LINUX: best Networking and Troubleshooting Commands

network-performance-monitoring

dns-troubleshooting
Following is the list of natively available troubleshooting commands.

=========================OR=================================

=====================OR==============================

hostname

Hostname command is used to view the hostname of the machine and to set the hostname.

hostname
You can use the hostname command to set a new hostname for the machine. For example,

sudo hostname temp.com

If you set the hostname using “hostname” command, when you restart the machine, the hostname will change to the name specified in the hostname file ( eg: /etc/hostname).

So if you want to change the hostname permanently, you can use the /etc/hosts file or relevant hostname file present on the server.

1. For ubuntu machines, you can change it in the** /etc/hostname** file.
2. For RHEL, CentOS and Fedora you can change it in the /etc/sysconfig/network file . ## host Host command is for the reverse lookup of IP or a DNS name.

For example, If you want to find a DNS attached with an IP you can use the host commands as follows.

host 8.8.8.8

You can also do the reverse to find the IP address associated with the domain name. For example,

host devopscube.com

ping

The ping networking utility is used to check if the remote server is reachable or not. It is primarily used for checking the connectivity and troubleshooting the network.

It provides the following details.

1. Bytes sent and received
2. Packets sent, received, and lost
3. Approximate round-trip time (in milliseconds) Ping command has the following syntax.

ping <IP or DNS>

For example,

ping devopscube.com
To ping IP address

ping 8.8.8.8

If you want to limit the ping output without using ctrl+c, then you can use the “-c” flag with a number as shown below.

ping -c 1 devopscube.com

curl

Curl utility is primarily used to transfer data from or to a server. However, you can use it for network troubleshooting.

For network troubleshooting, curl supports protocols such as DICT, FILE, FTP, FTPS, GOPHER, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, MQTT, POP3, POP3S, RTMP, RTMPS, RTSP, SCP, SFTP, SMB, SMBS, SMTP, SMTPS, TELNET and TFTP

For example, curl can check connectivity on port 22 using telnet.

curl -v telnet://192.168.33.10:22

You can check the FTP connectivity using curl.

curl ftp://ftptest.net 

You can troubleshoot web server connectivity as well.

curl http://devopscube.com -I

wget

The wget command is primarily used to fetch web pages.

You can use wget to troubleshoot network issues as well.

For example, you can troubleshoot proxy server connections using wget.

wget -e use_proxy=yes http_proxy=<proxy_host:port> 

http://externalsite.com

You can check if a website is up by fetching the files.

wget www.google.com

ip (ifconfig)

ip command is used to display and manipulate routes and network interfaces. ip command is the newer version of ifconfig. ifconfig works in all the systems, but it is better to use ip command instead of ifconfig.

Let’s have a look at a few examples of ip command.

Display network devices and configuration

ip addr

You can use this command with pipes and grep to get more granular output like the IP address of the eth0 interface. It is very useful when you work on automation tools that require IP to be fetched dynamically.

The following command gets the IP address of eth0 network interface.

ip a | grep eth0  | grep "inet" | awk -F" " '{print $2}'

Get details of a specific interface

ip a show eth0

You can list the routing tables.

ip route
ip route list

arp

ARP (Address Resolution Protocol) shows the cache table of local networks’ IP addresses and MAC addresses that the system interacted with.

arp
Example output,

8.## ss (netstat)
The ss command is a replacement for netstat. You can still use the netstat command on all systems.

Using ss command, you can get more information than netstat command. ss command is fast because it gets all the information from the kernel userspace.

Now let’s have a look at a few usages of ss command.

Listing all connections
The “ss” command will list all the TCP, UDP, and Unix socket connections on your machine.

Filtering out TCP, UDP and Unix sockets
If you want to filter out TCP , UDP or UNIX socket details, use “-t” “-u” and “-x” flag with the “ss” command. It will show all the established connections to the specific ports. If you want to list both connected and listening ports using “a” with the specific flag as shown below.

List all listening ports

To list all the listening ports, use “-l” flag with ss command. To list specific TCP, UDP or UNIX socket, use “-t”, “-u” and “-x” flag with “-l” as shown below.

List all established

To list all the established ports, use the state established flag as shown below.

ss -t -r state established

To list all sockets in listening state,

ss -t -r state listening

traceroute

If you do not have a traceroute utility in your system or server, you can install it from the native repository.

traceroute is a network troubleshooting utility. Using traceroute you can find the number of hops required for a particular packet to reach the destination.

For example,

traceroute google.com

Here is the output.

1## mtr

The mtr utility is a network diagnostic tool to troubleshoot the network bottlenecks. It combines the functionality of both ping and traceroute

For example, the following command shows the traceroute output in real-time.

mtr google.com

mtr report

You can generate a report using the –report flag. When you run the mtr report, it sends 10 packets to the destination and creates the report.

mtr -n --report google.com

dig

If you have any task related to DNS lookup, you can use “dig” command to query the DNS name servers.

Get all DNS records with dig
The following command returns all the DNS records and TTL information of a twitter.com

dig twiter.com ANY

Use +short to get the output without verbose.

dig google.com ANY +short

Get Specific DNS Record with dig

For example, If you want to get the A record for the particular domain name, you can use the dig command. +short will provide the information without verbose

dig www.google.com A +short

Similarly, you can get the other record information separately using the following commands.

Reverse DNS Lookup with dig
You can perform a reverse DNS lookup with dig using the following command. Replace 8.8.8.8 with the required IP

dig -x 8.8.8.8

nslookup

Nslookup (Name Server Lookup) utility is used to check the DNS entries. It is similar to dig command.

To check the DNS records of a domain, you can use the following command.

nslookup google.com

You can also do a reverse lookup with the IP address.

nslookup 8.8.8.8

To get all the DNS records of a domain name, you can use the following.

nslookup -type=any google.com

Similarly, you can query for records like mx, soa etc

nc (netcat)

The nc (netcat) command is known as the swiss army of networking commands.

Using nc, you can check the connectivity of a service running on a specific port.

For example, to check if ssh port is open, you can use the following command.

nc -v -n 192.168.33.10 22

netcat can also be used for data transfer over TCP/UDP and port scanning.

Port scanning is not recommended in cloud environments. You need to request the cloud provider to perform port scanning operations in your environment.

telnet

The telnet command is used to t*roubleshoot the TCP connections on a port*.

To check port connectivity using telnet, use the following command.

telnet 10.4.5.5 22

route

The “route” command is used to g*et the details of the route table for your system and to manipulate* it. Let us look at a few examples for the route command.

Listing all routes
Execute the “route” command without any arguments to list all the existing routes in your system or server.

If you want to get the full output in numerical form without any hostname, you can use “-n” flag with the route command.

tcpdump

command is primarily used for troubleshooting network traffic.

Note: T*o analyze the output of tcpdump command* requires some learning, so explaining it is out of the scope of this article.

tcpdump command works with the network interfaces of the system. So you need to use administrative privileges to execute the command.

List all network interfaces
Use the following command to list all the interfaces.

sudo  tcpdump --list-interfaces

Capture Packets on Specific Interface
To get the dump of packets on a specific interface, you can use the following command.

Note: press ctrl + c to stop capturing the packets.

sudo tcpdump -i eth0

To limit the packet capturing, you can use the -c flag with the number.

For example,

sudo tcpdump -i eth0 -c 10

Capture Packets on All Interfaces
To capture packets on all the interfaces, use the any flag as shown below.

sudo tcpdump -i any

lsof

lsof is a command that would used in day to day linux troubleshooting. This command is equally important for anyone working with Linux systems.

To list all open files, execute the lsof command.

lsof

One of the common error face by developers & DevOps engineers is “Bind failed error: Address already in use“. You can find the process ID associated with a port using the following command. The you can kill the process to free up the port.

lsof -i :8080