Skip to content

Network

Tools & Commands

60 Linux Networking commands and scripts

Click to visit page useful link

Top 20 tools

01. iftop
02. vnstat
03. iptraf
04. monitorix
05. bmon
06. darkstat
07. iperf
08. cbm
09. nload
10. htop
11. slurm
12. tcptrack
13. nethogs
14. speedmeter
    speedometer -l  -r wlan0 -t wlan0 -m $(( 1024  *1024*  3 / 2 ))
15. sar
    apt install sysstat
    sar -n DEV  1 --iface=eth0
16. glances
17. ifstat
18. bpytop
19. nmon

Proxy

export all_proxy="socks://172.22.132.33:9090/"

install pip package via proxy:
pip3 install pysocks --proxy socks5://172.22.132.33:9090

Real Example for gitlab:
export HTTPS_PROXY=mprxy:mprxy@<remote-ip-addr>:3128

vnstat

A database for show usage according to date and time (Tx/Rx/Total)

sudo vnstat --days --begin "2024-01-01 00:00" --end "2024-02-01 23:59"

ssh

ssh config

To enable a password-less connection

Host proxy
    HostName 172.20.238.8
    Port 22
    User mehrdad
    IdentityFile ~/.ssh/id_rsa

Host [name]
    HostName [ip-or-hostname]
    Port [port_number]
    User [user]
    ProxyCommand ssh -W %h:%p proxy
    PreferredAuthentications publickey
    IdentityFile ~/.ssh/id_rsa

ssh 2 ssh

ssh user#host1@host2

Jump SSH

ssh user@<host-1> -J user@<host-2>

scp

Copy the file "foobar.txt" from a remote host to the local host

scp username@remotehost_ip.edu:foobar.txt /some/local/directory

Copy the file "foobar.txt" from the local host to a remote host

scp foobar.txt username@remotehost.edu:/some/remote/directory

Copy the directory "foo" from the local host to a remote host's directory "bar"

scp -r foo username@remotehost.edu:/some/remote/directory/bar

Copy the file "foobar.txt" from remote host "rh1.edu" to remote host "rh2.edu"

scp username@rh1.edu:/some/remote/directory/foobar.txt username@rh2.edu:/some/remote/directory/

Copying the files "foo.txt" and "bar.txt" from the local host to your home directory on the remote host

scp foo.txt bar.txt username@remotehost.edu:~

Copy the file "foobar.txt" from the local host to a remote host using a different port number

scp -P 2264 foobar.txt username@remotehost.edu:/some/remote/directory

Copy multiple files from the remote host to your current directory on the local host

scp username@remotehost.edu:/some/remote/directory/\{a,b,c\} .
scp username@remotehost.edu:~/\{foo.txt,bar.txt\} .

scp Performance

By default, SCP uses the Triple-DES cipher to encrypt the data being sent. Using the Blowfish cipher has been shown to increase speed. This can be done by using the option -c blowfish in the command line.

scp -c blowfish some_file username@remotehost.edu:~

It is often suggested that the -C option for compression should also be used to increase speed. The effect of compression, however, will only significantly increase speed if your connection is very slow.

scp -c blowfish -C local_file username@remotehost.edu:~

rsync

Synchronize the bidirectional directory on the remote and local together

Access via remote shell

Push: rsync [OPTION...] SRC... [USER@]HOST:DEST
Push: sync remote with local

Pull: rsync [OPTION...] [USER@]HOST:SRC... [DEST]
Pull: sync local with remote

Example:

push to remote: rsync -atvz \* root@<remote-ip-addr>:/root

pull from remote: rsync -atvz  root@<remote-ip-addr>:/root/ .

Set up rsync via a different port

push to remote: rsync -atvz . -e 'ssh -p 6788' mehrdad@<remote-ip-addr>:/tmp

pull from remote: rsync -atvz -e 'ssh -p 6788' mehrdad@<remote-ip-addr>:/tmp/debug.tar.gz .

ip command (iproute2 pckg)

Install 'ip' linux package

sudo apt install iproute2

sudo dnf install iproute2

ip addr

Note: You can use a instead of addr

🧠 Concept

ip addr (short for ip address) is used to view, add, or remove IP addresses on your network interfaces.

It operates at Layer 3 (Network Layer) — managing how your system is identified on the network.

Show all assigned IP addresses

ip addr show

ip -br -c a

Add a new IP address

sudo ip addr add 192.168.100.50/24 dev ens160

➡️ Adds an additional address (can have multiple per interface).

Remove an IP address

sudo ip addr del 192.168.100.50/24 dev ens160

Replace (set) an IP address

sudo ip addr replace 192.168.100.16/24 dev ens160

This automatically removes the old one if it exists.

Bring an interface up or down (quick link control)

sudo ip link set ens160 up

sudo ip link set ens160 down

Flush (remove) all addresses from an interface

sudo ip addr flush dev ens160

🔍 Scopes

Scope Meaning
global Reachable from outside the host
link Valid only on the local network segment
host Valid only within the local system (loopback)

ip route

Note: You can use r instead of route

🧠 Concept:

ip route is used to view and manage the kernel’s routing table — basically, the rules Linux uses to decide where to send outgoing packets.

Show the routing table

ip route show

ip -br -c r

Add a new route manually

sudo ip route add default via {GATEWAYIP} [dev {INTERFACE-NAME}]
sudo ip route add 10.10.0.0/16 via 192.168.100.254 dev ens160

➡️ Any packet to 10.10.x.x will be sent to gateway 192.168.100.254.

Delete a route

sudo ip route del 10.10.0.0/16

Temporarily remove internet access (for testing)

sudo ip route del default

Change the default gateway

sudo ip route replace default via 192.168.100.1 dev ens160

🧠 Tip: Check where traffic goes

ip route get 8.8.8.8

➡️ Any packet to 10.10.x.x will be sent to gateway 192.168.100.254.

ip link is part of the iproute2 toolset in Linux, and it’s used to show and configure network interfaces (links).

It works at Layer 2 (Data Link Layer) — meaning it deals with the physical or virtual network interfaces themselves, not with IP addresses or routing.

Show Links

ip -br -c l

Show all network interfaces

ip link show

Bring an interface up

sudo ip link set ens160 up

Bring an interface down

sudo ip link set ens160 down

Change an interface’s MTU, Reduces the maximum frame size (useful in tunnels or VPNs).

sudo ip link set ens160 mtu 1400

Change an interface’s MAC address

sudo ip link set dev ens160 address 00:11:22:33:44:55

Show a specific interface

ip link show dev ens160

Up & Down Interface

ip link set <interface-name> up

ip neighbor

See which devices your system has interacted with

ip neigh

Delete a specific entry from the ARP cache

sudo ip neigh del 192.168.100.1 dev ens160

Flush the entire ARP cache

sudo ip neigh flush all

Add a static ARP entry manually (less common)

sudo ip neigh add 192.168.100.50 lladdr 00:11:22:33:44:55 dev ens160 nud permanent

Note: You can use n instead of neigh

Subnet Mask

Calculate the subnet mask from the IP address

ipcalc 0.0.0.0/1

Range of Private Networks

Class A  10.0.0.0/8
Class B  172.16.0.0/12
Class C  192.168.0.0/16

route (net-tools)

see all routes:

route -n

Add new route:

route add -net 172.22.132.0/24 gw 77.104.118.1 dev ens4

telnet

Check the connection between two machines:

telnet  <ip> <port>

nmap

Scan port on the host(s)

nmap –p 80 192.168.0.1-100

nmap -Pn -p 1-65535 --min-rate 1000 gitlab.com

See nmap Cheat Sheet

fuser

kill open port directly

fuser -k -n tcp 80

fuser -k -n udp 80

Kernel IP forwarding

Temporarily Enable/Disable IP Forwarding

Manually

echo 1 > /proc/sys/net/ipv4/ip_forward

echo 0 > /proc/sys/net/ipv4/ip_forward

via sysctl

sysctl -w net.ipv4.ip_forward=1

sysctl -w net.ipv4.ip_forward=0

Permanently Enable Forwarding

To ensure forwarding settings persist between reboots

cat /etc/sysctl.conf | grep -i ip_forward

change the value and uncomment the line

T-Shoot Tools

1. log file

dmesg
/var/log/syslog
/var/log/messages

2. Commands

arp -n
ping gateway
ss -l list, -m memory
netstat netstat -tulpen
traceroute google.com
mtr google.com
tcpflow -c \<port-number\>

3. Interactive trouble

nc -l 1234, nc localhost 1234
telnet host-ip host-port

4. Expert & DNS resolve Commands

nmap -v google.com, nmap 192.168.1.1/24 80
host google.com
nslookup google.com
dig google.com
lsof -i

5. tcpdump

-i any every port
-p 1234 port 1234
-D all available interfaces
-w file.pcap write to file
-r file.pcap read from file
-c count of captured package
dst ip packet route TO address
src ip packet route FROM address
-A read packet data

ngrep -t -W byline port 8088 -d any
tcpdump -i any -nn -s 0 -w k8s_port_6443.pcap port 6443 and host 172.16.2.10