Linux Commands to Troubleshoot Network Issues

Posted by

To troubleshoot network issues on a Linux system, you can use several commands that provide information about the network interfaces, routing tables, and active connections. Here are some commonly used commands with examples:

  • ping: Test the reachability of another host on the network.
  • traceroute: Trace the route packets take to get to a remote host.
  • netstat: Display network connections, routing tables, interface statistics, etc.
  • ss: Another utility to investigate sockets.
  • ifconfig: Although deprecated, it’s still widely used for displaying and configuring network interfaces.
  • ip: A modern replacement for ifconfig, providing similar functionality.
  • arp: Show and modify the kernel’s IPv4 network neighbor cache.
  • dig: Query DNS nameservers for information about host addresses, mail exchanges, nameservers, and related information.
  • nslookup: Query Internet domain name servers.
  • route: Show or manipulate the IP routing table.
  • tcpdump: Capture and analyze network traffic passing over a network interface.
  • wireshark: A graphical network protocol analyzer.
  • nmap: Network exploration tool and security/port scanner.

ping

Here are some examples of how to use the ping command in Linux:

  • Ping a Domain or IP Address: Basic usage to check if a host is reachable.
ping example.com
  • Ping with a Specific Number of Packets: Send a certain number of packets and then stop.
ping -c  5 example.com
  • Ping with Custom Packet Size: Send packets with a custom size.
ping -s  100 example.com
  • Ping with a Timeout: Stop the ping after a certain timeout period.
ping -w  10 example.com
  • Ping Continuously: Keep the ping going until stopped manually.
ping -f example.com
  • Ping with Quiet Mode: Show only a summary of the ping statistics.
ping -q -c  4 example.com
  • Ping with Verbose Output: Get more detailed output.
ping -v example.com
  • Ping with a Specific Network Interface: Specify the network interface to use.
ping -I eth0 example.com
  • Ping an IPv6 Address: Send packets to an IPv6 address.
ping -6  2001:db8::1
  • Ping with a Time Stamp: Add a timestamp to each line of the output.
ping example.com | xargs -n1 -i bash -c 'echo `date +%F\ %T`" {}"'

traceroute

You may use the Linux traceroute command by following these examples:

  • Basic Usage: Trace the route to a destination, such as example.com.
traceroute example.com
  • Using IPv4: Explicitly specify to use IPv4 with the -4 option.
traceroute -4 example.com
  • Using IPv6: Use the -6 option to specify IPv6.
traceroute -6 example.com
  • Do Not Fragment: Prevent packets from being fragmented with the -F option.
traceroute -F example.com
  • Start Hop Count: Begin the trace from a specific hop count using -f.
traceroute -f  10 example.com
  • Maximum Hops: Set the maximum number of hops for the trace with -m.
traceroute -m  5 example.com
  • Destination Port: Specify a different destination port with -p.
traceroute -p  20292 example.com
  • Number of Probes: Change the number of probes sent per hop with -q.
traceroute -q  1 example.com
  • Packet Length: Set the full packet length with a numerical argument.
traceroute example.com  100
  • Help Information: Display help messages and exit with --help.
traceroute --help

netstat

Linux has a command-line programme called netstat that offers network statistics. It is employed to detect different networking problems and display network-related information. To obtain particular information about network connections, routeing tables, interface statistics, and other topics, the command provides a number of arguments.

Here are some examples of how to use the netstat command:

  • List All Connections: Display all active connections.
netstat -a
  • List Listening Ports: Show all ports that are listening for incoming connections.
netstat -l
  • List TCP Connections: Display all TCP connections.
netstat -t
  • List UDP Connections: Display all UDP connections.
netstat -u
  • Display Routing Tables: Show the kernel routing table.
netstat -r
  • Display Interface Statistics: Show network interface statistics.
netstat -i
  • List Protocol Statistics: Display protocol statistics.
netstat -s
  • List All TCP and UDP Connections Along with Process IDs: Show all TCP and UDP connections along with the process IDs.
netstat -tuplen
  • Continuously Monitor All TCP Connections: Monitor all TCP connections in real-time.
netstat -antc
  • Display All Open TCP Ports with Associated Programs: Show all open TCP ports along with the PID and the program using the port.
netstat -ltp
  • Filter SSH Connections: Show all SSH connections along with the username, program, and corresponding PID.
netstat -atnep | grep ssh
  • Show Connections on a Specific Port: Display all connections on a specific port, for example, port 443.
netstat -atnep | grep :443
  • Raw Network Statistics: Display raw network statistics.
netstat -s -w

ss

The ss command in Linux is a utility used to display detailed information about network sockets and connections. It is considered a modern replacement for the netstat command, offering more advanced features and flexibility. Here are some examples of how to use the ss command:

  • List All Connections: Show all active connections.
ss -a
  • List Listening Sockets: Display all sockets that are listening for incoming connections.
ss -l
  • List TCP Connections: Show all TCP connections.
ss -t
  • List UDP Connections: Show all UDP connections.
ss -u
  • List Unix Sockets: Display all Unix domain sockets.
ss -x
  • List Raw Sockets: Show all raw sockets.
ss -r
  • List Connections to a Specific IP Address: Filter connections to a specific IP address.
ss dst  192.168.1.1
  • Check Process IDs: Show the process ID (PID) associated with each connection.
ss -p
  • List Summary Statistics: Show summary statistics for network sockets.
ss -s
  • List IPv4 and IPv6 Socket Connections: Show both IPv4 and IPv6 connections.
ss -4 -6
  • Filter Connections: Use filters to narrow down the displayed connections.
ss src  192.168.1.1
  • Check Man Pages or List All Commands: Access the manual page for ss or list all available commands.
man ss
ss -h

ifconfig

Linux users can configure and see network interface controller (NIC) settings using the ifconfig command-line tool. It is included in the net-tools package and is still in use on many systems, despite being deprecated in favour of the ip command. Here are a few instances of using ifconfig:

  • View Active Network Interface Settings:
ifconfig
  • Display a Shortlist of Active Interfaces:
ifconfig -a
  • Get Information About a Specific Network Interface:
ifconfig eth0
  • Disable a Network Interface:
sudo ifconfig eth0 down
  • Enable a Network Interface:
sudo ifconfig eth0 up
  • Assign an IP Address to an Interface:
sudo ifconfig eth0  192.168.1.100
  • Assign a Netmask to an Interface:
sudo ifconfig eth0 netmask  255.255.255.0
  • Set MTU for an Interface:
sudo ifconfig eth0 mtu  1500
  • Enable Promiscuous Mode:
sudo ifconfig eth0 promisc
  • Disable Promiscuous Mode:
sudo ifconfig eth0 -promisc
  • View Transmission Errors:
ifconfig eth0 | grep errors

ip:

Linux’s ip command is a flexible tool for network management jobs. Among other things, it enables you to set up tunnels, setup routeing, and manage and display network interface controller (NIC) settings. Because of its increased capability and efficiency, the ip command—which is a component of the iproute2 package—is thought to be a suitable substitute for the outmoded ifconfig command.

Here are some examples of how to use the ip command:

  • Show All Network Interfaces:
ip link show
  • Assign an IP Address to a Network Interface:
sudo ip addr add  192.168.1.100/24 dev eth0
  • Remove an IP Address from a Network Interface:
sudo ip addr del  192.168.1.100/24 dev eth0
  • Change the State of a Network Interface:
sudo ip link set eth0 up # Bring up the interface
sudo ip link set eth0 down # Bring down the interface
  • Monitor Changes to Network Configuration:
ip monitor
  • Add a Route:
sudo ip route add  192.168.1.0/24 via  192.168.1.1
  • Delete a Route:
sudo ip route del  192.168.1.0/24
  • Flush (Clear) the Routing Table:
sudo ip route flush table main
  • Save the Current Routing Table:
sudo ip route save table main
  • Restore the Saved Routing Table:
sudo ip route restore table main
  • Show Routing Table:
ip route show

arp

The Internet Protocol Suite uses the Address Resolution Protocol, or arp, to translate an IP address to a physical (MAC) address on a local network. In the OSI paradigm, it functions at the link layer. You may work with the ARP cache, which holds current IP-to-MAC address mappings, in Linux by using the arp command.

Here are some examples of how to use the arp command:

  • Display ARP Cache: Show the current ARP cache entries.
arp -a
  • Insert a Static ARP Entry: Add a static entry into the ARP cache.
arp -s [IP address] [MAC address]
  • Delete an ARP Cache Entry: Remove a specific entry from the ARP cache.
arp -d [IP address]
  • Delete All Entries: Clear the entire ARP cache.
arp -d *
  • Analyze ARP Traffic: Show ARP traffic statistics.
arp -A
  • Proxy ARP: Enable or disable Proxy ARP on an interface.
sudo arp -s [IP address] [MAC address] -i [interface]
  • Set ARP Timeout: Determine the duration of dynamic entries in the ARP cache.
arp timeout [seconds]
  • Show ARP Timeout: Display the ARP timeout value.
arp timeout show
  • Purge Delay: Control the delay before ARP entries are purged when an interface goes down.
arp purge-delay [seconds]
  • No Purge Delay: Disable the purge delay.
no arp purge-delay

dig

A command-line tool called dig is used to query DNS (Domain Name System) servers. The acronym for this is “Domain Information Groper.” Network administrators who need to debug DNS issues or just want to retrieve DNS information will find this application extremely helpful. The following are some usage examples for the dig command:

  • Basic DNS Query: Perform a simple DNS lookup for a domain.
dig google.com
  • Specify DNS Server: Query a specific DNS server instead of the default one configured on your system.
dig @8.8.8.8 google.com
  • Any Record Type: Retrieve any type of DNS record for a domain.
dig ANY google.com
  • Short Answer: Get a brief answer without the header, question, or footer sections.
dig +short google.com
  • Detailed Answer: Access detailed information in the answers section.
dig google.com +noall +answer
  • Trace Route: Trace the route of the query through the DNS resolver chain.
dig +trace google.com
  • Reverse DNS Lookup: Perform a reverse DNS lookup to get the domain name associated with an IP address.
dig -x  8.8.8.8
  • Batch Mode: Read hostnames from a file and perform DNS lookups.
dig -f hostnames.txt
  • Customize Output: Modify the output format using various options like +nocmd+nocomment, etc.
dig +nocmd +nocomment google.com
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x