– ifconfig :
This utility is used to check the IP address assigned to each of the ethernet/interface :
# ifconfig eth0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255 inet6 fe80::42:a2ff:fecb:2ba0 prefixlen 64 scopeid 0x20<link> ether 02:42:a2:cb:2b:a0 txqueuelen 0 (Ethernet) RX packets 12 bytes 1575 (1.5 KB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 32 bytes 9017 (9.0 KB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
To put a interface in a up or down state :
# ifconfig up eth0 # ifconfig down eth0
To assign a IP address, subnet mask :
# ifconfig eth0 192.168.11.3 netmask 255.255.255.0
– networkctl utility :
This is a new utility available in recent Ubuntu versions which can be used to check the network devices and their connection status.
# networkctl status ● State: routable Online state: unknown Address: 192.168.159.128 on ens33 172.17.0.1 on eth0 fe80::395f:3347:c9d0:49ad on ens33 fe80::42:a2ff:fecb:2ba0 on eth0 Gateway: 192.168.159.2 on ens33 systemd[1]: Starting Network Configuration... systemd-networkd[10652]: eth0: Link UP systemd-networkd[10652]: ens33: Link UP systemd-networkd[10652]: ens33: Gained carrier systemd-networkd[10652]: lo: Link UP systemd-networkd[10652]: lo: Gained carrier systemd-networkd[10652]: eth0: Gained IPv6L systemd-networkd[10652]: ens33: Gained IPv6LL systemd-networkd[10652]: Enumeration completed systemd[1]: Started Network Configuration.
To list all the devices :
# networkctl list IDX LINK TYPE OPERATIONAL SETUP 1 lo loopback carrier unmanaged 2 ens33 ether routable unmanaged 3 eth0 bridge no-carrier unmanaged
To check complete details for a single link :
# networkctl status eth0
● 3: eth0 Link File: /usr/lib/systemd/network/99-default.link Network File: n/a Type: bridge State: no-carrier (unmanaged) Online state: unknown Driver: bridge HW Address: 02:42:ed:09:9f:09 MTU: 1500 (min: 68, max: 65535) QDisc: noqueue IPv6 Address Generation Mode: eui64 Forward Delay: 15s Hello Time: 2s Max Age: 20s Ageing Time: 5min Priority: 32768 STP: no Multicast IGMP Version: 2 Cost: 2000 Port State: disabled Queue Length (Tx/Rx): 1/1 Auto negotiation: no Speed: n/a Address: 172.17.0.1 Activation Policy: up Required For Online: yes Jun 29 03:37:32 machine systemd-networkd[5490]: eth0: Link UP Jun 29 03:37:41 machine systemd-networkd[5501]: eth0: Link UP
To restart the networkctl :
# networkctl restart
To query the network links status:
# networkctl query
To fetch the tool version :
# networkctl --version systemd 249 (249.11-0ubuntu3) +PAM +AUDIT +SELINUX +APPARMOR +IMA +SMACK +SECCOMP +GCRYPT +GNUTLS -OPENSSL +ACL +BLKID +CURL +ELFUTILS -FIDO2 +IDN2 -IDN +IPTC +KMOD +LIBCRYPTSETUP -LIBFDISK +PCRE2 -PWQUALITY -P11KIT -QRENCODE +BZIP2 +LZ4 +XZ +ZLIB +ZSTD -XKBCOMMON +UTMP +SYSVINIT default-hierarchy=unified
To put a device in up or down state :
# networkctl up eth1 # networkctl down eth1
Few other options available :
Commands: list [PATTERN...] List links status [PATTERN...] Show link status lldp [PATTERN...] Show LLDP neighbors label Show current address label entries in the kernel delete DEVICES... Delete virtual netdevs up DEVICES... Bring devices up down DEVICES... Bring devices down renew DEVICES... Renew dynamic configurations forcerenew DEVICES... Trigger DHCP reconfiguration of all connected clients reconfigure DEVICES... Reconfigure interfaces reload Reload .network and .netdev files
Note: networkctl won’t work if the networkd service is not running. systemd-networkd is the service that manages network :
# networkctl reload WARNING: systemd-networkd is not running, output will be incomplete.
You can start it using restart or start command :
# systemctl start systemd-networkd # systemctl restart systemd-networkd
– IP Utility
ip command can be used to show or manipulate routing, network devices, interfaces and tunnels
To check IP address of the interfaces :
# ip address 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default link/ether 02:42:16:99:1a:3d brd ff:ff:ff:ff:ff:ff inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0 valid_lft forever preferred_lft forever
To check ARP table :-
# ip neigh show 192.168.159.2 dev ens33 lladdr 00:50:56:ed:84:cd REACHABLE 192.168.159.254 dev ens33 lladdr 00:50:56:fa:e4:22 STALE # ip neighbour 192.168.159.2 dev ens33 lladdr 00:50:56:ed:84:cd REACHABLE 192.168.159.254 dev ens33 lladdr 00:50:56:fa:e4:22 STALE
Note : ARP command can also be used to check the arp table :
# arp Address HWtype HWaddress Flags Mask Iface _gateway ether 00:50:56:ed:84:cd C ens33 192.168.159.254 ether 00:50:56:fa:e4:22 C ens33 #
We can add/delete/check routes using “ip route” :
# ip route default via 192.168.159.2 dev ens33 proto dhcp metric 100 169.254.0.0/16 dev ens33 scope link metric 1000 172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown 192.168.159.0/24 dev ens33 proto kernel scope link src 192.168.159.128 metric 100 # ip route add <network_ip>/<cidr> via <gateway_ip> example : # ip route add 10.0.6.10/24 via 10.0.6.1
Routes can be also checked using route command directly :
# route add Usage: inet_route [-vF] del {-host|-net} Target[/prefix] [gw Gw] [metric M] [[dev] If] inet_route [-vF] add {-host|-net} Target[/prefix] [gw Gw] [metric M] [netmask N] [mss Mss] [window W] [irtt I] [mod] [dyn] [reinstate] [[dev] If] inet_route [-vF] add {-host|-net} Target[/prefix] [metric M] reject inet_route [-FC] flush NOT supported
– netstat :-
This can be used to check the established and listening TCP/UDP ports.
# netstat -a Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 localhost:ipp 0.0.0.0:* LISTEN tcp 0 0 localhost:44411 0.0.0.0:* LISTEN tcp 0 0 localhost:domain 0.0.0.0:* LISTEN tcp6 0 0 ip6-localhost:ipp [::]:* LISTEN udp 0 0 localhost:domain 0.0.0.0:* udp 0 0 jay-virtual-mach:bootpc 192.168.159.254:bootps ESTABLISHED udp 0 0 0.0.0.0:46528 0.0.0.0:* udp6 0 0 [::]:mdns [::]:* udp6 0 0 [::]:36764 [::]:* raw6 0 0 [::]:ipv6-icmp [::]:* 7 Active UNIX domain sockets (servers and established) Proto RefCnt Flags Type State I-Node Path unix 2 [ ACC ] STREAM LISTENING 79465 /run/cups/cups.sock unix 2 [ ACC ] STREAM LISTENING 37975 @/tmp/dbus-yNnnn81Y
– traceroute :
traceroute is used to trace the path a packet takes to reach the destination IP-address.
# traceroute 192.168.159.128 traceroute to 192.168.159.128 (192.168.159.128), 30 hops max, 60 byte packets 1 jay-virtual-machine (192.168.159.128) 0.214 ms 0.018 ms 0.010 ms
– iptables command :-
You can check/manipulate the current Firewall rules using iptables command.
# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy DROP) target prot opt source destination DOCKER-USER all -- anywhere anywhere DOCKER-ISOLATION-STAGE-1 all -- anywhere anywhere ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED DOCKER all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain DOCKER (1 references) target prot opt source destination Chain DOCKER-ISOLATION-STAGE-1 (1 references) target prot opt source destination DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere RETURN all -- anywhere anywhere