Linux systems provide a lot of useful commands for reviewing network configuration and connections. Here's a look at a few, including ifquery, ifup, ifdown and ifconfig. Credit: Alan Levine There are a lot of commands available on Linux for looking at network settings and connections. In today’s post, we’re going to run through some very handy commands and see how they work. ifquery command One very useful command is the ifquery command. This command should give you a quick list of network interfaces. However, you might only see something like this —showing only the loopback interface: $ ifquery --list lo If this is the case, your /etc/network/interfaces file doesn’t include information on network interfaces except for the loopback interface. You can add lines like the last two in the example below — assuming DHCP is used to assign addresses — if you’d like it to be more useful. # interfaces(5) file used by ifup(8) and ifdown(8) auto lo iface lo inet loopback auto eth0 iface eth0 inet dhcp ifup and ifdown commands The related ifup and ifdown commands can be used to bring network connections up and shut them down as needed provided this file has the required descriptive data. Just keep in mind that “if” means “interface” in these commands just as it does in the ifconfig command, not “if” as in “if I only had a brain”. ifconfig command The ifconfig command, on the other hand, doesn’t read the /etc/network/interfaces file at all and still provides quite a bit of useful information on network interfaces — configuration data along with packet counts that tell you how busy each interface has been. The ifconfig command can also be used to shut down and restart network interfaces (e.g., ifconfig eth0 down). $ ifconfig eth0 eth0 Link encap:Ethernet HWaddr 00:1e:4f:c8:43:fc inet addr:192.168.0.6 Bcast:192.168.0.255 Mask:255.255.255.0 inet6 addr: fe80::b44b:bdb6:2527:6ae9/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:60474 errors:0 dropped:0 overruns:0 frame:0 TX packets:33463 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:43922053 (43.9 MB) TX bytes:4000460 (4.0 MB) Interrupt:21 Memory:fe9e0000-fea00000 The RX and TX packet counts in this output are extremely low. In addition, no errors or packet collisions have been reported. The uptime command will likely confirm that this system has only recently been rebooted. The broadcast (Bcast) and network mask (Mask) addresses shown above indicate that the system is operating on a Class C equivalent network (the default) so local addresses will range from 192.168.0.1 to 192.168.0.254. netstat command The netstat command provides information on routing and network connections. Without arguments, it will display a list of open sockets. Nearly all will be related to processes on the local system. For example, in the truncated output below, we see only two incoming ssh connections to the local system (dragonfly) have been established. $ netstat | head -4 Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 64 dragonfly:ssh dragonfly:8812 ESTABLISHED tcp 0 0 dragonfly:ssh dragonfly:33505 ESTABLISHED netstat -rn Using -rn, netstat will display the system’s routing table. $ netstat -rn Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 The 192.168.0.1 address is the local gateway (Flags=UG). The 169.254.0.0 entry in the above output is only necessary if you are using or planning to use link-local communications. You can comment out the related lines in the /etc/network/if-up.d/avahi-autoipd file like this if this is not the case: $ tail -12 /etc/network/if-up.d/avahi-autoipd #if [ -x /bin/ip ]; then # # route already present? # ip route show | grep -q '^169.254.0.0/16[[:space:]]' && exit 0 # # /bin/ip route add 169.254.0.0/16 dev $IFACE metric 1000 scope link #elif [ -x /sbin/route ]; then # # route already present? # /sbin/route -n | egrep -q "^169.254.0.0[[:space:]]" && exit 0 # # /sbin/route add -net 169.254.0.0 netmask 255.255.0.0 dev $IFACE metric 1000 #fi netstat -a command The netstat -a command will display all network connections. To limit this to listening and established connections (generally much more useful), use the netstat -at command instead. $ netstat -at Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 *:ssh *:* LISTEN tcp 0 0 localhost:ipp *:* LISTEN tcp 0 0 localhost:smtp *:* LISTEN tcp 0 256 192.168.0.6:ssh 192.168.0.32:53550 ESTABLISHED tcp6 0 0 [::]:http [::]:* LISTEN tcp6 0 0 [::]:ssh [::]:* LISTEN tcp6 0 0 ip6-localhost:ipp [::]:* LISTEN tcp6 0 0 ip6-localhost:smtp [::]:* LISTEN host command The host command works a lot like nslookup by looking up the remote system’s IP address, but also provides the system’s mail handler. $ host world.std.com world.std.com has address 192.74.137.5 world.std.com mail is handled by 10 smtp.theworld.com. nslookup command The nslookup also provides information on the system (in this case, the local system) that is providing DNS lookup services. $ nslookup world.std.com Server: 127.0.1.1 Address: 127.0.1.1#53 Non-authoritative answer: Name: world.std.com Address: 192.74.137.5 dig command The dig command provides quitea lot of information on connecting to a remote system — including the name server we are communicating with and how long the query takes to respond and is often used for troubleshooting. $ dig world.std.com ; > DiG 9.10.3-P4-Ubuntu > world.std.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER nmap command The nmap command is most frequently used to probe remote systems, but can also be used to report on the services being offered by the local system. In the output below, we can see that ssh is available for logins, that smtp is servicing email, that a web site is active, and that an ipp print service is running. $ nmap localhost Starting Nmap 7.01 ( https://nmap.org ) at 2017-10-09 15:01 EDT Nmap scan report for localhost (127.0.0.1) Host is up (0.00016s latency). Not shown: 996 closed ports PORT STATE SERVICE 22/tcp open ssh 25/tcp open smtp 80/tcp open http 631/tcp open ipp Nmap done: 1 IP address (1 host up) scanned in 0.09 seconds Linux systems provide a lot of useful commands for reviewing their network configuration and connections. If you run out of commands to explore, keep in mind that apropos network might point you toward even more. Related content how-to Compressing files using the zip command on Linux The zip command lets you compress files to preserve them or back them up, and you can require a password to extract the contents of a zip file. By Sandra Henry-Stocker May 13, 2024 4 mins Linux opinion NSA, FBI warn of email spoofing threat Email spoofing is acknowledged by experts as a very credible threat. By Sandra Henry-Stocker May 13, 2024 3 mins Linux how-to The logic of && and || on Linux These AND and OR equivalents can be used in scripts to determine next actions. By Sandra Henry-Stocker May 02, 2024 4 mins Linux how-to Using the apropos command on Linux By Sandra Henry-Stocker Apr 24, 2024 3 mins Linux PODCASTS VIDEOS RESOURCES EVENTS NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe