valid_lft 5772sec preferred_lft 5772sec\r\n    inet6 fe80::8f0c:7825:8057:5eec\/64 scope link \r\n       valid_lft forever preferred_lft forever\r\n3: wlp2s0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000\r\n    link\/ether 38:b1:db:7c:78:c7 brd ff:ff:ff:ff:ff:ff\r\n...\r\n<\/pre>\n
To temporarily assign IP Address to a specific network interface (eth0<\/strong>), type.<\/p>\n
$ sudo ip addr add 192.168.56.1 dev eth0\r\n<\/pre>\n
To remove an assigned IP address from an network interface (eth0<\/strong>), type.<\/p>\n
$ sudo ip addr del 192.168.56.15\/24 dev eth0\r\n<\/pre>\n
To show the current neighbour table in kernel, type.<\/p>\n
$ ip neigh<\/strong>\r\n\r\n192.168.0.1 dev enp1s0 lladdr 10:fe:ed:3d:f3:82 REACHABLE\r\n<\/pre>\n
3. ifup, ifdown, and ifquery command<\/h4>\n
ifup<\/strong>\u00a0command actives a network interface, making it available to transfer and receive data.<\/p>\n
$ sudo ifup eth0\r\n<\/pre>\n
ifdown<\/strong>\u00a0command disables a network interface, keeping it in a state where it cannot transfer or receive data.<\/p>\n
$ sudo ifdown eth0\r\n<\/pre>\n
ifquery<\/strong>\u00a0command used to parse the network interface configuration, enabling you to receive answers to query about how it is currently configured.<\/p>\n
$ sudo ifquery eth0\r\n<\/pre>\n
4. Ethtool Command<\/h4>\n
ethtool<\/strong>\u00a0is a command line utility for querying and modifying network interface controller parameters and device drivers. The example below shows the usage of\u00a0ethtool<\/strong>\u00a0and a command to view the parameters for the network interface.<\/p>\n
$ sudo ethtool enp0s3<\/strong>\r\n\r\nSettings for enp0s3:\r\n\tSupported ports: [ TP ]\r\n\tSupported link modes:   10baseT\/Half 10baseT\/Full \r\n\t                        100baseT\/Half 100baseT\/Full \r\n\t                        1000baseT\/Full \r\n\tSupported pause frame use: No\r\n\tSupports auto-negotiation: Yes\r\n\tAdvertised link modes:  10baseT\/Half 10baseT\/Full \r\n\t                        100baseT\/Half 100baseT\/Full \r\n\t                        1000baseT\/Full \r\n\tAdvertised pause frame use: No\r\n\tAdvertised auto-negotiation: Yes\r\n\tSpeed: 1000Mb\/s\r\n\tDuplex: Full\r\n\tPort: Twisted Pair\r\n\tPHYAD: 0\r\n\tTransceiver: internal\r\n\tAuto-negotiation: on\r\n\tMDI-X: off (auto)\r\n\tSupports Wake-on: umbg\r\n\tWake-on: d\r\n\tCurrent message level: 0x00000007 (7)\r\n\t\t\t       drv probe link\r\n\tLink detected: yes\r\n<\/pre>\n
5. Ping Command<\/h4>\n
ping<\/a>\u00a0(Packet INternet Groper<\/strong>) is a utility normally used for testing connectivity between two systems on a network (Local Area Network<\/strong>\u00a0(LAN<\/strong>) or\u00a0Wide Area Network<\/strong>\u00a0(WAN<\/strong>)). It use\u00a0ICMP<\/strong>\u00a0(Internet Control Message Protocol<\/strong>) to communicate to nodes on a network.<\/p>\n
To test connectivity to another node, simply provide its IP or host name, for example.<\/p>\n
$ ping 192.168.0.103<\/strong>\r\n\r\nPING 192.168.0.103 (192.168.0.103) 56(84) bytes of data.\r\n64 bytes from 192.168.0.103: icmp_seq=1 ttl=64 time=0.191 ms\r\n64 bytes from 192.168.0.103: icmp_seq=2 ttl=64 time=0.156 ms\r\n64 bytes from 192.168.0.103: icmp_seq=3 ttl=64 time=0.179 ms\r\n64 bytes from 192.168.0.103: icmp_seq=4 ttl=64 time=0.182 ms\r\n64 bytes from 192.168.0.103: icmp_seq=5 ttl=64 time=0.207 ms\r\n64 bytes from 192.168.0.103: icmp_seq=6 ttl=64 time=0.157 ms\r\n^C\r\n--- 192.168.0.103 ping statistics ---\r\n6 packets transmitted, 6 received, 0% packet loss, time 5099ms\r\nrtt min\/avg\/max\/mdev = 0.156\/0.178\/0.207\/0.023 ms\r\n<\/pre>\n
You can also tell ping to exit after a specified number of\u00a0ECHO_REQUEST<\/strong>\u00a0packets, using the\u00a0-c<\/strong>\u00a0flag as shown.<\/p>\n
$ ping -c 4 192.168.0.103<\/strong>\r\n\r\nPING 192.168.0.103 (192.168.0.103) 56(84) bytes of data.\r\n64 bytes from 192.168.0.103: icmp_seq=1 ttl=64 time=1.09 ms\r\n64 bytes from 192.168.0.103: icmp_seq=2 ttl=64 time=0.157 ms\r\n64 bytes from 192.168.0.103: icmp_seq=3 ttl=64 time=0.163 ms\r\n64 bytes from 192.168.0.103: icmp_seq=4 ttl=64 time=0.190 ms\r\n\r\n--- 192.168.0.103 ping statistics ---\r\n4 packets transmitted, 4 received, 0% packet loss, time 3029ms\r\nrtt min\/avg\/max\/mdev = 0.157\/0.402\/1.098\/0.402 ms\r\n<\/pre>\n
6. Traceroute Command<\/h4>\n
Traceroute<\/strong>\u00a0is a command line utility for tracing the full path from your local system to another network system. It prints number of hops (router IP\u2019s) in that path you travel to reach the end server. It is an easy-to-use network troubleshooting utility after ping command.<\/p>\n
In this example, we are tracing the route packets take from the local system to one of Google\u2019s servers with IP address\u00a0216.58.204.46<\/strong>.<\/p>\n
$ traceroute 216.58.204.46<\/strong>\r\n\r\ntraceroute to 216.58.204.46 (216.58.204.46), 30 hops max, 60 byte packets\r\n 1  gateway (192.168.0.1)  0.487 ms  0.277 ms  0.269 ms\r\n 2  5.5.5.215 (5.5.5.215)  1.846 ms  1.631 ms  1.553 ms\r\n 3  * * *\r\n 4  72.14.194.226 (72.14.194.226)  3.762 ms  3.683 ms  3.577 ms\r\n 5  108.170.248.179 (108.170.248.179)  4.666 ms 108.170.248.162 (108.170.248.162)  4.869 ms 108.170.248.194 (108.170.248.194)  4.245 ms\r\n 6  72.14.235.133 (72.14.235.133)  72.443 ms 209.85.241.175 (209.85.241.175)  62.738 ms 72.14.235.133 (72.14.235.133)  65.809 ms\r\n 7  66.249.94.140 (66.249.94.140)  128.726 ms  127.506 ms 209.85.248.5 (209.85.248.5)  127.330 ms\r\n 8  74.125.251.181 (74.125.251.181)  127.219 ms 108.170.236.124 (108.170.236.124)  212.544 ms 74.125.251.181 (74.125.251.181)  127.249 ms\r\n 9  216.239.49.134 (216.239.49.134)  236.906 ms 209.85.242.80 (209.85.242.80)  254.810 ms  254.735 ms\r\n10  209.85.251.138 (209.85.251.138)  252.002 ms 216.239.43.227 (216.239.43.227)  251.975 ms 209.85.242.80 (209.85.242.80)  236.343 ms\r\n11  216.239.43.227 (216.239.43.227)  251.452 ms 72.14.234.8 (72.14.234.8)  279.650 ms  277.492 ms\r\n12  209.85.250.9 (209.85.250.9)  274.521 ms  274.450 ms 209.85.253.249 (209.85.253.249)  270.558 ms\r\n13  209.85.250.9 (209.85.250.9)  269.147 ms 209.85.254.244 (209.85.254.244)  347.046 ms 209.85.250.9 (209.85.250.9)  285.265 ms\r\n14  64.233.175.112 (64.233.175.112)  344.852 ms 216.239.57.236 (216.239.57.236)  343.786 ms 64.233.175.112 (64.233.175.112)  345.273 ms\r\n15  108.170.246.129 (108.170.246.129)  345.054 ms  345.342 ms 64.233.175.112 (64.233.175.112)  343.706 ms\r\n16  108.170.238.119 (108.170.238.119)  345.610 ms 108.170.246.161 (108.170.246.161)  344.726 ms 108.170.238.117 (108.170.238.117)  345.536 ms\r\n17  lhr25s12-in-f46.1e100.net (216.58.204.46)  345.382 ms  345.031 ms  344.884 ms\r\n<\/pre>\n
7. MTR Network Diagnostic Tool<\/h4>\n
MTR<\/a>\u00a0is a modern command-line network diagnostic tool that combines the functionality of\u00a0ping<\/strong>\u00a0and\u00a0traceroute<\/strong>\u00a0into a single diagnostic tool. Its output is updated in real-time, by default until you exit the program by pressing\u00a0q<\/code>.<\/p>\n
The easiest way of running\u00a0mtr<\/strong>\u00a0is to provide it a host name or IP address as an argument, as follows.<\/p>\n
$ mtr google.com\r\nOR\r\n$ mtr 216.58.223.78\r\n<\/pre>\n
Sample Output<\/h5>\n
tecmint.com (0.0.0.0)                                   Thu Jul 12 08:58:27 2018\r\nFirst TTL: 1\r\n\r\n Host                                                   Loss%   Snt   Last   Avg  Best  Wrst StDev\r\n 1. 192.168.0.1                                         0.0%    41    0.5   0.6   0.4   1.7   0.2\r\n 2. 5.5.5.215                                           0.0%    40    1.9   1.5   0.8   7.3   1.0\r\n 3. 209.snat-111-91-120.hns.net.in                      23.1%    40    1.9   2.7   1.7  10.5   1.6\r\n 4. 72.14.194.226                                       0.0%    40   89.1   5.2   2.2  89.1  13.7\r\n 5. 108.170.248.193                                     0.0%    40    3.0   4.1   2.4  52.4   7.8\r\n 6. 108.170.237.43                                      0.0%    40    2.9   5.3   2.5  94.1  14.4\r\n 7. bom07s10-in-f174.1e100.net                          0.0%    40    2.6   6.7   2.3  79.7  16.\r\n<\/pre>\n
You can limit the number of\u00a0pings<\/strong>\u00a0to a specific value and exit\u00a0mtr<\/strong>\u00a0after those pings, using the\u00a0-c<\/code>\u00a0flag as shown.<\/p>\n
$ mtr -c 4 google.com\r\n<\/pre>\n
8. Route Command<\/h4>\n
route<\/strong>\u00a0is a command line utility for displaying or manipulating the IP routing table of a Linux system. It is mainly used to configure static routes to specific hosts or networks via an interface.<\/p>\n
You can view Kernel IP routing table by typing.<\/p>\n
$ route<\/strong>\r\n\r\nDestination     Gateway         Genmask         Flags Metric Ref    Use Iface\r\ndefault         gateway         0.0.0.0         UG    100    0        0 enp0s3\r\n192.168.0.0     0.0.0.0         255.255.255.0   U     100    0        0 enp0s3\r\n192.168.122.0   0.0.0.0         255.255.255.0   U     0      0        0 virbr0\r\n<\/pre>\n
There are numerous commands you can use to configure routing. Here are some useful ones:<\/p>\n
Add a default gateway to the routing table.<\/p>\n
$ sudo route add default gw <gateway-ip>\r\n<\/pre>\n
Add a network route to the routing table.<\/p>\n
$ sudo route add -net <network ip\/cidr> gw <gateway ip> <interface>\r\n<\/pre>\n
Delete a specific route entry from the routing table.<\/p>\n
$ sudo route del -net <network ip\/cidr>\r\n<\/pre>\n
9. Nmcli Command<\/h4>\n
Nmcli<\/a>\u00a0is an easy-to-use, scriptable command-line tool to report network status, manage network connections, and control the\u00a0NetworkManager<\/strong>.<\/p>\n
To view all your network devices, type.<\/p>\n
$ nmcli dev status<\/strong>\r\n\r\nDEVICE      TYPE      STATE      CONNECTION         \r\nvirbr0      bridge    connected  virbr0             \r\nenp0s3      ethernet  connected  Wired connection 1 \r\n<\/pre>\n
To check network connections on your system, type.<\/p>\n
$ nmcli con show<\/strong>\r\n\r\nWired connection 1  bc3638ff-205a-3bbb-8845-5a4b0f7eef91  802-3-ethernet  enp0s3 \r\nvirbr0              00f5d53e-fd51-41d3-b069-bdfd2dde062b  bridge          virbr0 \r\n<\/pre>\n
To see only the active connections, add the\u00a0-a<\/code>\u00a0flag.<\/p>\n
$ nmcli con show -a\r\n<\/pre>\n
Network Scanning and Performance Analysis Tools<\/h3>\n
10. Netstat Command<\/h4>\n
netstat<\/a>\u00a0is a command line tool that displays useful information such as network connections, routing tables, interface statistics, and much more, concerning the Linux networking subsystem. It is useful for network troubleshooting and performance analysis.<\/p>\n
Additionally, it is also a fundamental network service debugging tool used to check which programs are listening on what ports. For instance, the following command will show all TCP ports in listening mode and what programs are listening on them.<\/p>\n
$ sudo netstat -tnlp<\/strong>\r\n\r\nActive Internet connections (only servers)\r\nProto Recv-Q Send-Q Local Address           Foreign Address         State       PID\/Program name    \r\ntcp        0      0 0.0.0.0:587             0.0.0.0:*               LISTEN      1257\/master         \r\ntcp        0      0 127.0.0.1:5003          0.0.0.0:*               LISTEN      1\/systemd           \r\ntcp        0      0 0.0.0.0:110             0.0.0.0:*               LISTEN      1015\/dovecot        \r\ntcp        0      0 0.0.0.0:143             0.0.0.0:*               LISTEN      1015\/dovecot        \r\ntcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      1\/systemd           \r\ntcp        0      0 0.0.0.0:465             0.0.0.0:*               LISTEN      1257\/master         \r\ntcp        0      0 0.0.0.0:53              0.0.0.0:*               LISTEN      1404\/pdns_server    \r\ntcp        0      0 0.0.0.0:21              0.0.0.0:*               LISTEN      1064\/pure-ftpd (SER \r\ntcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      972\/sshd            \r\ntcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN      975\/cupsd           \r\ntcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN      1257\/master         \r\ntcp        0      0 0.0.0.0:8090            0.0.0.0:*               LISTEN      636\/lscpd (lscpd -  \r\ntcp        0      0 0.0.0.0:993             0.0.0.0:*               LISTEN      1015\/dovecot        \r\ntcp        0      0 0.0.0.0:995             0.0.0.0:*               LISTEN      1015\/dovecot        \r\ntcp6       0      0 :::3306                 :::*                    LISTEN      1053\/mysqld         \r\ntcp6       0      0 :::3307                 :::*                    LISTEN      1211\/mysqld         \r\ntcp6       0      0 :::587                  :::*                    LISTEN      1257\/master         \r\ntcp6       0      0 :::110                  :::*                    LISTEN      1015\/dovecot        \r\ntcp6       0      0 :::143                  :::*                    LISTEN      1015\/dovecot        \r\ntcp6       0      0 :::111                  :::*                    LISTEN      1\/systemd           \r\ntcp6       0      0 :::80                   :::*                    LISTEN      990\/httpd           \r\ntcp6       0      0 :::465                  :::*                    LISTEN      1257\/master         \r\ntcp6       0      0 :::53                   :::*                    LISTEN      1404\/pdns_server    \r\ntcp6       0      0 :::21                   :::*                    LISTEN      1064\/pure-ftpd (SER \r\ntcp6       0      0 :::22                   :::*                    LISTEN      972\/sshd            \r\ntcp6       0      0 ::1:631                 :::*                    LISTEN      975\/cupsd           \r\ntcp6       0      0 :::25                   :::*                    LISTEN      1257\/master         \r\ntcp6       0      0 :::993                  :::*                    LISTEN      1015\/dovecot        \r\ntcp6       0      0 :::995                  :::*                    LISTEN      1015\/dovecot        \r\n<\/pre>\n
To view kernel routing table, use the\u00a0-r<\/code>\u00a0flag (which is equivalent to running\u00a0route<\/strong>\u00a0command above).<\/p>\n
$ netstat -r<\/strong>\r\n\r\nDestination     Gateway         Genmask         Flags   MSS Window  irtt Iface\r\ndefault         gateway         0.0.0.0         UG        0 0          0 enp0s3\r\n192.168.0.0     0.0.0.0         255.255.255.0   U         0 0          0 enp0s3\r\n192.168.122.0   0.0.0.0         255.255.255.0   U         0 0          0 virbr0\r\n<\/pre>\n
Note<\/strong>: Although Netstat is a great tool, it is now obsolete (deprecated), its replacement is\u00a0ss command<\/strong>\u00a0which is explained below.<\/p>\n
11. ss Command<\/h4>\n
ss<\/strong>\u00a0(socket statistics<\/strong>) is a powerful command line utility to investigate sockets. It dumps socket statistics and displays information similar to\u00a0netstat<\/strong>. In addition, it shows more TCP and state information compared to other similar utilities.<\/p>\n
The following example show how to list all\u00a0TCP<\/strong>\u00a0ports (sockets<\/strong>) that are open on a server.<\/p>\n
$ ss -ta<\/strong>\r\n\r\nState      Recv-Q Send-Q                                        Local Address:Port                                                         Peer Address:Port                \r\nLISTEN     0      100                                                       *:submission                                                              *:*                    \r\nLISTEN     0      128                                               127.0.0.1:fmpro-internal                                                          *:*                    \r\nLISTEN     0      100                                                       *:pop3                                                                    *:*                    \r\nLISTEN     0      100                                                       *:imap                                                                    *:*                    \r\nLISTEN     0      128                                                       *:sunrpc                                                                  *:*                    \r\nLISTEN     0      100                                                       *:urd                                                                     *:*                    \r\nLISTEN     0      128                                                       *:domain                                                                  *:*                    \r\nLISTEN     0      9                                                         *:ftp                                                                     *:*                    \r\nLISTEN     0      128                                                       *:ssh                                                                     *:*                    \r\nLISTEN     0      128                                               127.0.0.1:ipp                                                                     *:*                    \r\nLISTEN     0      100                                                       *:smtp                                                                    *:*                    \r\nLISTEN     0      128                                                       *:8090                                                                    *:*                    \r\nLISTEN     0      100                                                       *:imaps                                                                   *:*                    \r\nLISTEN     0      100                                                       *:pop3s                                                                   *:*                    \r\nESTAB      0      0                                             192.168.0.104:ssh                                                         192.168.0.103:36398                \r\nESTAB      0      0                                                 127.0.0.1:34642                                                           127.0.0.1:opsession-prxy       \r\nESTAB      0      0                                                 127.0.0.1:34638                                                           127.0.0.1:opsession-prxy       \r\nESTAB      0      0                                                 127.0.0.1:34644                                                           127.0.0.1:opsession-prxy       \r\nESTAB      0      0                                                 127.0.0.1:34640                                                           127.0.0.1:opsession-prxy       \r\nLISTEN     0      80                                                       :::mysql                                                                  :::*             \r\n...\r\n<\/pre>\n
To display all active\u00a0TCP<\/strong>\u00a0connections together with their timers, run the following command.<\/p>\n
$ ss -to\r\n<\/pre>\n
12 NC Command<\/h4>\n
NC (NetCat)<\/a>\u00a0also referred to as the \u201cNetwork Swiss Army knife<\/strong>\u201d, is a powerful utility used for almost any task related to TCP, UDP, or UNIX-domain sockets. It is used open TCP connections, listen on arbitrary TCP and UDP ports, perform port scanning plus more.<\/p>\n
You can also use it as a simple TCP proxies, for network daemon testing, to check if remote ports are reachable and much more. Furthermore, you can employ\u00a0nc<\/strong>together with\u00a0pv command<\/a>\u00a0to transfer files between two computers.<\/p>\n
The following example, will show how to scan a list of ports.<\/p>\n
$ nc -zv server2.tecmint.lan 21 22 80 443 3000\r\n<\/pre>\n
You can also specify a range of ports as shown.<\/p>\n
$ nc -zv server2.tecmint.lan 20-90\r\n<\/pre>\n
The following example shows how to use\u00a0nc<\/strong>\u00a0to open a TCP connection to port\u00a05000<\/strong>\u00a0on\u00a0server2.tecmint.lan<\/strong>, using port\u00a03000<\/strong>\u00a0as the source port, with a timeout of\u00a010<\/strong>\u00a0seconds.<\/p>\n
$ nc -p 3000 -w 10 server2.tecmint.lan 5000 \r\n<\/pre>\n
13. Nmap Command<\/h4>\n
Nmap<\/a>\u00a0(Network Mapper<\/strong>) is a powerful and extremely versatile tool for Linux system\/network administrators. It is used gather information about a single host or explore networks an entire network. Nmap is also used to perform security scans, network audit and finding open ports on remote hosts and so much more.<\/p>\n
You can scan a host using its host name or IP address, for instance.<\/p>\n
$ nmap google.com <\/strong>\r\n\r\nStarting Nmap 6.40 ( http:\/\/nmap.org ) at 2018-07-12 09:23 BST\r\nNmap scan report for google.com (172.217.166.78)\r\nHost is up (0.0036s latency).\r\nrDNS record for 172.217.166.78: bom05s15-in-f14.1e100.net\r\nNot shown: 998 filtered ports\r\nPORT    STATE SERVICE\r\n80\/tcp  open  http\r\n443\/tcp open  https\r\n\r\nNmap done: 1 IP address (1 host up) scanned in 4.92 seconds\r\n<\/pre>\n
Alternatively, use an IP address as shown.<\/p>\n
$ nmap 192.168.0.103<\/strong>\r\n\r\nStarting Nmap 6.40 ( http:\/\/nmap.org ) at 2018-07-12 09:24 BST\r\nNmap scan report for 192.168.0.103\r\nHost is up (0.000051s latency).\r\nNot shown: 994 closed ports\r\nPORT     STATE SERVICE\r\n22\/tcp   open  ssh\r\n25\/tcp   open  smtp\r\n902\/tcp  open  iss-realsecure\r\n4242\/tcp open  vrml-multi-use\r\n5900\/tcp open  vnc\r\n8080\/tcp open  http-proxy\r\nMAC Address: 28:D2:44:EB:BD:98 (Lcfc(hefei) Electronics Technology Co.)\r\n\r\nNmap done: 1 IP address (1 host up) scanned in 0.13 seconds\r\n<\/pre>\n
Read our following useful articles on nmap command.<\/p>\n
    \n
  1. How to Use Nmap Script Engine (NSE) Scripts in Linux<\/a><\/li>\n
  2. A Practical Guide to Nmap (Network Security Scanner) in Kali Linux<\/a><\/li>\n
  3. Find Out All Live Hosts IP Addresses Connected on Network in Linux<\/a><\/li>\n<\/ol>\n
    DNS Lookup Utilities<\/h3>\n
    14. host Command<\/h4>\n
    host command<\/a>\u00a0is a simple utility for carrying out DNS lookups, it translates host names to IP addresses and vice versa.<\/p>\n
    $ host google.com<\/strong>\r\n\r\ngoogle.com has address 172.217.166.78\r\ngoogle.com mail is handled by 20 alt1.aspmx.l.google.com.\r\ngoogle.com mail is handled by 30 alt2.aspmx.l.google.com.\r\ngoogle.com mail is handled by 40 alt3.aspmx.l.google.com.\r\ngoogle.com mail is handled by 50 alt4.aspmx.l.google.com.\r\ngoogle.com mail is handled by 10 aspmx.l.google.com.\r\n<\/pre>\n
    15. dig Command<\/h4>\n
    dig<\/a>\u00a0(domain information groper<\/strong>) is also another simple DNS lookup utility, that is used to query DNS related information such as A Record, CNAME, MX Record etc, for example:<\/p>\n
    $ dig google.com<\/strong>\r\n\r\n; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7 <<>> google.com\r\n;; global options: +cmd\r\n;; Got answer:\r\n;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23083\r\n;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 14\r\n\r\n;; OPT PSEUDOSECTION:\r\n; EDNS: version: 0, flags:; udp: 4096\r\n;; QUESTION SECTION:\r\n;google.com.\t\t\tIN\tA\r\n\r\n;; ANSWER SECTION:\r\ngoogle.com.\t\t72\tIN\tA\t172.217.166.78\r\n\r\n;; AUTHORITY SECTION:\r\ncom.\t\t\t13482\tIN\tNS\tc.gtld-servers.net.\r\ncom.\t\t\t13482\tIN\tNS\td.gtld-servers.net.\r\ncom.\t\t\t13482\tIN\tNS\te.gtld-servers.net.\r\ncom.\t\t\t13482\tIN\tNS\tf.gtld-servers.net.\r\ncom.\t\t\t13482\tIN\tNS\tg.gtld-servers.net.\r\ncom.\t\t\t13482\tIN\tNS\th.gtld-servers.net.\r\ncom.\t\t\t13482\tIN\tNS\ti.gtld-servers.net.\r\ncom.\t\t\t13482\tIN\tNS\tj.gtld-servers.net.\r\ncom.\t\t\t13482\tIN\tNS\tk.gtld-servers.net.\r\ncom.\t\t\t13482\tIN\tNS\tl.gtld-servers.net.\r\ncom.\t\t\t13482\tIN\tNS\tm.gtld-servers.net.\r\ncom.\t\t\t13482\tIN\tNS\ta.gtld-servers.net.\r\ncom.\t\t\t13482\tIN\tNS\tb.gtld-servers.net.\r\n\r\n;; ADDITIONAL SECTION:\r\na.gtld-servers.net.\t81883\tIN\tA\t192.5.6.30\r\nb.gtld-servers.net.\t3999\tIN\tA\t192.33.14.30\r\nc.gtld-servers.net.\t14876\tIN\tA\t192.26.92.30\r\nd.gtld-servers.net.\t85172\tIN\tA\t192.31.80.30\r\ne.gtld-servers.net.\t95861\tIN\tA\t192.12.94.30\r\nf.gtld-servers.net.\t78471\tIN\tA\t192.35.51.30\r\ng.gtld-servers.net.\t5217\tIN\tA\t192.42.93.30\r\nh.gtld-servers.net.\t111531\tIN\tA\t192.54.112.30\r\ni.gtld-servers.net.\t93017\tIN\tA\t192.43.172.30\r\nj.gtld-servers.net.\t93542\tIN\tA\t192.48.79.30\r\nk.gtld-servers.net.\t107218\tIN\tA\t192.52.178.30\r\nl.gtld-servers.net.\t6280\tIN\tA\t192.41.162.30\r\nm.gtld-servers.net.\t2689\tIN\tA\t192.55.83.30\r\n\r\n;; Query time: 4 msec\r\n;; SERVER: 192.168.0.1#53(192.168.0.1)\r\n;; WHEN: Thu Jul 12 09:30:57 BST 2018\r\n;; MSG SIZE  rcvd: 487\r\n<\/pre>\n
    16. NSLookup Command<\/h4>\n
    Nslookup<\/a>\u00a0is also a popular command line utility to query DNS servers both interactively and non-interactively. It is used to query DNS resource records (RR). You can find out \u201cA\u201d record (IP address) of a domain as shown.<\/p>\n
    $ nslookup google.com<\/strong>\r\n\r\nServer:\t\t192.168.0.1\r\nAddress:\t192.168.0.1#53\r\n\r\nNon-authoritative answer:\r\nName:\tgoogle.com\r\nAddress: 172.217.166.78\r\n<\/pre>\n
    You can also perform a reverse domain lookup as shown.<\/p>\n
    $ nslookup 216.58.208.174<\/strong>\r\n\r\nServer:\t\t192.168.0.1\r\nAddress:\t192.168.0.1#53\r\n\r\nNon-authoritative answer:\r\n174.208.58.216.in-addr.arpa\tname = lhr25s09-in-f14.1e100.net.\r\n174.208.58.216.in-addr.arpa\tname = lhr25s09-in-f174.1e100.net.\r\n\r\nAuthoritative answers can be found from:\r\nin-addr.arpa\tnameserver = e.in-addr-servers.arpa.\r\nin-addr.arpa\tnameserver = f.in-addr-servers.arpa.\r\nin-addr.arpa\tnameserver = a.in-addr-servers.arpa.\r\nin-addr.arpa\tnameserver = b.in-addr-servers.arpa.\r\nin-addr.arpa\tnameserver = c.in-addr-servers.arpa.\r\nin-addr.arpa\tnameserver = d.in-addr-servers.arpa.\r\na.in-addr-servers.arpa\tinternet address = 199.180.182.53\r\nb.in-addr-servers.arpa\tinternet address = 199.253.183.183\r\nc.in-addr-servers.arpa\tinternet address = 196.216.169.10\r\nd.in-addr-servers.arpa\tinternet address = 200.10.60.53\r\ne.in-addr-servers.arpa\tinternet address = 203.119.86.101\r\nf.in-addr-servers.arpa\tinternet address = 193.0.9.1\r\n<\/pre>\n
    Linux Network Packet Analyzers<\/h3>\n
    17. Tcpdump Command<\/h4>\n
    Tcpdump<\/a>\u00a0is a very powerful and widely used command-line network sniffer. It is used to capture and analyze TCP\/IP packets transmitted or received over a network on a specific interface.<\/p>\n
    To capture packets from a given interface, specify it using the\u00a0-i<\/code>\u00a0option.<\/p>\n
    $ tcpdump -i eth1<\/strong>\r\n\r\ntcpdump: verbose output suppressed, use -v or -vv for full protocol decode\r\nlistening on enp0s3, link-type EN10MB (Ethernet), capture size 262144 bytes\r\n09:35:40.287439 IP tecmint.com.ssh > 192.168.0.103.36398: Flags [P.], seq 4152360356:4152360552, ack 306922699, win 270, options [nop,nop,TS val 2211778668 ecr 2019055], length 196\r\n09:35:40.287655 IP 192.168.0.103.36398 > tecmint.com.ssh: Flags [.], ack 196, win 5202, options [nop,nop,TS val 2019058 ecr 2211778668], length 0\r\n09:35:40.288269 IP tecmint.com.54899 > gateway.domain: 43760+ PTR? 103.0.168.192.in-addr.arpa. (44)\r\n09:35:40.333763 IP gateway.domain > tecmint.com.54899: 43760 NXDomain* 0\/1\/0 (94)\r\n09:35:40.335311 IP tecmint.com.52036 > gateway.domain: 44289+ PTR? 1.0.168.192.in-addr.arpa. (42)\r\n<\/pre>\n
    To capture a specific number of packets, use the\u00a0-c<\/code>\u00a0option to enter the desired number.<\/p>\n
    $ tcpdump -c 5 -i eth1\r\n<\/pre>\n
    You can also capture and save packets to a file for later analysis, use the\u00a0-w<\/code>\u00a0flag to specify the output file.<\/p>\n
    $ tcpdump -w captured.pacs -i eth1\r\n<\/pre>\n
    18. Wireshark Utility<\/h4>\n
    Wireshark<\/a>\u00a0is a popular, powerful, versatile and easy to use tool for capturing and analyzing packets in a packet-switched network, in real-time.<\/p>\n
    You can also save data it has captured to a file for later inspection. It is used by system administrators and network engineers to monitor and inspect the packets for security and troubleshooting purposes.<\/p>\n
    Read our article \u201c10 Tips On How to Use Wireshark to Analyze Network Packets<\/a>\u00a0to learn more about Wireshark\u201d.<\/p>\n
    19. Bmon Tool<\/h4>\n
    bmon<\/a>\u00a0is a powerful, command line based network monitoring and debugging utility for Unix-like systems, it captures networking related statistics and prints them visually in a human friendly format. It is a reliable and effective real-time bandwidth monitor and rate estimator.<\/p>\n
    Read our article \u201cbmon \u2013 A Powerful Network Bandwidth Monitoring and Debugging Tool<\/a>\u00a0to learn more about bmon\u201d.<\/p>\n
    Linux Firewall Management Tools<\/h3>\n
    20. Iptables Firewall<\/h4>\n
    iptables<\/a>\u00a0is a command line tool for configuring, maintaining, and inspecting the tables IP packet filtering and NAT ruleset. It it used to set up and manage the Linux firewall (Netfilter). It allows you to list existing packet filter rules; add or delete or modify packet filter rules; list per-rule counters of the packet filter rules.<\/p>\n
    You can learn how to use\u00a0Iptables<\/strong>\u00a0for various purposes from our simple yet comprehensive guides.<\/p>\n
      \n
    1. Basic Guide on IPTables (Linux Firewall) Tips \/ Commands<\/a><\/li>\n
    2. 25 Useful IPtable Firewall Rules Every Linux Administrator Should Know<\/a><\/li>\n
    3. How To Setup an Iptables Firewall to Enable Remote Access to Services<\/a><\/li>\n
    4. How to Block Ping ICMP Requests to Linux Systems<\/a><\/li>\n<\/ol>\n
      21. Firewalld<\/h4>\n
      Firewalld<\/a>\u00a0is a powerful and dynamic daemon to manage the Linux firewall (Netfilter), just like\u00a0iptables<\/strong>. It uses \u201cnetworks zones<\/strong>\u201d instead of INPUT, OUTPUT and FORWARD CHAINS in iptables. On current Linux distributions such as\u00a0RHEL\/CentOS 7<\/strong>\u00a0and\u00a0Fedora 21+<\/strong>,\u00a0iptables<\/strong>\u00a0is actively being replaced by\u00a0firewalld<\/strong>.<\/p>\n
      To get started with\u00a0firewalld<\/strong>, consult these guides listed below:<\/p>\n
        \n
      1. Useful \u2018FirewallD\u2019 Rules to Configure and Manage Firewall in Linux<\/a><\/li>\n
      2. How to Configure \u2018FirewallD\u2019 in RHEL\/CentOS 7 and Fedora 21<\/a><\/li>\n
      3. How to Start\/Stop and Enable\/Disable FirewallD and Iptables Firewall in Linux<\/a><\/li>\n
      4. Setting Up Samba and Configure FirewallD and SELinux to Allow File Sharing on Linux\/Windows<\/a><\/li>\n<\/ol>\n
        Important<\/strong>:\u00a0Iptables<\/strong>\u00a0is still supported and can be installed with\u00a0YUM package manager<\/a>. However, you can\u2019t use\u00a0Firewalld<\/strong>\u00a0and\u00a0iptables<\/strong>\u00a0at the same time on same server \u2013 you must choose one.<\/p>\n
        22. UFW (Uncomplicated Firewall)<\/h4>\n
        UFW<\/a>\u00a0is a well known and default firewall configuration tool on\u00a0Debian<\/strong>\u00a0and\u00a0Ubuntu<\/strong>\u00a0Linux distributions. It is used top enable\/disable system firewall, add\/delete\/modify\/reset packet filtering rules and much more.<\/p>\n
        To check UFW firewall status, type.<\/p>\n
        $ sudo ufw status\r\n<\/pre>\n
        If UFW firewall is not active, you can activate or enable it using the following command.<\/p>\n
        $ sudo ufw enable\r\n<\/pre>\n
        To disable UFW firewall, use the following command.<\/p>\n
        $ sudo ufw disable \r\n<\/pre>\n
        Read our article \u201cHow to Setup UFW Firewall on Ubuntu and Debian<\/a>\u201d to learn more UFW).<\/p>\n
        If you want to find more information about a particular program, you can consult its man pages as shown.<\/p>\n
        $ man programs_name\r\n<\/pre>\n
        That\u2019s all for now! In this comprehensive guide, we reviewed some of the most used command-line tools and utilities for network management in Linux, under different categories, for system administrators, and equally useful to full-time network administrators\/engineers.<\/p>\n
        You can share your thoughts about this guide via the comment form below. If we have missed any frequently used and important Linux networking tools\/utilities or any useful related information, also let us know.<\/p>\n
        Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"
        A system administrator\u2019s routine tasks include configuring, maintaining, troubleshooting, and managing servers and networks within data centers. There are numerous tools and utilities in Linux designed for the administrative purposes. In this article, we will review some of the most used command-line tools and utilities for network management in Linux, under different categories. We will … <\/p>\n
        Continue reading “A Linux Sysadmin\u2019s Guide to Network Management, Troubleshooting and Debugging”<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-13199","post","type-post","status-publish","format-standard","hentry","category-linux"],"_links":{"self":[{"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/posts\/13199","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/comments?post=13199"}],"version-history":[{"count":3,"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/posts\/13199\/revisions"}],"predecessor-version":[{"id":13203,"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/posts\/13199\/revisions\/13203"}],"wp:attachment":[{"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/media?parent=13199"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/categories?post=13199"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/tags?post=13199"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}