LINUX NETWORKING COMMANDS
Linux is most powerful operating system which often needs to use commands to explore it effectively.Some of the commands are restricted to normal user groups as they are powerful and has more functionality involved in it.Here we summarized most interesting and useful networking commands which every linux user are supposed to be familiar with it.
1.Arp manipulates the kernel’s ARP cache in various ways. The primary options are clearing an address mapping entry and manually setting up one. For debugging purposes, the arp program also allows a complete dump of the ARP cache.ARP displays the IP address assigned to particular ETH card and mac address
2.Ifconfig is used to configure the network interfaces. Normally we use this command to check the IP address assigned to the system.It is used at boot time to set up interfaces as necessary. After that, it is usually only needed when debugging or when system tuning is needed.
[fasil@smashtech ~]# /sbin/ifconfig
eth0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:126341 errors:0 dropped:0 overruns:0 frame:0
TX packets:44441 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
3. Netstat prints information about the networking subsystem. The type of information which is usually printed by netstat are Print network connections, routing tables, interface statistics, masquerade connections, and multicast.
[fasil@smashtech ~]# netstat
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 .230.87:https ESTABLISHED
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags Type State I-Node Path
unix 10 [ ] DGRAM 4970 /dev/log
unix 2 [ ] DGRAM 6625 @/var/run/hal/hotplug_socket
unix 2 [ ] DGRAM 2952 @udevd
unix 2 [ ] DGRAM 100564
unix 3 [ ] STREAM CONNECTED 62438 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 62437
unix 3 [ ] STREAM CONNECTED 10271 @/tmp/fam-root-
unix 3 [ ] STREAM CONNECTED 10270
unix 3 [ ] STREAM CONNECTED 9276
unix 3 [ ] STREAM CONNECTED 9275
4.ping command is used to check the connectivity of a system to a network.Whenever there is problem in network connectivity we use ping to ensure the system is connected to network.
[root@smashtech ~]# ping google.com
PING google.com (74.125.45.100) 56(84) bytes of data.
64 bytes from yx-in-f100.google.com (74.125.45.100): icmp_seq=0 ttl=241 time=295 ms
64 bytes from yx-in-f100.google.com (74.125.45.100): icmp_seq=1 ttl=241 time=277 ms
64 bytes from yx-in-f100.google.com (74.125.45.100): icmp_seq=2 ttl=241 time=277 ms
--- google.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 6332ms
rtt min/avg/max/mdev = 277.041/283.387/295.903/8.860 ms, pipe 2
5.Nslookup is a program to query Internet domain name servers. Nslookup has two modes: interactive and non-interactive. Interactive mode allows the user to query name servers for information about various hosts and domains or to print a list of hosts in a domain. Non-interactive mode is used to print just the name and requested information for a host or domain.
[fasil@smashtech ~]# nslookup google.com
Server: server ip
Address: gateway ip 3
Non-authoritative answer:
Name: google.com
Address: 209.85.171.100
Name: google.com
Address: 74.125.45.100
Name: google.com
Address: 74.125.67.100
6. dig (domain information groper) is a flexible tool for interrogating DNS name servers. It performs DNS lookups and displays the answers that are returned from the name server(s) that were queried. Most DNS administrators use dig to troubleshoot DNS problems because of its flexibility, ease of use and clarity of output. Other lookup tools tend to have less functionality than dig.
[fasil@smashtech ~]# dig google.com
; <<>> DiG 9.2.4 <<>> google.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4716
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 4, ADDITIONAL: 4
;; QUESTION SECTION:
;google.com. IN A
;; ANSWER SECTION:
google.com. 122 IN A 74.125.45.100
google.com. 122 IN A 74.125.67.100
google.com. 122 IN A 209.85.171.100
;; AUTHORITY SECTION:
google.com. 326567 IN NS ns3.google.com.
google.com. 326567 IN NS ns4.google.com.
google.com. 326567 IN NS ns1.google.com.
google.com. 326567 IN NS ns2.google.com.
;; ADDITIONAL SECTION:
ns1.google.com. 152216 IN A 216.239.32.10
ns2.google.com. 152216 IN A 216.239.34.10
ns3.google.com. 152216 IN A 216.239.36.10
ns4.google.com. 152216 IN A 216.239.38.10
;; Query time: 92 msec
;; SERVER: 172.29.36.1#53(172.29.36.1)
;; WHEN: Thu Mar 5 14:38:45 2009
;; MSG SIZE rcvd: 212
7.Route manipulates the IP routing tables. Its primary use is to set up static routes to specific hosts or networks via an interface after it has been configured with the ifconfig program.When the add or del options are used, route modifies the routing tables. Without these options, route displays the current contents of the routing tables.
[fasil@smashtech ~]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
54.192.56.321 * 255.255.255.0 U 0 0 0 eth0
* 255.255.0.0 U 0 0 0 eth0
default 0.0.0.0 UG 0 0 0 eth0
8.Traceroute : Internet is a large and complex aggregation of network hardware, connected together by gateways. Tracking the route one’s packets follow (or finding the miscreant gateway that’s discarding your packets) can be difficult.
Traceroute utilizes the IP protocol ‘time to live’ field and attempts to elicit an ICMP TIME_EXCEEDED response from each gateway along the path to some host. The only mandatory parameter is the destination host name or IP number. The default probe datagram length is 40 bytes, but this may be increased by specifying a packet length (in bytes) after the destination host name.
[fasil@smashtech ~]# traceroute google.com
traceroute: Warning: google.com has multiple addresses; using 209.85.171.100
traceroute to google.com (209.85.171.100), 30 hops max, 38 byte packets
1 * * *
9.W-displays information about the users currently on the machine, and their processes. The header shows, in this order, the current time, how long the system has been running, how many users are currently logged on, and the system load averages for the past 1, 5, and 15 minutes.
[fasil@smashtechl ~]# w
15:18:22 up 4:38, 3 users, load average: 0.89, 0.34, 0.19
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root :0 - 10:41 ?xdm? 24:53 1.35s /usr/bin/gnome-session
root pts/1 :0.0 10:58 1.00s 0.34s 0.00s w
root pts/2 :0.0 12:10 23:32 0.03s 0.03s bash
10. Nmap is designed to allow system administrators and curious individuals to scan large networks to determine which hosts are up and what services they are offering. nmap supports a large number of scanning techniques such as:UDP, TCP connect(), TCP SYN (half open), ftp proxy (bounce attack), ICMP (ping sweep), FIN, ACK sweep, Xmas Tree,SYN sweep, IP Protocol, and Null scan. See the Scan Types section for more details. nmap also offers a number of advanced features such as remote OS detection via TCP/IP fingerprinting, stealth scanning, dynamic delay and retransmission calculations, parallel scanning, detection of down hosts via parallel pings, decoy scanning, port filtering detection, direct (non-portmapper) RPC scanning, fragmentation scanning, and flexible target and port specification.
Significant effort has been put into decent nmap performance for non-root users. Unfortunately, many critical kernel interfaces (such as raw sockets) require root privileges. nmap should be run as root whenever possible (not setuid root, of course).
The result of running nmap is usually a list of interesting ports on the machine(s) being scanned (if any). Nmap always gives the port’s "well known" service name (if any), number, state, and protocol. The state is either"open", "filtered", or "unfiltered". Open means that the target machine will accept() connections on that port.Filtered means that a firewall, filter, or other network obstacle is covering the port and preventing nmap from determining whether the port is open. Unfiltered means that the port is known by nmap to be closed and no fire-wall/filter seems to be interfering with nmap’s attempts to determine this. Unfiltered ports are the common case and are only shown when most of the scanned ports are in the filtered state.
Depending on options used, nmap may also report the following characteristics of the remote host: OS in use, TCP sequentiality, usernames running the programs which have bound to each port, the DNS name, whether the host is a smurf address, and a few other--Network exploration tool and security scanners.
[fasil@smashtech ~]# nmap 52.194.69.152
Starting nmap 3.70 ( http://www.insecure.org/nmap/ ) at 2009-03-05 15:21 IST
Interesting ports on 52.194.69.152
(The 1658 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
Linux is most powerful operating system which often needs to use commands to explore it effectively.Some of the commands are restricted to normal user groups as they are powerful and has more functionality involved in it.Here we summarized most interesting and useful networking commands which every linux user are supposed to be familiar with it.
1.Arp manipulates the kernel’s ARP cache in various ways. The primary options are clearing an address mapping entry and manually setting up one. For debugging purposes, the arp program also allows a complete dump of the ARP cache.ARP displays the IP address assigned to particular ETH card and mac address
| [fasil@smashtech ]# arp Address HWtype HWaddress Flags Mask Iface 59.36.13.1 ether C eth0 |
2.Ifconfig is used to configure the network interfaces. Normally we use this command to check the IP address assigned to the system.It is used at boot time to set up interfaces as necessary. After that, it is usually only needed when debugging or when system tuning is needed.
[fasil@smashtech ~]# /sbin/ifconfig
eth0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:126341 errors:0 dropped:0 overruns:0 frame:0
TX packets:44441 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
3. Netstat prints information about the networking subsystem. The type of information which is usually printed by netstat are Print network connections, routing tables, interface statistics, masquerade connections, and multicast.
[fasil@smashtech ~]# netstat
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 .230.87:https ESTABLISHED
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags Type State I-Node Path
unix 10 [ ] DGRAM 4970 /dev/log
unix 2 [ ] DGRAM 6625 @/var/run/hal/hotplug_socket
unix 2 [ ] DGRAM 2952 @udevd
unix 2 [ ] DGRAM 100564
unix 3 [ ] STREAM CONNECTED 62438 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 62437
unix 3 [ ] STREAM CONNECTED 10271 @/tmp/fam-root-
unix 3 [ ] STREAM CONNECTED 10270
unix 3 [ ] STREAM CONNECTED 9276
unix 3 [ ] STREAM CONNECTED 9275
4.ping command is used to check the connectivity of a system to a network.Whenever there is problem in network connectivity we use ping to ensure the system is connected to network.
[root@smashtech ~]# ping google.com
PING google.com (74.125.45.100) 56(84) bytes of data.
64 bytes from yx-in-f100.google.com (74.125.45.100): icmp_seq=0 ttl=241 time=295 ms
64 bytes from yx-in-f100.google.com (74.125.45.100): icmp_seq=1 ttl=241 time=277 ms
64 bytes from yx-in-f100.google.com (74.125.45.100): icmp_seq=2 ttl=241 time=277 ms
--- google.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 6332ms
rtt min/avg/max/mdev = 277.041/283.387/295.903/8.860 ms, pipe 2
5.Nslookup is a program to query Internet domain name servers. Nslookup has two modes: interactive and non-interactive. Interactive mode allows the user to query name servers for information about various hosts and domains or to print a list of hosts in a domain. Non-interactive mode is used to print just the name and requested information for a host or domain.
[fasil@smashtech ~]# nslookup google.com
Server: server ip
Address: gateway ip 3
Non-authoritative answer:
Name: google.com
Address: 209.85.171.100
Name: google.com
Address: 74.125.45.100
Name: google.com
Address: 74.125.67.100
6. dig (domain information groper) is a flexible tool for interrogating DNS name servers. It performs DNS lookups and displays the answers that are returned from the name server(s) that were queried. Most DNS administrators use dig to troubleshoot DNS problems because of its flexibility, ease of use and clarity of output. Other lookup tools tend to have less functionality than dig.
[fasil@smashtech ~]# dig google.com
; <<>> DiG 9.2.4 <<>> google.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4716
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 4, ADDITIONAL: 4
;; QUESTION SECTION:
;google.com. IN A
;; ANSWER SECTION:
google.com. 122 IN A 74.125.45.100
google.com. 122 IN A 74.125.67.100
google.com. 122 IN A 209.85.171.100
;; AUTHORITY SECTION:
google.com. 326567 IN NS ns3.google.com.
google.com. 326567 IN NS ns4.google.com.
google.com. 326567 IN NS ns1.google.com.
google.com. 326567 IN NS ns2.google.com.
;; ADDITIONAL SECTION:
ns1.google.com. 152216 IN A 216.239.32.10
ns2.google.com. 152216 IN A 216.239.34.10
ns3.google.com. 152216 IN A 216.239.36.10
ns4.google.com. 152216 IN A 216.239.38.10
;; Query time: 92 msec
;; SERVER: 172.29.36.1#53(172.29.36.1)
;; WHEN: Thu Mar 5 14:38:45 2009
;; MSG SIZE rcvd: 212
7.Route manipulates the IP routing tables. Its primary use is to set up static routes to specific hosts or networks via an interface after it has been configured with the ifconfig program.When the add or del options are used, route modifies the routing tables. Without these options, route displays the current contents of the routing tables.
[fasil@smashtech ~]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
54.192.56.321 * 255.255.255.0 U 0 0 0 eth0
* 255.255.0.0 U 0 0 0 eth0
default 0.0.0.0 UG 0 0 0 eth0
8.Traceroute : Internet is a large and complex aggregation of network hardware, connected together by gateways. Tracking the route one’s packets follow (or finding the miscreant gateway that’s discarding your packets) can be difficult.
Traceroute utilizes the IP protocol ‘time to live’ field and attempts to elicit an ICMP TIME_EXCEEDED response from each gateway along the path to some host. The only mandatory parameter is the destination host name or IP number. The default probe datagram length is 40 bytes, but this may be increased by specifying a packet length (in bytes) after the destination host name.
[fasil@smashtech ~]# traceroute google.com
traceroute: Warning: google.com has multiple addresses; using 209.85.171.100
traceroute to google.com (209.85.171.100), 30 hops max, 38 byte packets
1 * * *
9.W-displays information about the users currently on the machine, and their processes. The header shows, in this order, the current time, how long the system has been running, how many users are currently logged on, and the system load averages for the past 1, 5, and 15 minutes.
[fasil@smashtechl ~]# w
15:18:22 up 4:38, 3 users, load average: 0.89, 0.34, 0.19
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root :0 - 10:41 ?xdm? 24:53 1.35s /usr/bin/gnome-session
root pts/1 :0.0 10:58 1.00s 0.34s 0.00s w
root pts/2 :0.0 12:10 23:32 0.03s 0.03s bash
10. Nmap is designed to allow system administrators and curious individuals to scan large networks to determine which hosts are up and what services they are offering. nmap supports a large number of scanning techniques such as:UDP, TCP connect(), TCP SYN (half open), ftp proxy (bounce attack), ICMP (ping sweep), FIN, ACK sweep, Xmas Tree,SYN sweep, IP Protocol, and Null scan. See the Scan Types section for more details. nmap also offers a number of advanced features such as remote OS detection via TCP/IP fingerprinting, stealth scanning, dynamic delay and retransmission calculations, parallel scanning, detection of down hosts via parallel pings, decoy scanning, port filtering detection, direct (non-portmapper) RPC scanning, fragmentation scanning, and flexible target and port specification.
Significant effort has been put into decent nmap performance for non-root users. Unfortunately, many critical kernel interfaces (such as raw sockets) require root privileges. nmap should be run as root whenever possible (not setuid root, of course).
The result of running nmap is usually a list of interesting ports on the machine(s) being scanned (if any). Nmap always gives the port’s "well known" service name (if any), number, state, and protocol. The state is either"open", "filtered", or "unfiltered". Open means that the target machine will accept() connections on that port.Filtered means that a firewall, filter, or other network obstacle is covering the port and preventing nmap from determining whether the port is open. Unfiltered means that the port is known by nmap to be closed and no fire-wall/filter seems to be interfering with nmap’s attempts to determine this. Unfiltered ports are the common case and are only shown when most of the scanned ports are in the filtered state.
Depending on options used, nmap may also report the following characteristics of the remote host: OS in use, TCP sequentiality, usernames running the programs which have bound to each port, the DNS name, whether the host is a smurf address, and a few other--Network exploration tool and security scanners.
[fasil@smashtech ~]# nmap 52.194.69.152
Starting nmap 3.70 ( http://www.insecure.org/nmap/ ) at 2009-03-05 15:21 IST
Interesting ports on 52.194.69.152
(The 1658 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
No comments:
Post a Comment