Linux Network Commands Every Pro User Should Know

By On Saturday, August 16, 2025
Esential Linux Network Commands

Suppose you are a savvy Linux user, administrator, programmer, or aspiring professional in network security. In that case, mastering essential Linux network management commands is one of the skills you need in your toolbox. Over the years, apart from classic network commands, several modern alternatives have also popped up. We'll look at some of the most powerful and best network commands for the Linux platform. In this guide, we'll learn the practical, real-world usage of these commands to help you better manage your Linux instance. These commands come preinstalled with popular Linux distributions.

Esential Linux Network Commands
📷 Master essential Linux network commands in an easy-to-follow guide

If you are already familiar with basic Linux commands and the command-line environment, you can easily grasp the commands. You can also create a cheatsheet of these network commands.

Read Also:
15 Essential Linux Terminal Tools Every Power User Should Know

Most of these network commands are used for troubleshooting or to inquire about the status of different network-related entities. Let's get started and master Linux network commands through this tutorial.

1. ip – Your Modern Network Swiss Army Knife

If you are used to route, ipconfig, and arp commands, it's time to replace them with this modern alternative. The ip command is a powerful tool to manage network interfaces, tunnels, and routing tables. It's a must-have tool for Linux network administrators.

View Network Interfaces and IP Addresses

# Show all interfaces with detailed info
ip addr show

# Shorter version
ip a

# Show only specific interface
ip addr show eth0

# Show only IPv4 addresses
ip -4 addr show

# Show only IPv6 addresses
ip -6 addr show

Managing Network Interfaces

# Bring interface up/down
sudo ip link set eth0 up
sudo ip link set eth0 down

# Set interface MTU
sudo ip link set eth0 mtu 1500

# Rename interface (must be down first)
sudo ip link set eth0 down
sudo ip link set eth0 name wan0
sudo ip link set wan0 up

IP Address Management

# Add IP address to interface
sudo ip addr add 192.168.1.100/24 dev eth0

# Remove IP address
sudo ip addr del 192.168.1.100/24 dev eth0

# Add secondary IP
sudo ip addr add 192.168.1.101/24 dev eth0 label eth0:1

Routing Management

# Show routing table
ip route show

# Add default gateway
sudo ip route add default via 192.168.1.1

# Add specific route
sudo ip route add 10.0.0.0/8 via 192.168.1.1 dev eth0

# Delete route
sudo ip route del 10.0.0.0/8

# Show route to specific destination
ip route get 8.8.8.8

And now let's see some real-world examples of using this tool.

Scenario 1: Debugging Docker Network Issues

# Check if Docker created bridge interfaces
ip link show type bridge

# Inspect Docker container network namespace
docker exec container_name ip addr show

Scenario 2: Setting up a Static IP

# Remove DHCP-assigned IP
sudo ip addr flush dev eth0

# Add static IP
sudo ip addr add 192.168.1.50/24 dev eth0

# Add default route
sudo ip route add default via 192.168.1.1

# Verify configuration
ip addr show eth0 && ip route show

Pro Tips to Get More Out of This Excellent Tool

  • Use the watch -n 1 'ip addr show && echo && ip route show' command to monitor all the network changes in real-time.
  • If you are writing a script for advanced network management, the -j switch can be used to output the results in JSON format. Here's an example command: ip -j addr show
  • For colorized output, use the ip -c command. It'll make the information more readable and interesting.

2. ss – Socket Statistics Powerhouse

If you've been using netstat till now, it's time to replace it with a much powerful and feature-packed tool, the ss command. It interacts directly with the kernel, giving you faster results that matter on large systems with thousands of active connections.

Basic Connection Viewing

# Show all TCP and UDP connections
ss -tuna

# Show only established connections
ss -tu state established

# Show listening ports only
ss -tuln

# Show both listening and established
ss -tulna

Advanced Filtering

# Show connections to specific port
ss -tun sport :80

# Show connections from specific IP
ss -tun src 192.168.1.0/24

# Show connections to specific host
ss -tun dst 8.8.8.8

# Combine filters
ss -tun state established dst 8.8.8.8 sport :443

Process Information

# Show which processes own sockets
ss -tulpn

# Filter by process name
ss -tulpn | grep nginx

# Show sockets for specific PID
ss -tulpn | grep $(pgrep ssh)

Memory and Buffer Information

# Show socket memory usage
ss -tm

# Show extended socket information
ss -e

# Show socket buffer sizes
ss -m state established

And finally, here are some real-world troubleshooting examples:

Scenario 1: Finding Port Conflicts

# Check if port 8080 is already in use
ss -tuln | grep :8080

# Find what's using the port
ss -tulpn | grep :8080

# Show all processes listening on privileged ports
ss -tulpn | awk '$4 ~ /:([0-9]{1,3}|[0-9]{4})$/ && $4 !~ /:([1-9][0-9]{3}[0-9]+)$/'

Scenario 2: Database Connection Analysis

# Monitor MySQL connections
watch -n 2 'ss -tun dst :3306 | wc -l'

# Show connection states to the database
ss -tun dst :3306 | awk '{print $1}' | sort | uniq -c

# Find long-lived connections
ss -to state established dst :3306

Scenario 3: Web Server Performance Analysis

# Count HTTP connections by state
ss -tan state all | grep :80 | awk '{print $1}' | sort | uniq -c

# Show keep-alive connections
ss -to state established sport :80

# Monitor connection queue sizes
ss -ln sport :80 | grep -E 'Send-Q|Recv-Q'

The following are the important flags you may use with the ss command:

  • t : TCP sockets
  • u : UDP sockets
  • l : Listening sockets
  • n : Don't resolve hostnames
  • p : Show process info
  • a : All sockets (listening + non-listening)
  • e : Show extended socket information
  • m : Show socket memory information
  • o : Show socket options

3. ping – The Network Heartbeat Monitor

Generally, the ping command is considered a simple connectivity testing tool. But, it's much more than that. You can perform several advanced network related operations through this command. It includes load testing and checking of various network metrics to assess the quality of the connection.

Basic Connectivity Testing

# Basic ping
ping google.com

# Limit packet count
ping -c 4 8.8.8.8

# Set packet interval (requires root for < 1 second)
ping -i 0.5 google.com

# Ping with timestamp
ping -D google.com

Advanced Network Analysis

# Flood ping (network stress test - use carefully!)
sudo ping -f google.com

# Large packet size test (MTU discovery)
ping -s 1472 google.com # 1472 + 28 = 1500 MTU

# IPv6 ping
ping6 ipv6.google.com

# Specify source interface
ping -I eth0 google.com

Network Quality Testing

# Continuous monitoring with statistics
ping -c 100 -i 0.2 8.8.8.8 | tail -n 3

# Adaptive ping (adjust interval based on response time)
ping -A google.com

# Audible ping (beep on response)
ping -a google.com

Finally, here are some real-world situations you may encounter in your workspace:

Scenario 1: Diagnosing Intermittent Connectivity

# Long-term connectivity monitoring
ping -c 1000 -i 1 8.8.8.8 > ping_results.txt 2>&1 &

# Analyze the results
grep -E 'time=|packet loss' ping_results.txt

# Create a ping monitoring script
#!/bin/bash
while true; do
if ! ping -c 1 -W 2 8.8.8.8 >/dev/null 2>&1; then
echo "$(date): Connectivity lost" >> connectivity.log
fi
sleep 10
done

Scenario 2: MTU Discovery and Fragmentation Testing

# Test different packet sizes to find MTU
for size in 1472 1473 1500 1600; do
echo "Testing packet size: $size"
ping -c 1 -s $size -M do google.com
done

# Test Path MTU Discovery
ping -c 4 -s 1500 -M do google.com

Scenario 3: Network Performance Baseline

# Create baseline measurements
echo "Baseline network performance test"
for host in 8.8.8.8 1.1.1.1 google.com github.com; do
echo "Testing $host"
ping -c 10 -q $host | tail -n 1
done

Alert: Use ping -f carefully! It requires root and can overwhelm networks.

Here are a few tips to better use this command.

  • If you just want the summary in quiet mode, use the ping -q command.
  • If you are troubleshooting the network through the ping command, always use a separate terminal for the same.
  • For accurate timestamps, use the ts command. Here's an example: ping google.com | ts

4. traceroute – The Network Path Detective

This is yet another powerful tool every network administrator should master. The traceroute command helps in troubleshooting routing issues. It can also help you clearly understand the topology of a network. Let's check out some of the commands to understand their usage.

Installation and Basic Usage

# Install traceroute (if not already installed)
sudo apt install traceroute # Debian/Ubuntu
sudo yum install traceroute # RHEL/CentOS/Fedora
sudo pacman -S traceroute # Arch Linux

# Basic usage
traceroute google.com

# Use IP address to avoid DNS delays
traceroute 8.8.8.8

# Specify maximum hops
traceroute -m 15 google.com

# Use UDP (default), TCP, or ICMP
traceroute -T google.com # TCP
traceroute -I google.com # ICMP

Advanced Techniques

# Specify source interface
traceroute -i eth0 google.com

# Set packet size
traceroute -s 1000 google.com

# Multiple queries per hop
traceroute -q 5 google.com

# Don't resolve hostnames (faster)
traceroute -n 8.8.8.8

# Show AS (Autonomous System) numbers
traceroute -A google.com

Enhanced Alternatives: MTR (My TraceRoute)

# Install MTR
sudo apt install mtr-tiny # Minimal version
sudo apt install mtr # Full version with GUI

# Basic MTR usage
mtr google.com

# Continuous monitoring
mtr -r -c 10 google.com # Report mode, 10 cycles

# JSON output for automation
mtr -r -c 5 --json google.com

# Show both IP and hostnames
mtr --show-ips google.com

Once again, we're going to look at some real-world troubleshooting and network analysis examples.

Scenario 1: Identifying Network Bottlenecks

# Run MTR for an extended period to identify patterns
mtr -r -c 100 -i 1 your-server.com

# Look for:
# - High packet loss at specific hops
# - Sudden latency increases
# - Timeouts (* * * entries)

Scenario 2: Comparing Routes to Different Servers

#!/bin/bash
echo "Comparing routes to different CDN endpoints"
for host in usa.server.com europe.server.com asia.server.com; do
echo "Route to $host:"
traceroute -q 1 -m 10 $host | head -15
echo "---"
done

Scenario 3: Corporate Network Analysis

# Trace to internal servers
traceroute internal-server.company.com

# Check if traffic goes through expected gateways
traceroute -n 192.168.100.50

# Monitor route changes over time
while true; do
echo "$(date): Route to critical-server.com"
traceroute -q 1 -m 8 critical-server.com
sleep 300 # Check every 5 minutes
done

And here's a quick comparison of 3 tools with similar functionalities.

  • traceroute - It's primarily used for one-time path analysis.
  • mtr - It's an advanced tool to continuously monitor the network path with rich statistics.
  • pathping - It's more or less similar to the mtr command and is available for Windows.

If you want to perform one-time network path diagnostics, use the traceroute command. And, if you are looking for continuous monitoring, the mtr command is your best bet.

5. nmap – The Network Discovery Powerhouse

The nmap command isn't just used for port scanning. It can be used as a powerful network auditing tool, too. Administrators often use it to identify network services and their versions. Security engineers also use it to audit different types of network attributes.

Installation

# Install nmap
sudo apt install nmap # Debian/Ubuntu
sudo yum install nmap # RHEL/CentOS
sudo pacman -S nmap # Arch Linux

Host Discovery

# Ping scan (find live hosts)
nmap -sn 192.168.1.0/24

# ARP scan (local network only, very reliable)
sudo nmap -PR 192.168.1.0/24

# Skip host discovery (assume all hosts are up)
nmap -Pn target.com

# Discovery using different protocols
nmap -PS22,80,443 192.168.1.0/24 # TCP SYN ping
nmap -PA80,443 192.168.1.0/24 # TCP ACK ping
nmap -PU53,161 192.168.1.0/24 # UDP ping

Port Scanning

# Default scan (top 1000 ports)
nmap target.com

# Specific ports
nmap -p 22,80,443 target.com

# Port ranges
nmap -p 1-1000 target.com

# All ports (slower but comprehensive)
nmap -p- target.com

# Fast scan (top 100 ports)
nmap -F target.com

Scan Types

# TCP SYN scan (default, stealthy)
nmap -sS target.com

# TCP Connect scan (when SYN scan not possible)
nmap -sT target.com

# UDP scan (slower but important)
sudo nmap -sU target.com

# Combined TCP and UDP
sudo nmap -sS -sU -p T:80,443,U:53,161 target.com

Service and OS Detection

# Service version detection
nmap -sV target.com

# OS detection
sudo nmap -O target.com

# Aggressive scan (OS, version, scripts, traceroute)
nmap -A target.com

# Enable specific scripts
nmap --script http-title,ssl-cert target.com

The following are real-world usage examples demonstrating the power of this tool.

Scenario 1: Network Asset Discovery

# Complete network inventory
nmap -sn 192.168.1.0/24 > live_hosts.txt

# Detailed scan of discovered hosts
nmap -A -T4 --open $(cat live_hosts.txt | grep -oP '\d+\.\d+\.\d+\.\d+')

# Find web servers on the network
nmap -p 80,443,8080,8443 --open 192.168.1.0/24

Scenario 2: Security Auditing

# Find systems with weak SSH configuration
nmap --script ssh-auth-methods,ssh2-enum-algos -p 22 192.168.1.0/24

# Check for SSL/TLS vulnerabilities
nmap --script ssl-cert,ssl-enum-ciphers -p 443 target.com

# SMB enumeration
nmap --script smb-enum-shares,smb-enum-users -p 445 target.com

Scenario 3: Service Monitoring

#!/bin/bash
# Monitor critical services
SERVERS="web.company.com db.company.com mail.company.com"
for server in $SERVERS; do
echo "Checking $server"
nmap -Pn -p 80,443,22,3306,25,587 --open $server
echo "---"
done

Scenario 4: Firewall Testing

# Test firewall rules
nmap -sS -O target.com # From outside
nmap -sS -O --source-port 53 target.com # DNS source port
nmap -f target.com # Fragmented packets
nmap -D decoy1,decoy2,ME target.com # Decoy scan

Performance and Stealth Options

# Timing templates (0=slowest, 5=fastest)
nmap -T4 target.com

# Custom timing
nmap --scan-delay 5s --max-retries 1 target.com

# Avoid detection
nmap -sS -T1 -f --source-port 53 target.com

# Parallel scanning
nmap --min-hostgroup 100 --max-hostgroup 1000 192.168.1.0/24

The following are some of the pointers one must follow to ensure this tool is used ethically:

  • Needless to say, only scan the networks you have permission to do so.
  • Use -T1 or -T2 switches to perform stealthy scans.
  • Be aware that several IDS/IPS systems can detect nmap scans.
  • Always be aware of the legal implications of scanning. Think before using this tool.
  • It's a good practice to get written permission for professional scanning assignments.

Conclusion

These five networking commands, viz., ip, ss, ping, traceroute, and nmap are the core of Linux network troubleshooting and administration. By mastering them, you'll be able to:

  • Quickly diagnose connectivity issues
  • Monitor network performance and health
  • Discover and audit network devices
  • Troubleshoot complex routing problems
  • Optimize network configurations

The key to mastering these networking commands is to practice with an internal demo network. Try to experiment with different scenarios, and don't be afraid to break things (safely) to learn how they work.

Always remember that computer networks are complex systems, and these tools can help you understand what's happening beneath the surface. The more you use them, the more interesting network troubleshooting becomes.

Image Credit: All screenshots and image alterations by Rajeev Edmonds/FreshTechTips

Rajeev Edmonds - Author of Fresh Tech Tips

Rajeev Edmonds

Editor-in-Chief / Author

Rajeev Edmonds has been guiding tech enthusiasts with in-depth tutorials since 2012. He covers WordPress, digital services, the latest gadgets, and more. He also crafts websites and web apps for individuals and small to mid-sized businesses. Connect with him on X, Bluesky, and GitHub.

All comments posted here are subject to the comment policy of this blog.