Send ICMP ECHO_REQUEST packets to network hosts. This command helps to verify that an DNS entry is reachable and can be resolved. You can also ping an IP address directly to exclude DNS issues. The response times can be an indicator of bad network connections.
ping google.com
PING google.com (142.250.186.78): 56 data bytes
64 bytes from 142.250.186.78: icmp_seq=0 ttl=59 time=14.813 ms
64 bytes from 142.250.186.78: icmp_seq=1 ttl=59 time=20.750 ms
64 bytes from 142.250.186.78: icmp_seq=2 ttl=59 time=19.693 ms
64 bytes from 142.250.186.78: icmp_seq=3 ttl=59 time=16.061 ms
...
wget
The non-interactive network downloader. This is an easy way to download files from websites.
Address resolution display and control. ARP stands for Address Resolution Protocol. It is used to resolve the IP address of a system to its MAC address, and hence it works between level 2 (Data link layer) and level 3 (Network layer). For larger production environment you sometimes run into strange network problems. If you have more than 1024 IP assigned to processes / hosts then you need to increase the ARP cache settings via sysctl.
arp -a
# Set ARP cache entry timeout
net.ipv4.neigh.default.gc_stale_time = 3600
# Setup DNS threshold for arp (see sysctl command)
net.ipv4.neigh.default.gc_thresh3 = 4096
net.ipv4.neigh.default.gc_thresh2 = 2048
net.ipv4.neigh.default.gc_thresh1 = 1024
curl
Transfer data from or to a server. Supported protocols: HTTP, HTTPS, FTP, FTPS, IMAP, LDAP, TELNET, ...)
HTTP GET data websites
Send HTTP GET/PUT/DELETE/POST data to REST APIs
# returns your public IP, useful for debugging NAT issues
curl ifconfig.co
# pass HTTP Authorization to GET request
curl --location --request GET https://example.com/api/resource \
--header "Authorization: apiToken <token>"
dig
Perform DNS lookups
Find host addresses, IP addresses, CNAMEs, name servers, and more
Internet Protocol. IP is the transport layer protocol used by the Internet protocol family.
# list IPv4 addresses
ip -4 addr
# list IPv6 addresses
ip -6 addr
# display IP routing table
ip route
nmap
nmap -v scanme.nmap.org
traceroute
Print the route packets take to network host. This command is useful when you want to know all the hops that a packet takes to a destination.
traceroute google.com
traceroute to google.com (142.250.186.78), 64 hops max, 52 byte packets
1 fritz.box (192.168.178.1) 7.213 ms 12.731 ms 6.556 ms
2 p3e9bf1d5.dip0.t-ipconnect.de (62.155.241.213) 13.310 ms 12.742 ms 12.688 ms
3 217.5.118.30 (217.5.118.30) 24.326 ms 22.746 ms 24.456 ms
4 80.156.160.118 (80.156.160.118) 22.843 ms 23.985 ms 23.408 ms
5 * * *
6 108.170.252.65 (108.170.252.65) 19.611 ms 19.696 ms
142.250.62.150 (142.250.62.150) 18.584 ms
7 * * *
8 fra24s05-in-f14.1e100.net (142.250.186.78) 19.666 ms 21.203 ms 20.559 ms
ifconfig
Configure network interface parameters.
# list all network interfaces
ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
options=1203<RXCSUM,TXCSUM,TXSTATUS,SW_TIMESTAMP>
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
nd6 options=201<PERFORMNUD,DAD>
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
ap1: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500
options=400<CHANNEL_IO>
ether f2:18:98:0c:86:99
media: autoselect
status: inactive
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=400<CHANNEL_IO>
ether f0:18:98:0c:86:99
inet 192.168.178.49 netmask 0xffffff00 broadcast 192.168.178.255
media: autoselect
status: active
...
# view interface details
ifconfig en0
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=400<CHANNEL_IO>
ether f0:18:98:0c:86:99
inet 192.168.178.49 netmask 0xffffff00 broadcast 192.168.178.255
media: autoselect
status: active
# enable interface
ifconfig en0 up
# disable interface
ifconfig en0 down
# assign IP to network interface
ifconfig en0 192.168.178.42
# assign netmask to network interface
ifconfig en0 netmask 255.255.255.224
# change maximum transmission unit (MTU) for network interface. MTU allows you to set the limit size of packets that are transmitted on a network interface.
ifconfig en0 mtu 1000
tcpdump
Capture your local TCP traffic in different formats for further analysis.
# traffic overview
tcpdump
# traffic by host
tcpdump "src host server.company.com"
# write incoming traffic by host packages to file
tcpdump "src host server.company.com" -w /tmp/server.company.com.dump
# write outgoing traffic by host packages to file
tcpdump "dst host server-2.company.com" -w /tmp/server-2.company.com
# write 5 sec of TCP traffic to file
timeout 5 tcpdump "(dst host elastic-1.company.com or dst host elastic-2.company.com or dst host elastic-3.company.com)" -w /tmp/elastic-server.company.com.dump
Port Forwarding
Use port forwarding to bind port from other host to localhost. This can be useful when a server does not allow connecting to a port from the outside. Then you can simply forward the port and access it locally.
Show which interface/port a process (PID) is using
netstat -tnlp
iptraf
Interactive Colorful IP LAN Monitor. Useful tool to see traffic flowing between servers. Useful when identifying cross availability zone traffic that can be quite expensive with cloud providers like AWS and GCP.
systemd-resolve
Resolve domain names, IPV4 and IPv6 addresses, DNS resource records, and services.
systemd-resolve --status
Global
DNSSEC NTA: 10.in-addr.arpa
16.172.in-addr.arpa
168.192.in-addr.arpa
...
27.172.in-addr.arpa
28.172.in-addr.arpa
lines 1-16...skipping...
Global
DNSSEC NTA: 10.in-addr.arpa
16.172.in-addr.arpa
168.192.in-addr.arpa
17.172.in-addr.arpa
...
30.172.in-addr.arpa
31.172.in-addr.arpa
corp
d.f.ip6.arpa
home
internal
intranet
lan
local
private
test
Link 158 (tun0)
Current Scopes: none
LLMNR setting: yes
MulticastDNS setting: no
DNSSEC setting: no
DNSSEC supported: no
Link 149 (docker0)
Current Scopes: none
LLMNR setting: yes
MulticastDNS setting: no
DNSSEC setting: no
DNSSEC supported: no
Link 2 (ens4)
Current Scopes: DNS
LLMNR setting: yes
MulticastDNS setting: no
DNSSEC setting: no
DNSSEC supported: no
DNS Servers: 169.254.169.254
DNS Domain: europe-west1-b.c.XXXXXX.internal
c.XXXXXX.internal
google.internal
ssh
OpenSSH SSH client (remote login program). Standard tool to access remote server via port 22 securely.
# copy local file to remote server
scp localfile.txt username@example.com:remotefile.txt
# copy remove file to local computer
scp username@example.com:remotefile.txt localfile.txt
rsync
Sync remote files / directories with your local files / directories. The rsync remote-update protocol allows rsync to transfer just the differences between two sets of files across the network connection, using an efficient checksum-search algorithm described in the technical report that accompanies this package.
# Syntax
rsync options source destination
# sync local directories
rsync -avzh /home/foo /home/bar
# copy directory to remove server
rsync -avzh /home/foo foo@example.com:/home/foo/
sysctl
The sysctl utility retrieves kernel state and allows processes with appropriate privilege to set kernel state.
# show all
sysctl -a
# modify kernel parameter in /etc/sysctl.conf
# execute sysctl –p to commit the changes
# changes will still be there after the reboot
sysctl –p
telnet
The telnet command is used to communicate with another host using the TELNET protocol. First tool of choice to check if ports are reachable during debugging sessions.
Internet domain name and network number directory service.
whois google.com
% IANA WHOIS server
% for more information on IANA, visit http://www.iana.org
% This query returned 1 object
refer: whois.verisign-grs.com
domain: COM
organisation: VeriSign Global Registry Services
address: 12061 Bluemont Way
address: Reston Virginia 20190
address: United States
contact: administrative
name: Registry Customer Service
organisation: VeriSign Global Registry Services
address: 12061 Bluemont Way
address: Reston Virginia 20190
address: United States
phone: +1 703 925-6999
fax-no: +1 703 948 3978
e-mail: info@verisign-grs.com
...
