This cheatsheet provides a quick reference to essential Linux networking commands and techniques for debugging network issues. Whether you’re troubleshooting connectivity problems, analyzing traffic, or managing network configurations, this guide has you covered.
Note: Some commands may require root privileges. Use sudo when necessary.
Tip: Always test network changes on non-production systems first.
Basic Network Information#
Show Network Interfaces#
# Modern command (preferred)
ip addr show
ip a
# Legacy command
ifconfig
# Show only active interfaces
ip link show up
# Show specific interface
ip addr show eth0
Show Routing Table#
# Show routing table
ip route show
ip r
# Show default gateway
ip route show default
# Legacy command
route -n
Show Network Statistics#
# Network interface statistics
ip -s link show
# Detailed statistics
cat /proc/net/dev
# Network stack statistics
netstat -i
ss -i
DNS Debugging#
DNS Lookup Tools#
# Basic DNS lookup
nslookup google.com
dig google.com
# Reverse DNS lookup
dig -x 8.8.8.8
nslookup 8.8.8.8
# Query specific DNS record types
dig google.com MX
dig google.com TXT
dig google.com AAAA
# Trace DNS resolution path
dig +trace google.com
# Use specific DNS server
dig @8.8.8.8 google.com
nslookup google.com 8.8.8.8
DNS Configuration#
# Check DNS configuration
cat /etc/resolv.conf
# Check hosts file
cat /etc/hosts
# Check systemd-resolved status (Ubuntu/Debian)
systemctl status systemd-resolved
resolvectl status
Connection Testing#
Ping and Connectivity#
# Basic ping
ping google.com
ping -c 4 google.com
# IPv6 ping
ping6 google.com
# Ping with specific interval
ping -i 0.5 google.com
# Ping with packet size
ping -s 1024 google.com
# Continuous ping with timestamp
ping google.com | while read pong; do echo "$(date): $pong"; done
Port Testing#
# Test TCP connection to port
telnet google.com 80
nc -zv google.com 80
# Test UDP port
nc -zuv google.com 53
# Test port range
nc -zv google.com 20-25
# Test with timeout
timeout 5 telnet google.com 80
Advanced Connection Testing#
# HTTP requests
curl -I http://google.com
wget --spider http://google.com
# Test with specific IP version
curl -4 http://google.com # IPv4 only
curl -6 http://google.com # IPv6 only
# Test connection time
curl -w "@-" -o /dev/null -s http://google.com <<< '
time_namelookup: %{time_namelookup}\n
time_connect: %{time_connect}\n
time_appconnect: %{time_appconnect}\n
time_pretransfer: %{time_pretransfer}\n
time_redirect: %{time_redirect}\n
time_starttransfer: %{time_starttransfer}\n
----------\n
time_total: %{time_total}\n'
Network Connections and Ports#
Active Connections#
# Show all connections (modern)
ss -tuln
ss -tulpn # with process names
# Show all connections (legacy)
netstat -tuln
netstat -tulpn # with process names
# Show only listening ports
ss -tln
netstat -tln
# Show only established connections
ss -tu state established
netstat -tu | grep ESTABLISHED
Process and Port Mapping#
# Find process using specific port
lsof -i :80
ss -tulpn | grep :80
netstat -tulpn | grep :80
# Find what ports a process is using
lsof -p <PID>
ss -p | grep <process_name>
# Show all network files opened by processes
lsof -i
Traffic Analysis#
Packet Capture#
# Capture packets on interface
tcpdump -i eth0
# Capture and save to file
tcpdump -i eth0 -w capture.pcap
# Capture specific protocol
tcpdump -i eth0 tcp
tcpdump -i eth0 udp
tcpdump -i eth0 icmp
# Capture specific port
tcpdump -i eth0 port 80
tcpdump -i eth0 port 22
# Capture between specific hosts
tcpdump -i eth0 host 192.168.1.1
tcpdump -i eth0 src 192.168.1.1
tcpdump -i eth0 dst 192.168.1.1
# Capture with verbose output
tcpdump -i eth0 -v
tcpdump -i eth0 -vv
tcpdump -i eth0 -vvv
Network Monitoring#
# Real-time network usage
iftop
nethogs
iotop -n
# Bandwidth monitoring
bmon
nload
vnstat
# Connection monitoring
watch -n 1 'ss -tuln'
watch -n 1 'netstat -tuln'
Firewall and Security#
Iptables#
# List all rules
iptables -L
iptables -L -v -n
# List rules with line numbers
iptables -L --line-numbers
# List specific chain
iptables -L INPUT
iptables -L OUTPUT
iptables -L FORWARD
# Show NAT rules
iptables -t nat -L
# Show packet counters
iptables -L -v
UFW (Ubuntu Firewall)#
# Check UFW status
ufw status
ufw status verbose
# List rules with numbers
ufw status numbered
SELinux/AppArmor#
# Check SELinux status
sestatus
getenforce
# Check AppArmor status
aa-status
Network Configuration#
Interface Management#
# Bring interface up/down
ip link set eth0 up
ip link set eth0 down
# Configure IP address
ip addr add 192.168.1.10/24 dev eth0
ip addr del 192.168.1.10/24 dev eth0
# Add/remove routes
ip route add 192.168.2.0/24 via 192.168.1.1
ip route del 192.168.2.0/24
# Flush interface configuration
ip addr flush dev eth0
Network Services#
# Restart network services
systemctl restart networking # Debian/Ubuntu
systemctl restart network # RHEL/CentOS
systemctl restart NetworkManager # Most modern distros
# Check network service status
systemctl status networking
systemctl status NetworkManager
System Information#
Hardware Information#
# Show network hardware
lspci | grep -i network
lspci | grep -i ethernet
lshw -class network
# Show USB network devices
lsusb | grep -i network
Kernel Modules#
# List loaded network modules
lsmod | grep -E '(e1000|r8169|iwl|ath|rtl)'
# Load/unload modules
modprobe module_name
rmmod module_name
# Module information
modinfo module_name
Advanced Debugging#
Network Namespaces#
# List network namespaces
ip netns list
# Execute command in namespace
ip netns exec namespace_name command
# Enter namespace
ip netns exec namespace_name bash
ARP Table#
# Show ARP table
ip neigh show
arp -a
# Clear ARP cache
ip neigh flush all
# Add static ARP entry
ip neigh add 192.168.1.1 lladdr 00:11:22:33:44:55 dev eth0
Bridge and VLAN#
# Show bridge information
brctl show
ip link show type bridge
# Show VLAN information
cat /proc/net/vlan/config
ip link show type vlan
Socket Statistics#
# Detailed socket information
ss -e # show extended info
ss -m # show socket memory usage
ss -p # show process using socket
ss -o # show timer information
# Socket statistics summary
ss -s
Troubleshooting Workflows#
Basic Connectivity Test#
# 1. Check interface is up
ip link show
# 2. Check IP configuration
ip addr show
# 3. Check routing
ip route show
# 4. Test local connectivity
ping -c 1 127.0.0.1
# 5. Test gateway
ping -c 1 $(ip route show default | awk '{print $3}')
# 6. Test DNS
nslookup google.com
# 7. Test external connectivity
ping -c 1 8.8.8.8
Performance Troubleshooting#
# 1. Check interface errors
ip -s link show
# 2. Check for packet drops
cat /proc/net/dev
# 3. Monitor bandwidth usage
iftop -i eth0
# 4. Check connection states
ss -s
# 5. Monitor system resources
top
iostat
Security Troubleshooting#
# 1. Check firewall rules
iptables -L -v -n
# 2. Check listening services
ss -tulpn
# 3. Check for suspicious connections
ss -tulpn | grep -E ':(22|80|443|3389)'
# 4. Check system logs
journalctl -u networking
tail -f /var/log/syslog | grep -i network
Useful One-liners#
# Show top 10 connections by state
ss -ant | awk '{print $1}' | sort | uniq -c | sort -nr | head -10
# Show bandwidth usage per interface
cat /proc/net/dev | awk '{if(NR>2) print $1, $2, $10}' | column -t
# Find processes listening on specific ports
lsof -iTCP -sTCP:LISTEN -n -P
# Check if a service is accessible from multiple IPs
for ip in 8.8.8.8 1.1.1.1 208.67.222.222; do echo -n "$ip: "; timeout 3 bash -c "cat < /dev/null > /dev/tcp/$ip/53" && echo "OK" || echo "FAIL"; done
# Monitor new connections in real-time
watch -n 1 'ss -tuln | wc -l'
# Check MTU discovery
ping -M do -s 1472 google.com
# Find largest packets that can be sent
for size in {1400..1500..10}; do ping -M do -s $size -c 1 google.com > /dev/null 2>&1 && echo "MTU: $((size + 28))"; done
Log Files to Monitor#
# System logs
tail -f /var/log/syslog
tail -f /var/log/messages
# Network-specific logs
tail -f /var/log/daemon.log
journalctl -f -u networking
journalctl -f -u NetworkManager
# Firewall logs
tail -f /var/log/ufw.log
dmesg | grep -i iptables