Networking Commands for Linux

(1)Ifconfig:
The ifconfig command is a part of net-tools, a legacy Linux tool for configuring a network interface. Modern
distributions use the IP command, which works in a similar manner.
The ifconfig command is deprecated and replaced with ip and may not be included in the newer Linux distributions.
Examples: -
i) Run ifconfig with no arguments to print essential information about all active network interfaces:
ifconfig

The output shows crucial data about the network interfaces, like:
• The names of the active network interfaces. This system includes enp0s3 and lo (the loopback interface). Active
network interfaces differ from system to system.
• The hardware MAC address.
• The IP address (inet), netmask, and broadcast address.
• The MTU (Maximum Transmission Unit) value.

ii) to view the configuration of all network interfaces on the system (it shows both currently active and inactive interfaces
on the system), you can specify the -a option, like this:
ifconfig -a

iii) Use the -s flag with ifconfig to display a concise summary of every active interface:
ifconfig -s

iv) View IP Addresses

List all IP addresses related to the interfaces on the system by piping ifconfig with grep.
ifconfig | grep inet

v) View Network Interface Masks

Each interface has its assigned netmask. A netmask (or a subnet mask) refers to ranges of IP addresses divided into classes
( A, B, and C being the most common). Each class belongs to a default subnet mask. For instance:
• Class A IPs belong to the 255.0.0.0 netmask.
• Class B networks belong to the 255.255.0.0 netmask.
• Class C networks use the 255.255.255.0 netmask.
Note that the IP class doesn't fit into its default netmask in some cases.
To list netmasks used by active network interfaces, pipe the results with grep:
ifconfig | grep netmask
vi) View Transmission Errors
Print any transmission errors in the interface by filtering the output with grep:
ifconfig | grep errors
(2) ip command: -
IP stands for Internet Protocol and as the name suggests, the tool is used for configuring network interfaces.
Older Linux distributions used the ifconfig command, which operates similarly. However, ifconfig has a limited range of
capabilities compared to the ip command. It is a part of the iproute2 package.
sudo pacman -S iproute2
sudo apt-get install iproute2
sudo dnf install iproute2

How to Use the ip Command

ip [OPTION] OBJECT {COMMAND | help}
OBJECTS (or subcommands) that you will use most often include:
1. link (l) – used to display and modify network interfaces, such as wired connections and Wi-Fi adapters.
2. address (addr/a) – used to display and modify protocol addresses (IP, IPv6).
3. route (r) – used to display and alter the routing table. The rules that manage the routing of traffic sent to addresses via
interfaces (links).
4. neigh (n) – used to display and manipulate neighbor objects (ARP table).
i) Type the following command to list and show all ip address associated on on all network interfaces:
ip a
ip addr
ip address

ii) To list all network interfaces and the associated IP address, use the command:
ip addr show

To list the IPv4 addresses, use:

ip -4 addr
ip -4 a
To list IPv6 addresses type:
ip -6 addr
ip -6 a

To display the IP address of the individual network interface, just need to provide the network interface name as an
argument to the command.
Ip addr show dev ens33

### Only show ens33 interface ###

ip a show ens33
ip a list ens33
ip a show dev ens33

iii)Let’s use the --color (OR -c)option of the command to display the output in different colors:
[vmmc@manjaro ~]$ ip -c addr show
[vmmc@manjaro ~]$ ip --color addr show
[vmmc@manjaro ~]$ ip --c link show
[vmmc@manjaro ~]$ ip --c neigh show

iv) Get Network Interface Information

To see link-layer information of all available devices (which have a driver loaded) use the command:
ip link show

If you want it to display the information for one specific device, type in the following:
ip link show dev ens33
ip link show ens33

To see statistics for all network interfaces (details such as transferred or dropped packets, or even errors) use:
ip -s link

You can also see similar information for an individual network interface with:
ip -s link ls ens33

To see a list of only the running interfaces use:

ip link ls up

v) Show routing table

To display the contents of the routing tables:
ip r
ip r list
ip r show
ip route show
ip route list
ip r list [options]
ip route
 the output displays all of the route
entries in the kernel

In the above output, the first column represents the destination whereas the last column represents the source IP address.

To get the details of the local table with destination addresses assigned to the localhost.
ip route show table local

vi) Display neighbour/arp cache

This command is used to view the MAC address of the devices connected to your system.
ARP stands for the Address Resolution Protocol, which is used to find the MAC address associated with the particular IP
address.We can use the neigh object with the ip command to display the ARP cache:
ip n show
$ ip neigh show

vii) Displaying all Linux IP address

Want to find out the IP address assigned to all interfaces and display IP only? Try:
sudo ip -br -c addr show
sudo ip -br -c link show

(3) route
In computer networking, a router is a device responsible for forwarding network traffic. When datagrams arrive at a router,
the router must determine the best way to route them to their destination.
A routing table is a file containing information on how the information or packets should be transferred: the network path
to all nodes or devices within a network. It is a map used by routers and gateways to track paths.
the route command is used to view and make changes to the kernel routing table.
route command is part of the net-tools suite which includes ifconfig, iwconfig and other known tools to deal with
networking.
To see the version:
route -V
route --version

To set to verbose mode:

route -v

To display the IP/kernel routing table.

route

To get output related to IPv4.

ip -4 route

To get output related to IPv6.

ip -6 route

(4) traceroute
traceroute command in Linux prints the route that a packet takes to reach the host. It will tell us about all the
intermediate hops the data packet came across while traveling into the network to reach the destination host.The
traceroute is similar to the ping command but offers more detailed output. It traces the route from the origin to the target
system.
Let me start with the most basic one, where I will append the hostname to the traceroute command and it will show me
the list of routers (with IP) it took to reach the destination:
traceroute google.com

[root@localhost ~]# traceroute google.com

traceroute to google.com (172.217.163.46), 30 hops max, 60 byte packets
1 gateway (192.168.0.1) 2.930 ms 4.297 ms 4.274 ms
2 10.234.0.1 (10.234.0.1) 4.699 ms 5.515 ms 5.187 ms
3 vod.corp.us (202.10.11.43) 4.991 ms 4.842 ms 4.790 ms
4 24.11.145.5.static-vegas.nl.net.us (24.11.145.5) 7.530 ms 7.098 ms 6.899 ms
5 172.31.167.58 (172.31.167.58) 17.318 ms 16.652 ms 16.489 ms
6 14.140.100.6.static-vsnl.net.us (14.140.100.6) 16.250 ms 11.662 ms 9.417 ms
7 115.112.71.65.STDILL-vegas.nl.net.us (115.112.71.65) 12.219 ms 9.518 ms 11.715 ms
8 121.240.1.50 (121.240.1.50) 14.792 ms 10.419 ms 12.549 ms
9 74.125.242.145 (74.125.242.145) 12.190 ms 74.125.242.129 (74.125.242.129) 13.462 ms 74.125.242.145
(74.125.242.145) 11.730 ms
10 * * *
11 216.239.42.215 (216.239.42.215) 10.338 ms 9.545 ms 9.834 ms
12 maa05s01-in-f14.1e100.net (172.217.163.46) 9.484 ms 12.134 ms 11.207 ms

It took 12 routers to reach the destination and by default, it sent 3 packages to each one and returned the time it took to
respond. The first column corresponds to the hop count. The second column represents the address of that hop and after
that, you see three space-separated time in milliseconds. traceroute command sends three packets to the hop and each of
the time refers to the time taken by the packet to reach the hop.
The traceroute command displays the IP addresses through which the packets pass and the time taken by packets to reach
the destination.
There are three instances of time in milliseconds as traceroute sends three packets in each hop.
If the destination is not reached, it prints asterisks like in hop 10. It can be caused due to a firewall blocking the network.

Trace the route using IPv4

The -4 option enables only IPv4 tracerouting to a network host.
traceroute -4 golinuxcloud.com
Trace the route using IPv6
The -6 option allows you to use IPv6 protocol to trace the route to a network host.
traceroute -6 gtraolinuxcloud.com

Or alternatively we can also use traceroute6 as shown below:

traceroute6 2a00:8a00:4000:293::1e0

How to Use TCP SYN for Probes

If you want to use TCP SYN for probing the remote address then you need to use -T option with traceroute command:
[root@localhost ~]# traceroute -T google.com

How to Use ICMP Echo for Probes

If you want to use ICMP Echo for probing the remote address then you need to use -I option with traceroute command as
shown below. In this example, we are tracing the path of google.com address using ICMP Echo by running traceroute -I
google.com command.
[root@localhost ~]# traceroute -I google.com

(5) tracepath
Tracepath traces the path to a specified destination using UDP packets. Without any options, the command outputs:
TTL (Time To Live) round-trip time for a packet.
MTU (Maximum Transmission Units) or the largest packet that tracepath can send over the network.
The resolved domain name when possible.

Traceroute maps the network path to a designated destination. Without any options, the command sends UDP packets
and prints:
The TTL round-trip time for three packets.
Maximum hop number and packet size in bytes.
IP address and resolved domain name when possible.
In the following example using tracepath command we are trying to trace path to destination for google.com.
tracepath www.google.com

tracepath -b: This option print both of host names and IP addresses.
tracepath -b www.google.com

(6) ping
Ping is mainly used to check if a remote host is reachable or not. The remote host could be a web server, your router or a
system on your local network.
PING (Packet Internet Groper) command is used to check the network connectivity between host and server/host. This
command takes as input the IP address or the URL and sends a data packet to the specified address with the message
“PING” and get a response from the server/host this time is recorded which is called latency. Fast ping low latency means
faster connection. Ping uses ICMP(Internet Control Message Protocol) to send an ICMP echo message to the specified
host if that host is available then it sends ICMP reply message. Ping is generally measured in millisecond.

Installing ping on Linux

The ping command is part of the iputils package. This package is readily available in almost any Linux distribution by
default.However, if you do not have ping installed on your machine, run the command:
sudo apt-get install iputils-ping -y

PING Version:
To get ping version installed on your system.
sudo ping -V <= Note that here V is in capital letter

Using PING:
ping www.geeksforgeeks.org
To stop pinging we should use ctrl+c otherwise it will keep on sending packets.
Controlling the number of pings:
Earlier we did not define the number of packets to send to the server/host. By using -c option we can do so. For example,
to send 5 packets to www.geeksforgeeks.org use below command
ping -c 5 www.geeksforgeeks.org

As an alternative, you can use the -w option to stop the ping after a number of seconds instead of specifying the packet
number. By default, a ping waits one second between each packet sent.
ping -w 10 www.geeksforgeeks.org

Change the interval between packets.By default, a ping waits one second between each packet sent. If you want to
increase or decrease the time between packets sent, you can use the -i option with ping.[4]
• To increase the wait to 3 seconds between packets in your ping to Facebook, you'd use
ping -i 3 facebook.com
• To decrease the wait to half of one second, you'd use
ping -i 0.5 facebook.com

Change the size of your packets.By default, ping packets are 56 bytes, which actually translates to 64 ICMP data
bytes.[5] You can send larger or smaller packets using the -s option.
• For example, if you're running into performance trouble on your own network, you can try to send larger packets to
see if your traffic is throttled. To send 1000 bytes instead of the default, you'd use
ping -s 1000 facebook.com

Do a ping flood to test your network's performance.A great way to see how your network performs under heavy load is to
"flood" a device on your network with ping requests. This outputs packets as fast as they return or 100 times per second,
whichever is greater.[6] You can do this using the -f option.
• Proceed with caution, as a ping flood can overload your network.
• Because you'll need root access to do a ping flood, you'll need to preface the command with sudo.
• To perform a flood ping, use sudo ping -f <hostname>.
Skip the live echo responses and only display the summary.If you don't want to see the live results of your ping and only
need the statistics, you can use the -q command. For example, ping -q facebook.com.
• However, you won't see the statistics at all until you press Ctrl + C. Because of this, you'll usually use -q in
conjunction with specifying the number of packets to send. A better way to use -q is with the -c flag, which allows
you to specify the number of packets to send. For example:
ping -c 5 -q facebook.com
• In this example, you'll send 5 packets of data to Facebook only. Once the packets are sent and the echoes are
received, the statistics will appear.

Ping Verbose Output: You can enable verbose output using the -v flag, as follows.
[vmmc@manjaro ~]$ ping -v www.google.com

ping “localhost” to Check Local Network

If you encounter issues reaching a website or a remote machine, you can ping localhost to confirm you have a network
connection. Use one of the three ways to check the local network interface:
ping 0 – This is the quickest way to ping localhost. Once you type this command, the terminal resolves the IP address
and provides a response.
OR
ping localhost – You can use the name to ping localhost. The name refers to your computer, and when we use this
command, we say: “ping this computer.”

Specifying the Internet Protocol Version

If you run the ping command, it will default to the protocol version of local machine. However, you can force ping to use
either IPv4 or IPv6 using the -4 and -6 respectively.
Fore example, to use IPv4, run:
ping -4 www.wikihow.com

For IPv6, run:

ping -6 www.wikihow.com
(7) mtr
The name is a shorthand for My Traceroute, also known as Matt’s Traceroute.
mtr is a networking tool that combines ping and traceroute to diagnose a network. Instead of using both tools separately,
we could use only mtr. The purpose of mtr is to analyze the network traffic hop-to-hop using ICMP packets.
Once you run mtr, it probes the network connection between the local system and a remote host that you have specified.
It first establishes the address of each network hop (bridges, routers and gateways etc.) between the hosts, it
then pings (sends a sequence ICMP ECHO requests to) each one to determine the quality of the link to each machine.
During the course of this operation, mtr outputs some useful statistics about each machine – updated in real-time, by
default.

The simplest example of using mtr is to provide the domain name or IP address of the remote machine as an argument, for
example google.com or 216.58.223.78. This command will show you a traceroute report updated in real-time, until you
exit the program (by pressing q or Ctrl + C).
$ mtr google.com
OR
$ mtr 216.58.223.78

If you would like mtr to display both host names as well as numeric IP numbers use the -b flag as shown.
$ mtr -b google.com

The default interval between ICMP ECHO requests is one second, you can specify interval between ICMP ECHO requests by
changing the value using the -i flag as shown.
$ mtr -i 2 google.com

You can use TCP SYN packets or UDP datagrams instead of the default ICMP ECHO requests as shown.
$ mtr --tcp baeldung.com
OR
$ mtr --udp baeldung.com
To specify the maximum number of hops (default is 30) to be probed between the local system and the remote machine,
use the -m flag.
$ mtr -m 35 216.58.223.78
$ mtr -m 35 baeldung.com

Maximum TTL
We might want to check the first five hops or nodes instead of all along the path. To do this, we can use the -m option to
limit the nodes that we want to investigate:
$ mtr -m 5 baeldung.com

Report Mode
Instead of looking at the screen all the time, we can let mtr do the job for a while and read the result later with the -
r option:
$ mtr -r baeldung.com

Cycle
By default, mtr sends 10 packets in the report mode, but we could change the packets we send with the -c option:
$ mtr -r -c 15 baeldung.com

(8) dig / nslookup / host

dig: dig command stands for Domain Information Groper. It is used for retrieving information about DNS name servers. It
is basically used by network administrators. It is used for verifying and troubleshooting DNS problems and to perform DNS
lookups. Dig command replaces older tools such as nslookup and the host.

DNS Records
The information returned to your dig requests is pulled from different types of records held on the DNS server. Unless we
ask for something different, dig queries the A (address) record. The following are the types of records commonly used
with dig:
 • A Record: Links the domain to an IP version 4 address.
• MX Record: Mail exchange records direct emails sent to domains to the correct mail server.
• NS Record: Name server records delegate a domain (or subdomain) to a set of DNS servers.
• TXT Record: Text records store text-based information regarding the domain. Typically, they might be used to
suppress spoofed or forged email.
• SOA Record: Start of authority records can hold a lot of information about the domain. Here, you can find the
primary name server, the responsible party, a timestamp for changes, the frequency of zone refreshes, and a series
of time limits for retries and abandons.
• TTL: Time to live is a setting for each DNS record that specifies how long a DNS precursor server is allowed to cache
each DNS query. When that time expires, the data must be refreshed for subsequent requests.
• ANY: This tells dig to return every type of DNS record it can.

To query domain “A” record

dig geeksforgeeks.org

A record refers to IPV4 IP.

Similarly, if record type is set as “AAAA”, this would return IPV6 IP.

To query domain “A” record in less output.you can use following commands
dig geeksforgeeks.org +short
dig geeksforgeeks.org +nocomments
dig geeksforgeeks.org +noall +answer
dig howtogeek.com +noall +answer +stats

To query all DNS record types

dig geeksforgeeks.org ANY
By default, dig command will query the name servers listed in “/etc/resolv.conf” to perform a DNS lookup. We can
change it by using @ symbol followed by a hostname or IP address of the name server.
dig geeksforgeeks.org @8.8.8.8
Reverse DNS Lookup
To query the hostname associated with a specific IP address use the -x option.For example, to perform a reverse lookup
on 208.118.235.148 you would type:
dig -x 208.118.235.148 +noall +answer

Note: DNS reverse look up will work only if the entry is present PTR.
PTR contents can be viewed using the command “dig -x xx.yy.zz.aa”

nslookup
Nslookup (stands for “Name Server Lookup”) is a useful command for getting information from the DNS server. It is a
network administration tool for querying the Domain Name System (DNS) to obtain domain name or IP address mapping
or any other specific DNS record. It is also used to troubleshoot DNS-related problems.
The nslookup command can be used in two modes: interactive and non-interactive. To initiate the nslookup interactive
mode, type the command name only:
nslookup

The prompt that appears lets you issue multiple server queries.

For example, you can type a domain name and receive information about it.
www.google.com
After nslookup outputs the information, it provides another prompt.
In interactive mode, specify an option in a separate line before the query. Precede the option with set:
set [option]

To exit interactive mode, type:

exit

Using nslookup non-interactively

nslookup wikipedia.org
To validate the results on a different DNS server, append the name of the server to the end of the command. This example
requests the IP address of wikipedia.org directly from a Wikipedia name server. The response contains the authoritative
answer for the domain.
nslookup wikipedia.org ns0.wikimedia.org

How to Use nslookup for Reverse Lookups

Although nslookup can find the IP address for a domain, it can also reveal the domain mapped to an IP address. This is
referred to as a reverse DNS lookup. To perform a reverse lookup, apply the nslookup command to the IP address under
investigation. The following example illustrates how to find the domain that is mapped to the address 91.198.174.192.
Note:The output displays the IP address in reverse order, so 91.198.174.192 is transposed to 192.174.198.91 in the display.
The octets are presented in reverse order due to complex technical reasons involving the in-addr.arpa domain tree
specification.
nslookup 91.198.174.192
192.174.198.91.in-addr.arpa name = text-lb.esams.wikimedia.org.

Authoritative answers can be found from:

A second alternative is to use the -type=ptr option and the address in reverse order to find the domain. The pointer record
confirms the domain owns the address in question.
nslookup -type=ptr 192.174.198.91.in-addr.arpa

Other nslookup examples

Specify the type of record to search for using the type option. Add the option -type=option_type directly after
the nslookup directive and before any domain name. Replace option_type with the name of the record type.
nslookup -type=ns wikipedia.org
nslookup -type=mx wikipedia.org
nslookup -type=soa wikipedia.org
nslookup -type=txt wikipedia.org
nslookup -type=any google.com
To debug the information from nslookup, use the -debug flag. Debug mode displays the queries sent to the DNS server
along with the replies received in response.
nslookup -debug wikipedia.org

host
The main purpose of the host command is to resolve the hostnames to IP addresses and vice-versa. There are so many
query types like NS(name server), SOA(start of authority), TXT(text), MX(mail exchange), and so on. These query types are
used with the host command to resolve the hostnames or IP addresses. You can also use the reverse
lookup to resolve the hostnames or IP addresses of servers.

host google.com

host IP_Address: This will display the domain details of the specified IP Address.Example:
host 52.25.109.230

Find All Information of Domain Records and Zones

To make a query of Domain name type ANY, use the -a (all) option which is equivalent to setting the -v option.
host -a google.com
host -a google.com
host -v -a google.com
host -v -a www. google.com

Find Domain Name Servers

To find out the domain name servers use the -t option.
host -t ns google.com
host -t cname mail.google.com
host -n -t mx google.com
host -t txt google.com
host -C google.com <= To Find Domain SOA Record
Query Particular Name Server
host google.com ns4.google.com

Use Either IPv4 or IPv6

The -4 or -6 option forces host to use only IPv4 or only IPV6 query transport respectively.
$ host -4 google.com
OR
$ host -6 google.com

-R : In order to specify the number of retries you can do in case one try fails. If anyone try succeeds then the command
stops.Example:
host -R 3 geeksforgeeks.org

hostname -i <= Display the IP address of the host

hostname <= Outputs the name of your computer

Change hostname temporarily:

Below command only temporarily change the name and it will revert once the system is rebooted. For example, to change
the hostname to linuxconfig:
$ hostname linuxconfig
Check the changes by just typing hostname:
$ hostname
===================================================================================================
To check the details about your computer (OS) you can run following command:
[vmmcadmin@manjaro ~]$ hostnamectl

====================================================================================================
nmap: The Nmap aka Network Mapper is an open source and a very versatile tool for Linux. nmap command is use for
following purposes :
Real time information of a network,
Detailed information of all the IPs activated on your network,
Number of ports open in a network,
Provide the list of live hosts
Port, OS and Host scanning

It was originally written by Gordon Lyon and it can answer the following questions easily:
1. Find running computers on the local network
2. What IP addresses did you find running on the local network?
3. Discover the operating system of your target machine
4. Find out what ports are open on the machine that you just scanned?
5. See if the system is infected with malware or virus.
6. Search for unauthorized servers or network service on your network.
7. Locate and remove computers which don’t meet the organization’s minimum level of security.
For more details check below websites: -
Nmap Command in Linux with Examples - GeeksforGeeks
29 Practical Examples of NMAP Commands for Linux System/Network Administrators (tecmint.com)
nmcli: nmcli is a command-line tool for controlling NetworkManager. nmcli command can also be used to display network device status,
create, edit, activate/deactivate, and delete network connections.
It Can be used to control NetworkManager with no GUI and control system-wide connections.
Note:-The nmcli command is part of the NetworkManager package. NetworkManager provides the default network service on Linux. To know
whether the NetworkManager service is running or not, you can use the following command.
# nmcli -t -f RUNNING general

you can run any one of the command below to display both active and inactive interfaces(devices).
nmcli device status
nmcli dev status
nmcli d
nmcli device
nmcli d show
nmcli d s

To display all the active network interfaces on your Linux system you can execute any one of the following command.
nmcli connection show
nmcli con show
nmcli c s
nmcli connection
nmcli c
nmcli con

Alternatively, you can run the command:

nmcli connection show --active

Using the -p (pretty) option, you can display the output in a more human-readable format where the values and headers
are well aligned.
nmcli -p device
nmcli -p dev
(9) ss and netstat commands
The ss command: -
ss (socket statistics) is a command-line utility to investigate sockets in the Linux system. It displays similar or
more detailed information to netstat command.
ss (socket statistics) is a command-line utility to investigate sockets in the Linux system. It displays similar information
to netstat command. It can show more TCP and state information.

The ss command output contains the following column headers.

Netid - It shows the type of sockets. For example, u_str (Unix stream), icmp6, tcp, udp, etc. It’s common to see a lot
of u_str in this column, which is stream socket. Other types include IPv6 or ICMP sockets.
ALSO READ:10+ cmp command examples in Linux [Cheat Sheet]
State - The state of the connection. Only useful for TCP connections since UDP is a stateless protocol.
• ESTAB: Established connection,
• UNCONN: Unconnected connection,
• LISTEN: Listening connection(Non-Established connection)
Recv-Q - The count of bytes not copied by the user program connected to this socket.
Send-Q - The count of bytes not acknowledged by the remote host.
Local Address:Port - The address and port of local machine.
Peer Address:Port - The address and port of remote machine(The remote socket and port number used for a connection).
Process - In this column, you will find additional information when relevant options are used.

Different examples to use ss command

In this article, we have presented the tutorial on how to use ss command with the most used practical examples.

The general syntax of ss command is:

$ ss [option]
Some of the important options in ss command are:

-a: To display all sockets

-l: To display only listening (waiting or non-established) sockets
-t: To display only TCP sockets
-u: To display only UDP sockets
-x: To display only UNIX domain sockets
-m: To display socket memory usage
-s: To display summary statistics
-w: --raw Display RAW sockets.

ss commands:
$ ss <=ss without any option to print all connected sockets in the system.

$ ss -a
OR With -a or --all option, you can view all the listening and non-listening
$ ss --all connections in the system.

ss -at
OR use -t or --tcp option to filter the output with TCP connections.
$ ss -a --tcp

ss -au
OR use -u or --udp option to view only UDP connections in the output.
$ ss -a --udp

ss -ltu to view the listening TCP and UDP sockets in the system
ss -x
OR use -x or --unix option to display only UNIX domain sockets in the system.
$ ss --unix

ss -a4
OR use -4 or --ipv4 option with to list IPv4 sockets in the system.
$ ss -a --ipv4

$ ss -a6
OR use -6 or --ipv6 option with to list IPv4 sockets in the system.
$ ss -a --ipv6

ss -p To display the Process IDs related to socket connections, use the -p flag as shown.

ss -s To list the summary statistics, use the -s option.

To list currently established TCP sockets, use the -t option. If you also want to list listening (non-established)
TCP sockets, use -t -a. Replace -t with -u for UDP sockets.

ss -t To list currently established TCP sockets

ss -at -p To list all TCP sockets (both established and listening(non-established)) and
processes using the socket.
ss -aup To list all UDP sockets and processes using the socket.

ss -axp To list all UNIX domain sockets and processes using the socket.
netstat command: -
netstat (network statistics) is a command-line utility in the Linux system to display network connections, routing tables,
interface statistics, masquerade connections, and multicast memberships. netstat prints information about the Linux
networking subsystem.
Network sockets can either be connected or waiting for a connection. The connections use networking protocols
like Transport Control Protocol (TCP) or User Datagram Protocol UDP. They use Internet Protocol addresses and network
ports to establish connections. A socket is a software construct used to handle one end of a network data connection.
you can think of a socket as either being connected or waiting (which is often called listening). The listening socket is called
the server, and the socket that requests a connection with the listening socket is called a client.
The netstat command lets you discover which sockets are connected and which sockets are listening. Meaning, it
tells you which ports are in use and which processes are using them. It can show you routing tables and statistics about
your network interfaces and multicast connections.

By default netstat command shows only connected sockets. But we can use -a option to display other sockets as well.We
can use -l command to display listening sockets.

netstat -a
all the active network connections ( Listening and Non-Listening sockets) including TCP, UDP, and UNIX

netstat -at
the list of all the TCP network connections.

netstat -au
the list of all active UDPs.

netstat -aw
the state of all raw network connections of your system using the option –raw or -w with the netstat command
netstat -l
display the list of the listening ports of your network with the netstat command. Type the option --listening or -l with the
netstat command.

netstat -lt
the list of only TCP listening ports

netstat -lu
display only UDP listening ports

netstat -lx
display the list of all listening UNIX ports, use the option -l for listening and -x for UNIX.
The UNIX sockets allow processes to communicate with each other locally, and within the system through a file-based
interface.

netstat -a -p --unix
list your own machine local unix sockets

netstat -vatn
To display open ports and established TCP connections

netstat -vaun
To display only open UDP ports try the following command

netstat -r
display the Kernel routing table using the netstat command in Linux. The routing table is a data structure used by Kernel
that stores information about the routes to various network destinations. It is an important part of the network stack that
helps to make routing decisions for all network packets which pass through the kernel. To view the routing table use the
option -r with the netstat command

netstat -s
The statistics of all ports of the network generally refers to gathering and analyzing data about the usage and
performance of all the network ports on the device. These data include information about the number of packets sent or
received, the amount of data transferred, the number of errors and collisions, etc. You can display the statistics of all ports
using the netstat command with the option -s. The command displays the statistics of IP, ICMP, TCP, and UDP protocols by
default.

netstat -st
netstat -su
netstat -s --ip
netstat -s --raw
to view the statistics of TCP, UDP, IP, and raw protocols respectively.

netstat -ant
here option -n tells to display ip address in place of resolving to hostnames for faster response.
As usual here -a for all active connections with -t for TCP protocol.

netstat -W
To view full IP address use -W option(--wide)

netstat --verbose
List of All Supportive and Non-Supportive Address Families in the System. if check the full list, from the bottom of the list
you will the list of all non-supported address families

netstat -ntlpu
Display Listening TCP and UDP connections.This is one of the most used commands by system administrators to check the
list of listening TCP and UDP ports on any Linux server. We can combine following arguments for this purpose:

-n: Show numerical addresses instead of trying to determine symbolic host, port or user names.
-t: Show TCP connections
-u: Show UDP connections
-p: Show the PID and name of the program to which each socket belongs
-l: Show only listening sockets

netstat -lnptu | grep LISTEN

network system port number list which is in LISTEN state. These ports are actively listening for incoming traffic and are
ready to be connected with other devices.

netstat -i
list of all your network interfaces.

netstat -ie
To show thorough and detailed information about all your active network interfaces.It is simillat to ifconfig command.

sudo netstat -p
Displaying service name with their PID number

netstat -lp
Find all listening program
======================================================================
What is a socket: -
A socket is a pseudo-file that represents a network connection. Once a socket has been created (identifying the other host
and port), writes to that socket are turned into network packets that get sent out, and data received from the network can
be read from the socket.
Sockets are a way to enable inter-process communication between programs running on a server, or between
programs running on separate servers. Communication between servers relies on network sockets, which use the Internet
Protocol (IP) to encapsulate and handle sending and receiving data.
Network sockets on both clients and servers are referred to by their socket address. An address is a unique
combination of a transport protocol like the Transmission Control Protocol (TCP) or User Datagram Protocol (UDP), an IP
address, and a port number.

Types of Socket:
1. Datagram Sockets: Datagram sockets allow processes to use the User Datagram Protocol (UDP). It is a two-way flow of
communication or messages. It can receive messages in a different order from the sending way and also can receive
duplicate messages. These sockets are preserved with their boundaries.Unlike stream sockets, datagram sockets do not
establish a permanent connection between two interacting processes. Instead, each packet is an independent datagram, a
self-contained message whose arrival or integrity is not guaranteed. The socket type of datagram socket is SOCK_DGRAM.
Applications usually employ datagram-oriented UDP sockets when they require low overhead or real-time
communication. For example, online gaming and VoIP use UDP because they prioritize the speed of information exchange
over the integrity of the information.

2. Stream Sockets: Stream socket allows processes to use the Transfer Control Protocol (TCP) for communication. A stream
socket provides a sequenced, constant or reliable, and two-way (bidirectional) flow of data. After the establishment of
connection, data can be read and written to these sockets in a byte stream.Stream-oriented sockets are mainly used in
TCP/IP communication. Since TCP is a connection-oriented protocol, the stream sockets establish a persistent connection
between two communicating processes. The socket type of stream socket is SOCK_STREAM.
The data packets sent over stream sockets arrive reliably and in the correct order, making this socket type suitable for
web and email servers.

3. Raw Sockets: Raw Socket provide user access to the Internet Control Message Protocol (ICMP). Raw sockets are not
used for most applications. These sockets are the same as the datagram oriented, their characteristics are dependent on
the interfaces. They provided support in developing new communication protocols or for access to more facilities of an
existing protocol. Only the superusers can access the Raw Sockets. The socket type of Raw Socket is SOCK_RAW.
Network applications that need a high level of control over communication, such as ping and traceroute, require raw
sockets to function correctly. However, since raw sockets provide easy access to the link layer, their extensive use can be a
security concern.

4. Sequenced Packet Sockets: Sequenced Packet Sockets are similar to the stream socket, with the exception that record
boundaries are preserved in-stream sockets. The given interface in this section is of Network System ( NS) that has an
abstraction of Sockets and is ordered in all the applications. The Sequenced Packet Sockets enable the user to multiply the
sequence packet protocol or some IDP (Internet Datagram Protocol) which heads on the packet or a packet group by
writing in the header of the prototype along with the data that has been sent. The socket type of Sequenced Packet Socket
is SOCK_SEQPACKET.

netstat -a -p --unix
list your own machine local unix sockets

netstat -vatn
To display open ports and established TCP connections

netstat -vaun
To display only open UDP ports try the following command
ss -at -p To list all TCP sockets (both established and listening(non-established)) and
processes using the socket.
ss -aup To list all UDP sockets and processes using the socket.

ss -axp To list all UNIX domain sockets and processes using the socket.
======================================================================
Installing Networking command tools:
i) ifconfig, netstat, route are all part of net-tools. To install net-tools
sudo apt install net-tools
pacman -S net-tools
dnf install net-tools

Debian Error: bash: ifconfig: command not found

Solution:
a) run
/sbin/ifconfig
/sbin/route

b) to resolve the error permanently add the /sbin/ directory to the PATH variable
Using sudo or the entire path to the command works but is not practical in the long term. When a user needs to run
ifconfig multiple times, it's best to add the /sbin/ directory to the PATH variable permanently.
To update the PATH variable, follow these steps:
(Note- Here donot use sudo or root or change user in below commands-)
nano ~/.bashrc

Scroll to the end of the file and add:

export PATH=/usr/sbin:$PATH
Now press Ctrl+X and press Y followed by Enter to save the file
Next, Close the Terminal and open it again.

ii) Installing DNS lookup utilities: dig,host

sudo apt install dnsutils
sudo yum install bind-utils
sudo pacman -S bind

iii) Installing other network utilities:

ifplugstatus - apt/dnf/(pacman -S) install ifplugd
tracepath - apt-get install iputils-tracepath
In fedora and manjaro it is already installed
ip- provided by iproute2 / sudo apt-get/dnf/(pacman -S) install iproute2
traceroute- sudo apt/(pacman -S) install traceroute
tracepath - apt-get install iputils-tracepath OR apt install tracepath / pacman -S tracepath
mtr- in Fedora it is pre-installed / apt/(pacman -S) install mtr
namp- apt/dnf/(pacman -S) install nmap
nmcli- all os has it pre-installed
ss- all os has it pre-installed
iperf- apt/dnf install iperf / pacman -S iperf iperf3
iftop- apt/dnf/(pacman -S) install iftop
tcpdump- in fedora it is pre-installed / apt/(pacman -S) install tcpdump
whois- in fedora it is pre-installed / apt/(pacman -S) install whois
vnstat - apt/dnf/(pacman -S) install vnstat
====================================================================================================
List of some useful website: -
How do I update and upgrade my AUR packages? (using yay) : r/archlinux
21 Basic Linux Networking Commands You Should Know
How to Use the ip Command on Linux
Linux ip Command Examples - nixCraft
The “ping” Command in Linux [9 Practical Examples]
How to Use the Ping Command in Linux: Tutorial with Examples
PING Command in Linux with examples - GeeksforGeeks
MTR - A Network Diagnostic Tool for Linux
The mtr Command in Linux | Baeldung on Linux
How to Use All Linux’s Search Commands
How to Use the dig Command on Linux
Dig Command in Linux (DNS Lookup) | Linuxize
A Complete Guide to the nslookup Command | Linode Docs
Nslookup Command in Linux with Examples - GeeksforGeeks
Useful 'host' Command Examples for Querying DNS Lookups
How to change hostname on Linux - Linux Tutorials - Learn Linux Configuration
29 Practical Examples of NMAP Commands for Linux System/Network Administrators
How to Configure IP Networking with nmcli Command in Linux
12 ss Command Examples to Monitor Network Connections
Using ss command on Linux - Linux Tutorials - Learn Linux Configuration
How to Use the ss Command on Linux
20 netstat command examples in Linux [Cheat Sheet] | GoLinuxCloud
The “netstat” Command in Linux [22 Practical Examples]
Difference Between Unix and TCP/IP Sockets | Baeldung on Linux
What is Linux Socket And How Linux Uses Sockets
Top 20 Linux Networking Commands | FOSS Linux
Nmap Command in Linux with Examples - GeeksforGeeks
nmcli command in Linux with Examples - GeeksforGeeks
route command in Linux with Examples - GeeksforGeeks
17 traceroute command examples to Identify Network Problems in Linux/Unix | CyberITHub
10+ traceroute command in Linux [Cheat Sheet] | GoLinuxCloud
tracepath command in Linux with Examples - GeeksforGeeks
Linux ifconfig Command Explained With 19 Practical Examples (phoenixnap.com)
How to Use the ip Command to Manage Networks in Linux (makeuseof.com)
Linux ip Command Examples - nixCraft (cyberciti.biz)
netstat vs ss usage guide on Linux | ComputingForGeeks
4 ways to fix ip: command not found - howtouselinux
How to Use the ip Command on Linux (howtogeek.com)
Linux IP Command Ultimate Tutorial with 31 Examples (phoenixnap.com)
Linux Ping Command With Examples (phoenixnap.com)
How to Test Your Internet Speed Bidirectionally from Command Line Using 'Speedtest-CLI' Tool (tecmint.com)
How to Test Network Speed in Linux {9 Tools} | phoenixNAP KB

====================================================================================================
(10) speedtest-cli & fast-cli
Speedtest-cli
Install:
Install speedtest-cli Using Package Manager
$ sudo apt-get install speedtest-cli

------ On RHEL/CentOS/Fedora ------

$ sudo yum install speedtest-cli
$ sudo dnf install speedtest-cli

Manjaro/Arch Linux users:

sudo pacman -Syy speedtest-cli

Debian users:
sudo apt install speedtest-cli
• Using PIP:
sudo pip install speedtest-cli

Testing Linux Internet Connection Speed with speedtest-cli

1. To test the Download and Upload speed of your internet connection, run the speedtest-cli command without any
argument as shown below.
$ speedtest-cli

2.Share your bandwidth speed with your friends or family. You are provided with a link that can be used to download an
image.
$ speedtest-cli --share

3.Don’t need any additional information other than Ping, Download, and Upload?
$ speedtest-cli --simple
4.List the speedtest.net server-based upon physical distance. The distance in km is mentioned.
$ speedtest-cli --list

5. The last stage generated a huge list of servers sorted on the basis of distance. How to get desired output? Say I only
want to see the speedtest.net server located in Mumbai (India).
$ speedtest-cli --list | grep -i Mumbai

6.Test connection speed against a specific server. Use Server Id generated in example 5 and example 6 in above.
$ speedtest-cli --server 23647 ## Here server ID 23647 is used in the example.

7. To check the version number and help of speedtest-cli a tool.

$ speedtest-cli --version
$ speedtest-cli --help

The Website:
Speedtest CLI: Internet speed test for the command line

Installing SPEEDTEST® CLI in Ubuntu/Debian/Linuxmint

## If migrating from prior bintray install instructions please first...
# sudo rm /etc/apt/sources.list.d/speedtest.list
# sudo apt-get update
# sudo apt-get remove speedtest
## Other non-official binaries will conflict with Speedtest CLI
# Example how to remove using apt-get
# sudo apt-get remove speedtest-cli
sudo apt-get install curl
curl -s https://packagecloud.io/install/repositories/ookla/speedtest-cli/script.deb.sh | sudo bash
sudo apt-get install speedtest
Installing SPEEDTEST® CLI in Fedora/Cent OS/Red Hat
## If migrating from prior bintray install instructions please first...
# sudo rm /etc/yum.repos.d/bintray-ookla-rhel.repo
# sudo yum remove speedtest
## Other non-official binaries will conflict with Speedtest CLI
# Example how to remove using yum
# rpm -qa | grep speedtest | xargs -I {} sudo yum -y remove {}
$ curl -s https://packagecloud.io/install/repositories/ookla/speedtest-cli/script.rpm.sh | sudo bash
$ sudo yum install speedtest

Using fast-cli to Test Internet Speed

Fast is a lightweight CLI utility based on the web speed test fast.com. The test uses Netflix servers to provide results.
Fast-cli is simple to use, but you need the node package manager (NPM) on your machine. The package comes
with Nodejs.
GitHub - nodesource/distributions: NodeSource Node.js Binary Distributions

++++++++++++++++Not Required as nodejs and npm are now available in deb official repo+++++++++++++++++++++++++
Node.js Current (v20.x):
curl -fsSL https://deb.nodesource.com/setup_current.x | sudo -E bash - &&\
sudo apt-get install -y nodejs
Node.js LTS (v18.x):
Using Ubuntu
curl -fsSL https://deb.nodesource.com/setup_lts.x | sudo -E bash - &&\
sudo apt-get install -y nodejs

root@debian:/home/vmdeb/Downloads# curl -fsSL https://deb.nodesource.com/setup_current.x | sudo -E bash - &&\

> sudo apt-get install -y nodejs
+++++++++++++++++++++Please check the next page for install instructions+++++++++++++++++++++++++++++++++++++
Installing:
i) Debian
sudo apt update
sudo apt install nodejs npm

Then rebbot the system and type below command to install fast
npm install --global fast-cli

For Manjaro-
yay fast-cli

For Fedora/Cent OS
[root@fedora vmfc]# sudo dnf install nodejs npm
[root@fedora vmfc]# npm -V
[root@fedora vmfc]# sudo reboot
[vmfc@fedora ~]$ su
Password:
[root@fedora vmfc]# npm install --global fast-cli

To test the download speed, enter:

fast

To show both the download and upload speed, add the -u option:
fast -u