Logo Linux Network Commands

This page is a resource of the Networking Group of the BTC , affiliated with the College of Computing of Georgia Tech .

Any reasonable distribution of Linux has many basic network commands available for installation. This page lists and describes the commands you should have available if you have a Linux box and chose to install networking capabilities. I have tried to make this list fairly complete; if you see any omissions (or rather, if you do not see something that should not have been omitted) then please mail me. I have arranged them according to the following categories:

Network Configuration

The most fundamental commands are those used to configure network interfaces and policies. While they are primarily of interest to administrators with the responsibility (and permissions) to configure the machine, they permit regular users to at least determine how the machine is set up. Note that most of these commands are used by shell scripts during boot to set up networking automatically.

Linux recognizes network interfaces on bootup. (Or at least it does so if the kernel is configured properly.) Each interface is automatically assigned a label - like ``lo0'' for the loopback interface with which the machine talks to itself, ``eth3 '' for the fourth internet card installed on the system (since numbering starts with zero), and ``ax0'' for the first Ham radio packet interface present.

These commands are presented in the order they would typically be used while setting up networking.

If some of your network cards are fancy and support multiple transceiver types, then you start configuration by using this command to specify which transceiver type you will use.

This command is used to configure network interfaces, or to display their current configuration. In addition to activating and deactivating interfaces with the up and down settings, this command is necessary for setting an interface's address information. An IP interface, for example, needs to be told both its own address and the network mask and broadcast address of its subnet.

Once its interfaces are configured, your machine can receive packets from the network. But where should outgoing packets be sent? Making this decision is called ``routing,'' and it is made by consulting the system's routing table. The destination address of every outgoing packet is checked against every line of this table; if a matching line is found then the packet is sent out the interface listed on that line of the table; if no match is found the system returns the error ``Unreachable host.'' The route command is the tool used to display or modify the routing table.

Sometimes users are granted the ability to bring certain interfaces up or down on their own; this is the command they use. It is like an emasculated version of ifconfig , that can only turn the interface on or off.

If your machine is configured to act as a firewall, you can set up: IP accounting; IP input, forwarding, and output filters; and IP masquerading. This is the command used to perform these functions. It is also used to display the contents of the filter tables.

When the system transmits a packet, it has to send it to a particular physical-layer address (actually, some messages are sent in broadcast mode, but these are kept to a minimum since they require the attention of every processor connected to the LAN). For instance, when you send an IP packet over Ethernet, it will normally be sent to the Ethernet address of another machine directly connected to it. The ARP (Address Resolution Protocol) table normally uses an automatic mechanism to find what physical addresses go with which IP addresses. The arp command displays this table, and can be used to modify it, though this necessity is rare.

TCP/IP Testing and Troubleshooting

The IP protocol includes control messages called ICMP packets. One type of ICMP packet is called an ``echo request,'' and the IP rules require its recipient to send back an ``echo reply.'' These are incredibly useful because you can determine (1) whether the remote host is up and talking to the network, (2) the time required for a packet to make a round-trip to the host, and (3) (by sending a few dozen echo requests) what fraction of the packets sent between the hosts get lost somewhere along the way.

The ping command (named after the sound of an active sonar system) sends echo requests to the host you specify on the command line, and lists the responses received their round trip time. When you terminate ping (probably by hitting control-C) it summarizes the results, giving the average round trip time and the percent packet loss. This command is used constantly to determine whether there is a problem with the network connection between two hosts.

While ping gives information about the performance of the network path between two hosts, traceroute will actually show the route. It attempts to list the series of hosts through which your packets travel on their way to a given destination. Complications can arise that will affect its operation; see the manual page for details. By observing the output of this command, and especially by following it up with ping s of specific hosts on the route, the exact location of a bad (high error or latency) link can be discovered.

People like names rather than numbers; ``www.linux.org'' is easier to remember than ``'' So the Internet includes a huge distributed database called the Domain Name Service that converts text host names into numeric IP addresses. Basically, the last components of the name are used to identify the server responsible for interpreting the first parts of the name. So a query of ``elvis.mit.edu'' gets sent to a top-level DNS server responsible for ``edu'', which passes the request on to a DNS server at MIT, which knows which machine they call ``elvis''.

These commands all perform a DNS query for you. All three can do simple queries (host name to address), reverse queries (address to host name), and more exotic operations (like listing all of the hosts in a domain). The dig command is often considered to give the most behind-the-scenes information for those interested, while host has the simplest default output.

Network Clients and Services

If you are configuring or running network services, the first package you will be interested in are the TCP wrappers which handle most incoming connections. In the old days, the FTP daemon (for instance) would run when the system started up, grab port 21, and spend the rest of its life listening for and servicing incoming FTP requests. But the fact that each service made its own decision about which connections to accept made the creation and enforcement of a uniform access policy difficult or impossible.

These days your system instead contains TCP wrappers, which monitor all of the incoming ports by themselves. When a connection is made the wrappers decide whether access will be permitted, and only when a connection is approved is the daemon run to respond to it. The access rules are usually found in the configuration files /etc/hosts.allow and /etc/hosts.deny .

TCP wrapping is subdivided into two jobs. The inetd daemon is usually run when networking is activated and grabs control of the ports for FTP and telnet and whatever. The /etc/inetd.conf file tells it what ports to monitor, what service is offered on each port, and what program to run when a connection is detected. The program that inetd is usually instructed to run is tcpd, which checks the /etc/hosts.allow and /etc/hosts.deny files to see if the connection should be permitted and if so starts or alerts the appropriate daemon.

These small utility programs let you check your /etc/hosts.allow and /etc/hosts.deny files. The tcpdchk command scans the files and reports any errors or omissions it finds. The tcpdmatch utility lets you specify a hypothetical daemon/client pair and predicts, given your setup files, whether the connection would be accepted.

This table offers a summary of the most common services, and the Linux daemons responsible for them, which are mediated by the TCP wrappers:
Port Client Server Description
21 ftp in.ftpd File transfer protocol - The standard protocol for transferring files across the Internet, whether from password-protected user accounts or publicly available ``anonymous'' servers.
23 telnet in.telnetd Telnet remote terminal protocol - The standard protocol for logging in to a remote machine.
37 rdate in.timed System time - Responds with the time according to the system clock.
67 bootptest bootpd Internet Bootstrap Protocol - If you want to control IP address assignment from a central location, you can have machines broadcast a query upon booting that a nearby bootp server must respond to with the IP address the machine should use, and possibly the name of a configuration file to retrieve through tftp.
69 tftp in.tftpd Trivial file transfer protocol - A very simple file transfer protocol that lets any host download any publicly readable file in its directory (which is normally /tftpboot). If you use this make sure to protect it with TCP wrapper. This is normally used to provide configuration files to machines initializing themselves with bootp.
70 gopher gn Gopher - A hierarchical information browser that was in vogue before the introduction of HTML.
79 finger in.fingerd User information lookup - Takes a username (or, for some servers, part of a user's real name) and responds with basic statistics including time of last login and whether the user has read his mail. Access to service is often restricted through the TCP wrappers since public knowledge about users reduces security.
110 (various) ipop3d PostOffice V.3 - A protocol for remote mail retrieval.
113 (various) in.identd User Authentication - An important service that, given the number of an active IP port on a host, returns the username of the user who is employing that port. Used in many access and security related applications.
119 nntp in.nntpd Net news (Usenet) transfer protocol - The protocol that lets a client remotely query a news server.
512 rexec in.rexecd Remote command execution - Allows a user to execute a command on a remote system. This and the next two services permit a common authentication shortcut, where a user may create an .rhosts file in his home directory that lists login names and machines which can access his account without having to enter a password. Whether to enable these services is an important security issue.
513 rlogin in.rlogind Remote login - Permits login from a remote system (see rexec above).
514 rsh in.rshd Remote shell - Gives a user a command prompt on a remote machine (see rexec above).
517 talk in.talkd (BSD) Talk to another user - Allows two users to type live messages back and forth to each other over the Internet. Popular for dating couples at different colleges or institutions.
540 uucp uucico Unix-to-Unix Copy protocol - An Internet incarnation of the ancient and venerated UUCP protocol which linked the world of Unix computers back when periodic modem connections were the primary means of communication.

There are some more complex services which are usually always TCP wrapped:

This is the traditional Unix program for sending and receiving email over the Internet. It cannot be TCP wrapped and must be run as a daemon, which is unfortunate since security bugs are found in it fairly often. It is considered by many to be too large and multifaceted a program to offer real security; you should consider replacing it by qmail. But sendmail does have quite sophisticated features, including quite exhaustive mail sorting and filtering capabilities.

See the qmail home page for details. Instead of being a monolithic jack of all trades like sendmail , this package provides a small sleek program for each distinct mail operation. It includes powerful and convenient features related to aliasing and mailing lists. Unfortunately for Linux users the author's stipulations on its distribution (which are intended to ensure no tampering with the source code) prevent its being encapsulated in an RPM, so you will have to compile and install it yourself. (Unlike sendmail this can be placed behind TCP wrappers.)

ssh (8)
This program provides the same sort of functionality as the rsh family, but employs encryption to prevent your passwords and data from being transmitted in cleartext across the Internet where snooping eyes can intercept them. It is thought to be very secure, and in fact a monetary reward is offered to anyone who can demonstrate otherwise.

And there are some miscellaneous servers that are not frequently used:
imiscd (8C)
This is the miscellaneous network service daemon. It responds to a dozen types of remote service request associated with ISO FTAM, the beefy European network management protocol which has been mostly ignored in the TCP/IP world in favor of SNMP.

In large networks, the main routers are usually not configured with permanent, static routing tables. Instead, they each run a routing daemon which exchanges information with other routers' routing daemons to keep up-to-date tables that adapt themselves to find the best routes between the system's subnetworks. The routed daemon implements a variant of the Xerox NS Routing Information Protocol.

Network Monitoring

This command displays the values of a few dozen statistics relating to network activity that are maintained inside the kernel. These statistics are normally kept for the benefit of the SNMP daemon. They may also be viewed by accessing the file /proc/net/snmp.

This is another command that will present the contents of /proc/net files for you, but offers a broader range of information than the nstat program. It can list the currently active network connections, dump the system routing tables, present interface statistics, and list masqueraded connections.

The collection of SNMP commands (snmpget, snmpnext, et cetera) that come with the Linux CMU SNMP package allow you to query a remote machine that has an SNMP daemon running. This can provide network performance and error statistics for that host. The CMU package also contains an snmpd(8) daemon that you can run if you want your machine to provide SNMP information.

This is a sniffer, a program that captures packets off of a network interface and interprets them for you. It understands all basic Internet protocols, and can be used to save entire packets for later inspection.

Dialup Networking

This daemon can send and receive network packets through a serial link between two computers. It is commonly used to allow dialup machines to communicate with the Internet despite not having a real Ethernet connection. See the PPP HOWTO .

This command is similar to pppd except that it uses the older SLIP protocol for encapsulating packets.

The diald daemon monitors your system for network traffic, automatically dials up your Internet service provider whenever you attempt to access the Internet. This prevents you from having to keep up with whether your modem is currently dialed in, while making sure your dialup connection is terminated when you are not using it. At runtime you may configure diald's connection criteria, including how long it should wait before shutting down the modem due to inactivity.

Generated 23 June 1998 by Brandon Craig Rhodes , who may be contacted at brandon@rhodesmill.org .