[Linux] Network commands


# Incoming Network connection
watch ss -tp
#-t Turn off the header showing the interval, command
#-p Make watch attempt to run command every interval seconds
# etc: watch the content of a directory change
watch -d ls -l
watch -d 'ls -l | fgrep brian'


# Get current stat of the configured network interface
netstat -i
# Displays the kernel routing table. The –n option forces netstat to print the IP addresses. Without this option, netstat attempts to display the host names.
netstat -rn
# TCP connection
netstat -ant
# UDP connection
netstat -anu
# see connections with running program & pid
netstat -tulpn
# display summary statistics of all protocols
netstat -s


# Set IP & netmask
ifconfig eth# <ip>/<cidr>
ifconfig eth0
# Set virtual interface
ifconfig eth0:1 <ip>/<cidr>
# up or down a interface
ifconfig eth0 up
ifconfig eth0 down

To change permanently edit /etc/network/interfaces

auto ens199
# setting static ip in ens199
iface ens199 inet static
# setting DHCP
auto eth0
iface eth0 inet dhcp
# restart
sudo service networking restart


dump socket stats

# -a : all listening
# -t : display tcp
# -u : display udp
ss -atu

socket commands

# nc : netcat
# The nc (or netcat) utility is used for just about anything under the sun involving TCP, UDP, or UNIX-domain sockets
# create UNIX socket
nc -lkU a.sock
# socat
# socket cat
# will send message to a.sock
echo "hello" | sudo socat a.sock stdio


route manipulates the kernel’s IP routing tables.

# show routing table status
route -n
U : Route is UP
! : Reject route
G : Use gateway
M : Modified from route daemon or redirect
H : Target is Host
# add gateway
route add default gw
# add route
route add -net netmask dev eth0

How routing works:

From top to down if we want to reach www.yahoo.com following the steps below:

nslookup www.yahoo.com
# get server address
# In our routing table
# Route to from top to down
# That is, use the gateway to reach our destination ip


# show all devices
ip link show
# show only eth0
ip link show eth0
# show eth0 with RX/TX details
ip -s link show eth0
# change one interface set
ip link set eth0 up
ip link set eth0 down
# edit maximal transition unit
ip link set eth0 mtu 1000


arp is the command to display and manipulate the ARP cache table

The ARP cache table is like:

<IP address> <MAC address>

ARP lifetime typically is 2 mins, and at most 20 mins.

The default timeout timer for is 4 hours for Cisco devices

# display ARP cache content
arp -a
# delete an ARP entry with IP address
arp –d
# delete all ARP entries
arp -d
# add a ARP cache entry
arp -s 00:02:2D:0D:68:C1

What ARP request looks like?

Private IP Classes

  • Class A:–
  • Class B:–
  • Class C:–

Explain the role of interface lo, the loopback interface.

The loopback interface is a virtual network environment that allows to communicate with itself

IPv4 Assign all IP in the address block

IP address block :–




Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store