Posted in: Linux, Networking

Linux Networking commands

– ifconfig :
This utility is used to check the IP address assigned to each of the ethernet/interface :
# ifconfig
eth0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet  netmask  broadcast
        inet6 fe80::42:a2ff:fecb:2ba0  prefixlen 64  scopeid 0x20<link>
        ether 02:42:a2:cb:2b:a0  txqueuelen 0  (Ethernet)
        RX packets 12  bytes 1575 (1.5 KB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 32  bytes 9017 (9.0 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
To put a interface in a up or down state :
# ifconfig up eth0
# ifconfig down eth0
To assign a IP address, subnet mask :
# ifconfig eth0 netmask 

– networkctl utility :
This is a new utility available in recent Ubuntu versions which can be used to check the network devices and their connection status.
# networkctl status
●        State: routable                         
  Online state: unknown
       Address: on ens33
       on eth0
                fe80::395f:3347:c9d0:49ad on ens33
                fe80::42:a2ff:fecb:2ba0 on eth0
       Gateway: on ens33

systemd[1]: Starting Network Configuration...
systemd-networkd[10652]: eth0: Link UP
systemd-networkd[10652]: ens33: Link UP
systemd-networkd[10652]: ens33: Gained carrier
systemd-networkd[10652]: lo: Link UP
systemd-networkd[10652]: lo: Gained carrier
systemd-networkd[10652]: eth0: Gained IPv6L
systemd-networkd[10652]: ens33: Gained IPv6LL
systemd-networkd[10652]: Enumeration completed
systemd[1]: Started Network Configuration.
To list all the devices :
# networkctl list

  1 lo      loopback carrier     unmanaged
  2 ens33   ether    routable    unmanaged
  3 eth0 bridge   no-carrier  unmanaged
To check complete details for a single link :
# networkctl status eth0
● 3: eth0                                                           
                    Link File: /usr/lib/systemd/network/
                  Network File: n/a
                          Type: bridge
                         State: no-carrier (unmanaged)
                  Online state: unknown
                        Driver: bridge
                    HW Address: 02:42:ed:09:9f:09
                           MTU: 1500 (min: 68, max: 65535)
                         QDisc: noqueue
  IPv6 Address Generation Mode: eui64
                 Forward Delay: 15s
                    Hello Time: 2s
                       Max Age: 20s
                   Ageing Time: 5min
                      Priority: 32768
                           STP: no
        Multicast IGMP Version: 2
                          Cost: 2000
                    Port State: disabled
          Queue Length (Tx/Rx): 1/1
              Auto negotiation: no
                         Speed: n/a
             Activation Policy: up
           Required For Online: yes

Jun 29 03:37:32 machine systemd-networkd[5490]: eth0: Link UP
Jun 29 03:37:41 machine systemd-networkd[5501]: eth0: Link UP
To restart the networkctl :
# networkctl restart

To query the network links status:
# networkctl query
To fetch the tool version :
# networkctl --version
systemd 249 (249.11-0ubuntu3)
To put a device in up or down state :
# networkctl up eth1
# networkctl down eth1
Few other options available :
  list [PATTERN...]      List links
  status [PATTERN...]    Show link status
  lldp [PATTERN...]      Show LLDP neighbors
  label                  Show current address label entries in the kernel
  delete DEVICES...      Delete virtual netdevs
  up DEVICES...          Bring devices up
  down DEVICES...        Bring devices down
  renew DEVICES...       Renew dynamic configurations
  forcerenew DEVICES...  Trigger DHCP reconfiguration of all connected clients
  reconfigure DEVICES... Reconfigure interfaces
  reload                 Reload .network and .netdev files
Note: networkctl  won’t work if the networkd service is not running. systemd-networkd is the service that manages network :
# networkctl reload
WARNING: systemd-networkd is not running, output will be incomplete.
You can start it using restart or start command :
# systemctl start systemd-networkd
# systemctl restart systemd-networkd

– IP Utility
ip command can be used to show or manipulate routing, network devices, interfaces and tunnels
To check IP address of the interfaces :
# ip address
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever

2: eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
    link/ether 02:42:16:99:1a:3d brd ff:ff:ff:ff:ff:ff
    inet brd scope global docker0
       valid_lft forever preferred_lft forever

To check ARP table :-

# ip neigh show dev ens33 lladdr 00:50:56:ed:84:cd REACHABLE dev ens33 lladdr 00:50:56:fa:e4:22 STALE

# ip neighbour dev ens33 lladdr 00:50:56:ed:84:cd REACHABLE dev ens33 lladdr 00:50:56:fa:e4:22 STALE
Note : ARP command can also be used to check the arp table :
# arp
Address                  HWtype  HWaddress           Flags Mask            Iface
_gateway                 ether   00:50:56:ed:84:cd   C                     ens33          ether   00:50:56:fa:e4:22   C                     ens33

We can add/delete/check routes using “ip route” :
# ip route
default via dev ens33 proto dhcp metric 100 dev ens33 scope link metric 1000 dev docker0 proto kernel scope link src linkdown dev ens33 proto kernel scope link src metric 100

# ip route add <network_ip>/<cidr> via <gateway_ip>
example : # ip route add via
Routes can be also checked using route command directly :
# route add
Usage: inet_route [-vF] del {-host|-net} Target[/prefix] [gw Gw] [metric M] [[dev] If]
       inet_route [-vF] add {-host|-net} Target[/prefix] [gw Gw] [metric M]
                              [netmask N] [mss Mss] [window W] [irtt I]
                              [mod] [dyn] [reinstate] [[dev] If]
       inet_route [-vF] add {-host|-net} Target[/prefix] [metric M] reject
       inet_route [-FC] flush      NOT supported

– netstat :-
This can be used to check the established and listening TCP/UDP ports.
# netstat -a
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State     
tcp        0      0 localhost:ipp *               LISTEN    
tcp        0      0 localhost:44411*               LISTEN    
tcp        0      0 localhost:domain*               LISTEN    
tcp6       0      0 ip6-localhost:ipp       [::]:*                  LISTEN    
udp        0      0 localhost:domain*                         
udp        0      0 jay-virtual-mach:bootpc  ESTABLISHED
udp        0      0 *                         
udp6       0      0 [::]:mdns               [::]:*                            
udp6       0      0 [::]:36764              [::]:*                            
raw6       0      0 [::]:ipv6-icmp          [::]:*                  7         
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags       Type       State         I-Node   Path
unix  2      [ ACC ]     STREAM     LISTENING     79465    /run/cups/cups.sock
unix  2      [ ACC ]     STREAM     LISTENING     37975    @/tmp/dbus-yNnnn81Y

– traceroute :
traceroute is used to trace the path a packet takes to reach the destination IP-address.
# traceroute
traceroute to (, 30 hops max, 60 byte packets
1  jay-virtual-machine (  0.214 ms  0.018 ms  0.010 ms

– iptables command :-
You can check/manipulate the current Firewall rules using iptables command.
# iptables -L
Chain INPUT (policy ACCEPT)
target    prot opt source              destination       

Chain FORWARD (policy DROP)
target    prot opt source              destination       
DOCKER-USER  all  --  anywhere            anywhere           
DOCKER-ISOLATION-STAGE-1  all  --  anywhere            anywhere           
ACCEPT    all  --  anywhere            anywhere            ctstate RELATED,ESTABLISHED
DOCKER    all  --  anywhere            anywhere           
ACCEPT    all  --  anywhere            anywhere           
ACCEPT    all  --  anywhere            anywhere           

Chain OUTPUT (policy ACCEPT)
target    prot opt source              destination       

Chain DOCKER (1 references)
target    prot opt source              destination       

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target    prot opt source              destination       
DOCKER-ISOLATION-STAGE-2  all  --  anywhere            anywhere           
RETURN    all  --  anywhere            anywhere
Back to Top