Skip to content

Every Linux Networking Tool You Need to Know

This comprehensive cheatsheet covers a wide range of Linux networking tools, providing a one-stop reference for Linux users.

ping

The ping command is used to check if a remote computer is connected and making HTTP requests. It sends ICMP echo request packets to the target host and waits for a response.

Usage Examples: - ping <hostname>: Sends ICMP echo requests to the specified hostname. - ping <IP_address>: Sends ICMP echo requests to the specified IP address. - ping -c <count> <target>: Sends a specified number of ICMP echo requests and then exits. - ping -i <interval> <target>: Sets the interval between sent packets in seconds. - ping -s <size> <target>: Specifies the size of the ICMP echo request packet.

curl

curl is a versatile tool for making HTTP requests, providing more control and flexibility than ping. It supports a wide range of protocols, including HTTP, FTP, SFTP, and more.

Usage Examples: - curl <URL>: Sends a GET request to the specified URL and outputs the response. - curl -X POST -d "data=value" <URL>: Sends a POST request with form data. - curl -H "Content-Type: application/json" -d '{"key":"value"}' <URL>: Sends a POST request with JSON data. - curl -o <filename> <URL>: Saves the response to a file instead of printing it to the console. - curl -L <URL>: Follows redirects automatically.

httpie

httpie is a user-friendly command-line tool for making HTTP requests. It has a more intuitive syntax compared to curl, making it easier to use for some users.

Usage Examples: - http <URL>: Sends a GET request to the specified URL. - http POST <URL> key=value: Sends a POST request with form data. - http PUT <URL> key:value: Sends a PUT request with JSON data. - http -h: Displays the available options and headers. - http --json <URL> key=value: Sends a POST request with JSON data.

wget

wget is a command-line tool used for downloading files from the web. It supports recursive downloads, mirroring, and background downloads.

Usage Examples: - wget <URL>: Downloads the file at the specified URL. - wget -c <URL>: Resumes a partially downloaded file. - wget -r <URL>: Recursively downloads all linked files from the specified URL. - wget -b <URL>: Runs the download in the background. - wget -O <filename> <URL>: Saves the downloaded file with a specific filename.

tc

tc (Traffic Control) is a Linux command-line tool used for fine-grained control over network traffic on a Linux router. It allows you to control your brother's internet bandwidth and other network-related settings.

Usage Examples: - tc qdisc add dev <interface> root tbf rate <rate> burst <burst> lat <latency>: Adds a Token Bucket Filter (TBF) to the specified network interface with the given rate, burst, and latency parameters. - tc qdisc del dev <interface> root: Removes the traffic control settings for the specified network interface. - tc class add dev <interface> parent <parent_class> classid <class_id> tbf rate <rate> burst <burst> lat <latency>: Adds a TBF class to the specified network interface. - tc filter add dev <interface> protocol ip parent <parent_class> u32 match ip dst <IP_address>/<mask> flowid <class_id>: Adds a filter to the specified network interface to map traffic to a specific class.

dig/nslookup

dig (Domain Information Groper) and nslookup are tools used to look up the IP address for a given domain name.

Usage Examples: - dig <domain>: Performs a DNS lookup for the specified domain and displays the results. - dig @<nameserver> <domain>: Performs a DNS lookup using the specified nameserver. - dig -x <IP_address>: Performs a reverse DNS lookup to find the domain name associated with the given IP address. - nslookup <domain>: Performs a DNS lookup for the specified domain and displays the results. - nslookup -type=<record_type> <domain>: Performs a DNS lookup for a specific record type (e.g., A, MX, NS).

whois

The whois command is used to check if a domain is registered and to retrieve information about the domain's registration.

Usage Examples: - whois <domain>: Retrieves the registration information for the specified domain. - whois -h <whois_server> <domain>: Queries a specific WHOIS server for the domain information. - whois -a <domain>: Displays the full WHOIS record for the domain, including contact information. - whois -r <domain>: Checks the availability of the specified domain.

ssh

ssh (Secure Shell) is a command-line tool used to establish a secure connection to a remote server or computer.

Usage Examples: - ssh <username>@<remote_host>: Connects to the specified remote host with the given username. - ssh -p <port> <username>@<remote_host>: Connects to the remote host using the specified port. - ssh -i <private_key_file> <username>@<remote_host>: Connects to the remote host using the specified private key file for authentication. - ssh-keygen -t rsa -b 4096 -C "<comment>": Generates a new RSA SSH key pair with the specified comment. - ssh-copy-id <username>@<remote_host>: Copies the local user's public key to the remote host's authorized_keys file.

scp

scp (Secure Copy) is a command-line tool used to securely copy files between a local and a remote system over an SSH connection.

Usage Examples: - scp <local_file> <username>@<remote_host>:<remote_path>: Copies a local file to a remote system. - scp <username>@<remote_host>:<remote_file> <local_path>: Copies a file from a remote system to the local machine. - scp -r <local_directory> <username>@<remote_host>:<remote_path>: Recursively copies a local directory to a remote system. - scp -P <port> <source> <destination>: Specifies the port to use for the SSH connection. - scp -i <private_key_file> <source> <destination>: Uses the specified private key file for authentication.

rsync

rsync is a command-line tool used to efficiently synchronize files and directories between a local and a remote system over an SSH connection. It only transfers the changed parts of files, which can save a significant amount of time and bandwidth.

Usage Examples: - rsync -avz <source_directory> <username>@<remote_host>:<destination_directory>: Synchronizes a local directory to a remote system, preserving permissions and timestamps, and using compression. - rsync -avz <username>@<remote_host>:<source_directory> <local_directory>: Synchronizes a remote directory to the local system. - rsync -avz --delete <source_directory> <username>@<remote_host>:<destination_directory>: Synchronizes a local directory to a remote system, deleting files on the remote that are not present in the local directory. - rsync -avz --exclude <pattern> <source_directory> <username>@<remote_host>:<destination_directory>: Synchronizes a local directory to a remote system, excluding files or directories that match the specified pattern. - rsync -avz --partial --progress <source> <destination>: Resumes a partially transferred file and shows the progress during the transfer.

grep

grep is a command-line tool used to search for and match patterns in text data, including network output.

Usage Examples: - grep <pattern> <file>: Searches for the specified pattern in the given file and displays the matching lines. - grep -i <pattern> <file>: Performs a case-insensitive search for the pattern. - grep -r <pattern> <directory>: Recursively searches for the pattern in all files within the specified directory. - grep -v <pattern> <file>: Displays the lines that do not match the specified pattern. - grep -n <pattern> <file>: Displays the line numbers of the matching lines.

tcpdump

tcpdump is a powerful command-line tool used for capturing and analyzing network packets on a specific network interface.

Usage Examples: - tcpdump -i <interface>: Captures packets on the specified network interface. - tcpdump -n -i <interface> port <port>: Captures packets on the specified port, without resolving hostnames. - tcpdump -r <pcap_file>: Analyzes a previously captured packet capture (PCAP) file. - tcpdump -w <pcap_file> -i <interface>: Captures packets and saves them to a PCAP file. - tcpdump -D: Lists the available network interfaces that can be used for capturing packets.

wireshark

wireshark is a graphical network protocol analyzer that provides a powerful GUI for capturing, analyzing, and visualizing network packets.

Usage Examples: - wireshark: Starts the Wireshark application, allowing you to select a network interface and begin capturing packets. - wireshark -i <interface>: Starts Wireshark and immediately begins capturing packets on the specified network interface. - wireshark -r <pcap_file>: Opens a previously captured PCAP file in Wireshark for analysis. - wireshark -k: Starts Wireshark and immediately begins capturing packets (the -k option starts the capture automatically). - wireshark -f "<capture_filter>": Starts Wireshark and applies the specified capture filter to the packet capture.

arp

arp (Address Resolution Protocol) is a command-line tool used to display and manage the system's ARP table, which maps IP addresses to MAC addresses.

Usage Examples: - arp -a: Displays the current ARP table, showing the IP-to-MAC address mappings. - arp -d <IP_address>: Deletes the specified IP address from the ARP table. - arp -s <IP_address> <MAC_address>: Statically adds an IP-to-MAC address mapping to the ARP table. - arp -v: Displays the ARP table with verbose output, including the network interface and timestamp information. - arp -n: Displays the ARP table without resolving hostnames.

ip

The ip command is a more comprehensive tool for managing network interfaces and routing compared to the older ifconfig command.

Usage Examples: - ip addr show: Displays information about all network interfaces, including their IP addresses and MAC addresses. - ip link set <interface> up/down: Brings the specified network interface up or down. - ip route show: Displays the current routing table. - ip route add default via <gateway>: Adds a default gateway to the routing table. - ip neigh show: Displays the neighbor (ARP) table, which maps IP addresses to MAC addresses.

route

The route command is used to view and manipulate the kernel's IP routing table.

Usage Examples: - route -n: Displays the routing table without resolving hostnames. - route add -net <network>/<mask> gw <gateway>: Adds a new route to the routing table. - route del -net <network>/<mask>: Deletes a route from the routing table. - route -C: Displays the kernel's routing cache, which is used for faster lookups. - route -v: Displays the routing table with verbose output.

nmap

nmap (Network Mapper) is a powerful tool for network discovery and security auditing. It can be used to scan networks and identify active hosts and open ports.

Usage Examples: - nmap <target_host>: Performs a basic TCP connect scan on the specified target host. - nmap -sV <target_host>: Performs a version scan to determine the running services and their versions on the target host. - nmap -sU -p <port> <target_host>: Performs a UDP scan on the specified port of the target host. - nmap -p- <target_host>: Scans all 65,535 TCP ports on the target host. - nmap -sS -p22,80,443 <target_host>: Performs a SYN scan on the specified ports of the target host.

zenmap

zenmap is the graphical user interface (GUI) for the nmap tool, providing a more user-friendly experience for network scanning and exploration.

Usage Examples: - zenmap: Starts the Zenmap GUI application. - zenmap <target_host>: Starts Zenmap and immediately scans the specified target host. - zenmap -p22,80,443 <target_host>: Starts Zenmap and scans the specified ports on the target host. - zenmap -sV <target_host>: Starts Zenmap and performs a version scan on the target host. - zenmap -oX <output_file> <target_host>: Starts Zenmap, scans the target host, and saves the results to an XML file.

p0f

p0f is a passive TCP/IP fingerprinting tool that can be used to identify the operating system of network hosts by analyzing their TCP/IP stack behavior.

Usage Examples: - p0f -i <interface>: Runs p0f in passive mode, listening on the specified network interface for traffic. - p0f -r <pcap_file>: Analyzes a previously captured packet capture (PCAP) file. - p0f -p <pid>: Attaches p0f to the specified process and analyzes its network traffic. - p0f -s <socket>: Connects to the specified Unix domain socket and analyzes the traffic. - p0f -U: Runs p0f in interactive mode, displaying the identified operating systems in real-time.

openvpn

openvpn is a command-line tool used to establish a secure Virtual Private Network (VPN) connection.

Usage Examples: - openvpn --config <config_file>: Starts OpenVPN using the specified configuration file. - openvpn --client --remote <server_address> --auth-user-pass <credentials_file>: Starts OpenVPN in client mode, connecting to the specified server with user credentials. - openvpn --server --dev tun --ifconfig <local_ip> <remote_ip>: Starts OpenVPN in server mode, creating a TUN interface with the specified IP addresses. - openvpn --status <status_file>: Outputs the current status of the OpenVPN connection to the specified file. - openvpn --log <log_file>: Writes the OpenVPN logs to the specified file.

wireguard

wireguard is a command-line tool used to manage the WireGuard VPN protocol, which is a newer, faster, and more secure alternative to OpenVPN.

Usage Examples: - wg-quick up <interface>: Brings up a WireGuard interface and establishes the VPN connection. - wg-quick down <interface>: Tears down the WireGuard VPN connection and brings the interface down. - wg show <interface>: Displays the current status and configuration of the WireGuard interface. - wg set <interface> peer <public_key> endpoint <server_address>:<port>: Adds a new peer (server) to the WireGuard interface configuration. - wg-quick save <interface>: Saves the current WireGuard interface configuration to a file.

netcat (nc)

netcat (or nc) is a versatile network utility that can be used for a variety of tasks, including:

Usage Examples:

  • nc -l -p <port>: Listens on the specified port for incoming connections.
  • nc <host> <port>: Connects to the specified host and port.
  • nc -u -l -p <port>: Listens on the specified port for incoming UDP connections.
  • nc -u <host> <port>: Connects to the specified host and port using UDP.
  • nc -e <program> <host> <port>: Executes the specified program upon connection.
  • nc -c <shell> <host> <port>: Executes the specified shell upon connection.
  • nc -z <host> <start_port>-<end_port>: Performs a TCP port scan on the specified port range.
  • nc -vv <host> <port>: Connects to the specified host and port in verbose mode.
  • nc -w <timeout> <host> <port>: Sets a timeout for the connection attempt.
  • nc -4: Forces netcat to use IPv4.
  • nc -6: Forces netcat to use IPv6.

socat

socat is a command-line tool that can be used to proxy a TCP socket to a UNIX domain socket, allowing for more complex network setups.

Usage Examples:

  • socat TCP4-LISTEN:<port>,reuseaddr,fork UNIX-CONNECT:/path/to/socket: Listens on the specified port and forwards the connection to a UNIX domain socket.
  • socat UNIX-LISTEN:/path/to/socket,fork TCP4:<remote_host>:<remote_port>: Listens on a UNIX domain socket and forwards the connection to a remote TCP host and port.
  • socat - TCP4:<remote_host>:<remote_port>: Creates a simple TCP client, connecting to the specified remote host and port.
  • socat - SYSTEM:'<command>': Executes a system command and uses the standard input/output as a socket.
  • socat -d -d FILE:/path/to/file TCP4-LISTEN:<port>: Listens on a port and logs all traffic to a file.

tftp/tftp3

tftp (Trivial File Transfer Protocol) is a simple file transfer protocol that can be used to transfer files, often for booting diskless systems or embedded devices.

Usage Examples:

  • tftp <host>: Enters the interactive TFTP prompt, allowing you to transfer files.
  • tftp <host> get <remote_file> <local_file>: Downloads a file from the remote host to the local file.
  • tftp <host> put <local_file> <remote_file>: Uploads a file from the local system to the remote host.
  • tftp -l <local_file> -r <remote_file> <host>: Downloads a file from the remote host to the specified local file.
  • tftp -c get <remote_file> <local_file> <host>: Performs a one-time file download without entering the interactive prompt.

iptables

iptables is the command-line tool used to configure the Linux kernel's Netfilter firewall and Network Address Translation (NAT) rules.

Usage Examples:

  • iptables -L: Lists the current firewall rules.
  • iptables -A <chain> -j <target>: Appends a new rule to the specified chain.
  • iptables -I <chain> <rule_number> -j <target>: Inserts a new rule at the specified position in the chain.
  • iptables -D <chain> <rule_number>: Deletes the specified rule from the chain.
  • iptables -t <table> <commands>: Applies the specified commands to the given table (e.g., nat, mangle, raw).

nftables

nftables is a newer and more flexible firewall and packet filtering framework that replaces the older iptables tool.

Usage Examples:

  • nft add table ip filter: Creates a new IP filter table.
  • nft add chain ip filter forward { type filter hook forward priority 0; }: Creates a new forward chain in the IP filter table.
  • nft add rule ip filter forward ip protocol tcp drop: Adds a rule to the forward chain to drop all TCP traffic.
  • nft list ruleset: Displays the current nftables ruleset.
  • nft flush chain ip filter forward: Flushes all rules from the specified chain.

hping3

hping3 is a command-line tool used to construct custom TCP/IP packets, making it useful for network testing and security assessments.

Usage Examples:

  • hping3 --syn --spoof <src_ip> <dst_ip>: Sends a SYN packet with a spoofed source IP address to the specified destination.
  • hping3 --udp --rand-source <dst_ip> --port <dst_port>: Sends random source UDP packets to the specified destination and port.
  • hping3 --icmp --flood <dst_ip>: Sends a flood of ICMP echo request packets to the specified destination.
  • hping3 --scan <start_port>-<end_port> <dst_ip>: Performs a port scan on the specified IP address and port range.
  • hping3 --listen: Listens for incoming packets and displays their contents.

traceroute/mtr

traceroute and mtr (My TraceRoute) are tools used to trace the network path to a remote host, displaying the latency and hop information along the way.

Usage Examples:

  • traceroute <host>: Traces the network path to the specified host, displaying each hop and the round-trip time.
  • traceroute -n <host>: Disables DNS lookup, showing the IP addresses instead of hostnames.
  • traceroute -p <port> <host>: Specifies the destination port to use for the trace.
  • mtr <host>: Starts the interactive mtr tool, which provides a continuously updated traceroute-like display.
  • mtr --report <host>: Runs mtr in report mode, generating a single report and then exiting.

tcptrace

tcptrace is a command-line tool used to analyze TCP dump files, providing insights into TCP connections and performance.

Usage Examples:

  • tcptrace <pcap_file>: Analyzes the specified packet capture (PCAP) file and displays detailed information about the TCP connections.
  • tcptrace --all-connections <pcap_file>: Displays information about all TCP connections in the PCAP file.
  • tcptrace --csv <pcap_file>: Exports the TCP connection data to a CSV file.
  • tcptrace --plot-tcptrace <pcap_file>: Generates a TCP connection flow graph from the PCAP file.
  • tcptrace --hints <pcap_file>: Provides hints and suggestions based on the analysis of the TCP connections.

ethtool

ethtool is a command-line tool used to manage and configure Ethernet-based network device settings, such as link speed, duplex mode, and more.

Usage Examples:

  • ethtool <interface>: Displays the current configuration of the specified network interface.
  • ethtool -s <interface> speed <speed> duplex <mode>: Sets the speed and duplex mode of the network interface.
  • ethtool -g <interface>: Displays the ring buffer parameters for the network interface.
  • ethtool -k <interface>: Displays the offload feature settings for the network interface.
  • ethtool -i <interface>: Displays the driver information for the network interface.

iwconfig/iw

iwconfig and iw are tools used to configure wireless network settings, such as SSID, encryption, and other parameters.

Usage Examples:

  • iwconfig <interface> mode managed essid <SSID>: Sets the wireless interface to managed mode and configures the SSID.
  • iwconfig <interface> freq <frequency>: Sets the frequency or channel of the wireless interface.
  • iwconfig <interface> key <key>: Sets the encryption key for the wireless interface.
  • iw dev <interface> set type managed: Sets the wireless interface to managed mode.
  • iw dev <interface> scan: Scans for available wireless networks.

sysctl

sysctl is a command-line tool used to configure Linux kernel parameters at runtime, allowing you to tune network-related settings.

Usage Examples:

  • sysctl -a: Lists all available kernel parameters.
  • sysctl net.ipv4.ip_forward: Displays the current value of the net.ipv4.ip_forward kernel parameter.
  • sysctl -w net.ipv4.ip_forward=1: Sets the net.ipv4.ip_forward kernel parameter to 1, enabling IP forwarding.
  • sysctl -p: Loads the kernel parameters from the /etc/sysctl.conf file.
  • sysctl -w net.core.somaxconn=1024: Sets the maximum number of queued connection requests.

openssl

openssl is a command-line tool used to generate and manage SSL/TLS certificates, which are used for secure network connections.

Usage Examples:

  • openssl req -new -x509 -keyout <key_file> -out <cert_file>: Generates a new self-signed X.509 certificate and private key.
  • openssl x509 -in <cert_file> -text -noout: Displays the contents of an X.509 certificate.
  • openssl rsa -in <key_file> -check: Verifies the integrity of a private key.
  • openssl s_client -connect <host>:<port>: Establishes a TLS connection to the specified host and port.
  • openssl dhparam -out <dhparam_file> 2048: Generates Diffie-Hellman parameters for use in TLS configurations.

stunnel

stunnel is a command-line tool used to create an SSL/TLS proxy, which can be used to secure network connections to an insecure server.

Usage Examples:

  • stunnel <config_file>: Runs stunnel using the specified configuration file.
  • stunnel -p <cert_file> -k <key_file>: Runs stunnel with the specified certificate and private key files.
  • stunnel -c -d <local_port> -r <remote_host>:<remote_port>: Runs stunnel in client mode, forwarding local connections to a remote host and port.
  • stunnel -l <local_port> -r <remote_host>:<remote_port>: Runs stunnel in server mode, accepting local connections and forwarding them to a remote host and port.
  • stunnel -v: Runs stunnel in verbose mode, providing more detailed logging.

iptraf/nethogs

iptraf and nethogs are command-line tools used to provide real-time information about network bandwidth usage and performance.

Usage Examples:

  • iptraf -i <interface>: Runs the interactive iptraf tool, displaying network traffic statistics for the specified interface.
  • iptraf -s <interface>: Runs iptraf in server mode, writing the traffic statistics to a log file.
  • nethogs <interface>: Runs the nethogs tool, which displays the network traffic per process.
  • nethogs -t: Runs nethogs in terse mode, showing only the process names and their network usage.
  • nethogs -u: Runs nethogs in user mode, showing the network usage per user instead of per process.

ab/JMeter/wrk

ab (Apache Bench), JMeter, and wrk are popular benchmarking tools used for testing the performance of web servers and APIs.

Usage Examples:

  • ab -n <requests> -c <concurrency> <url>: Runs the Apache Bench tool, performing the specified number of requests with the given concurrency level.
  • jmeter -n -t <jmx_file> -l <results_file>: Runs JMeter in non-GUI mode, using the specified test plan file and writing the results to a file.
  • wrk -t<threads> -c<connections> -d<duration> <url>: Runs the wrk tool, simulating the specified number of threads and connections for the given duration.
  • jmeter -h: Displays the help menu for the JMeter command-line options.
  • wrk --latency <url>: Runs wrk and displays the latency statistics in addition to the throughput.

python -m SimpleHTTPServer

The python -m SimpleHTTPServer command can be used to quickly serve files from the current directory using a simple HTTP server.

Usage Examples:

  • python -m SimpleHTTPServer <port>: Starts a simple HTTP server on the specified port, serving files from the current directory.
  • python -m http.server <port>: The Python 3 equivalent of the above command, starting a simple HTTP server on the specified port.
  • python -m SimpleHTTPServer: Starts a simple HTTP server on the default port 8000, serving files from the current directory.
  • python -m http.server: The Python 3 equivalent of the above command, starting a simple HTTP server on the default port 8000.
  • python -m SimpleHTTPServer --help: Displays the available options for the SimpleHTTPServer module.

ipealc

ipealc is a command-line tool used to calculate IP addresses and subnet information.

Usage Examples:

  • ipealc <ip_address> <subnet_mask>: Calculates the network address, broadcast address, and available host range for the specified IP address and subnet mask.
  • ipealc -c <cidr_notation>: Calculates the subnet mask and other information based on the CIDR notation.
  • ipealc -n <network_address> <prefix_length>: Calculates the network information based on the network address and prefix length.
  • ipealc -h: Displays the help menu for the ipealc tool, including all available options and usage examples.
  • ipealc -v: Displays the version information for the ipealc tool.

nsenter

nsenter is a command-line tool used to enter a container's network namespace, allowing you to troubleshoot and manage the container's network settings.

Usage Examples:

  • nsenter -t <container_pid> -n <command>: Runs the specified command in the context of the container's network namespace.
  • nsenter -t <container_pid> -n ip addr: Displays the network interfaces and IP addresses within the container's network namespace.
  • nsenter -t <container_pid> -n ip route: Displays the routing table within the container's network namespace.
  • nsenter -t <container_pid> -n tcpdump -i eth0: Captures network traffic within the container's network namespace.
  • nsenter -t <container_pid> -n /bin/bash: Starts an interactive shell within the context of the container's network namespace.