In the vast and interconnected world of computing, the network is the invisible fabric that binds everything together. As Linux users, administrators, and developers, our ability to understand, troubleshoot, and interact with the network is paramount. Whether we’re diagnosing an unreachable server, downloading software, or simply checking our internet connectivity, a robust set of command-line networking tools is indispensable.

Understanding Network Interfaces and IP Addresses

At the most basic level, network communication relies on network interfaces and IP addresses. A network interface is the hardware component (or a virtual equivalent) that connects our Linux machine to a network. An IP address is a unique numerical label assigned to each device participating in a computer network, allowing it to be identified and located.

os-1 Figure 1: Networking Stack in Linux


Our journey often begins by confirming our machine’s network identity.


1. ifconfig (Deprecated) vs. ip a: Our Modern View of Interfaces

For many years, ifconfig was the ubiquitous command for configuring and viewing network interfaces. However, it has largely been superseded by the more powerful and versatile ip command. While we might still encounter ifconfig on older systems, ip a is what we reach for on modern Linux distributions.

  • ifconfig:
    • Historically, ifconfig (interface configuration) was used to display or configure network interfaces. It’s concise but lacks some of the advanced features of ip.
    • When we ran ifconfig, we’d see details like interface name (e.g., eth0, wlan0, lo), IP address, netmask, broadcast address, and MAC address.
    • Example Output: 
        eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
          inet 192.168.1.100  netmask 255.255.255.0  broadcast 192.168.1.255
          ether 00:11:22:33:44:55  txqueuelen 1000  (Ethernet)
  lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
          inet 127.0.0.1  netmask 255.0.0.0
    • We primarily use ifconfig now only when working on very old systems where ip isn’t available.

  • ip a (or ip addr show): This is our modern, preferred command to display network interface information. The ip utility is part of the iproute2 suite and offers much broader functionality for routing, policy routing, tunnels, etc.

      ip a

    When we run ip a, the output is more detailed and follows a consistent structure for each interface. We see:

    • Interface Index: A numerical identifier.
    • Interface Name: Like lo (loopback), eth0 (Ethernet), enp0s3 (predictable network interface name), wlan0 (wireless).
    • MAC Address: Hardware address.
    • State: UP, DOWN.
    • IP Addresses: Both IPv4 and IPv6 addresses, along with their netmasks (in CIDR notation).
    • Loopback Interface: We always look for the lo interface, which is the loopback interface (127.0.0.1). This is crucial for local communication and ensures our network stack is functioning internally.

    Example Output:

      1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
      link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
      inet 127.0.0.1/8 scope host lo
         valid_lft forever preferred_lft forever
      inet6 ::1/128 scope host
         valid_lft forever preferred_lft forever
  2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
      link/ether 08:00:27:32:c8:3c brd ff:ff:ff:ff:ff:ff
      inet 192.168.1.101/24 brd 192.168.1.255 scope global dynamic noprefixroute enp0s3
         valid_lft 86249sec preferred_lft 86249sec
      inet6 fe80::a00:27ff:fe32:c83c/64 scope link noprefixroute
         valid_lft forever preferred_lft forever

    We rely heavily on ip a to confirm our server’s IP address, check its network status, and ensure interfaces are configured correctly.


Testing Connectivity

Once we know our machine’s IP, the next logical step is to check if it can reach other machines on the network or the internet.

2. ping:

The ping command (Packet Internet Groper) is our essential tool for basic network connectivity testing. It sends ICMP (Internet Control Message Protocol) echo request packets to a target host and listens for echo reply packets.

ping google.com

When we ping a hostname or IP address, we’re looking for:

  • Response: Are we getting replies back? If not, there’s a connectivity issue.
  • Latency: How long does it take for a packet to make a round trip (RTT)? High latency can indicate network congestion or distant servers.
  • Packet Loss: Are all packets making it through? Packet loss can indicate network instability.

Example Output:

PING google.com (142.250.190.174) 56(84) bytes of data.
64 bytes from del03s06-in-f14.1e100.net (142.250.190.174): icmp_seq=1 ttl=115 time=20.5 ms
64 bytes from del03s06-in-f14.1e100.net (142.250.190.174): icmp_seq=2 ttl=115 time=19.8 ms
^C
--- google.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 19.839/20.172/20.505/0.333 ms

We can also specify the number of pings (ping -c 5 google.com) or set an interval (ping -i 0.2 google.com). ping is our quick health check for any remote resource.


Inspecting Connections and Open Ports

Understanding what services are running on our machine and which ports they are listening on, as well as who is connecting to them, is crucial for both security and troubleshooting.

3. netstat -tulnp vs. ss -tulnp: Network Sockets

Both netstat and ss provide information about network connections, routing tables, and interface statistics. ss (socket statistics) is generally considered a faster and more modern alternative to netstat, especially on busy servers, as it retrieves information directly from the kernel’s process.

  • netstat -tulnp: This command is a workhorse for showing active connections and listening ports.
    • -t: Display TCP connections.
    • -u: Display UDP connections.
    • -l: Show only listening sockets (i.e., services waiting for connections).
    • -n: Show numerical addresses and port numbers (prevents DNS lookups, making it faster).
    • -p: Show the PID (Process ID) and program name of the process that owns the socket (requires root privileges to see all processes).
      sudo netstat -tulnp

    When we run this, we can quickly identify if our web server is listening on port 80, if our SSH server is on 22, or if there’s an unexpected process listening on an unauthorized port.

  • ss -tulnp: We prefer ss for its efficiency. It uses netlink sockets for faster data retrieval and can often provide more detailed information than netstat. The options largely mirror netstat.

      sudo ss -tulnp

    The output is very similar to netstat, showing State (LISTEN), Recv-Q, Send-Q, Local Address:Port, Peer Address:Port, and the users:(("program_name",pid=PID,fd=FD)) information.

    These commands are fundamental for network security audits (checking for open ports), troubleshooting application connectivity (is my database actually listening?), and understanding network traffic flow.


Downloading and Interacting with Web Resources

Beyond checking connectivity, we often need to interact with web services – downloading files, fetching API responses, or simply viewing webpage content from the command line.

4. curl https://example.com: Data Transfer Tool

curl (Client URL) is a highly versatile command-line tool for transferring data with URL syntax. It supports a vast array of protocols, including HTTP, HTTPS, FTP, FTPS, SCP, SFTP, and more. For us, it’s indispensable for interacting with web services.

curl [https://example.com](https://example.com)

When we run this, curl fetches the HTML content of https://example.com and prints it directly to our terminal.

Some common curl usages we rely on:

  • Viewing HTTP Headers: 
      curl -I [https://google.com](https://google.com)

    The -I (head) option shows only the HTTP headers, useful for checking server type, caching directives, and response codes without downloading the full content.

  • Following Redirects: 
      curl -L [http://old-domain.com](http://old-domain.com)

    The -L (location) option tells curl to follow HTTP redirects.

  • Downloading to a File: 
      curl -o webpage.html [https://example.com](https://example.com)

    The -o (output) option saves the content to a specified file.

  • Sending POST Requests (e.g., to an API): 
      curl -X POST -H "Content-Type: application/json" -d '{"key":"value"}' [https://api.example.com/data](https://api.example.com/data)

    This demonstrates curl’s power for interacting with RESTful APIs, specifying HTTP method (-X), headers (-H), and data (-d).

  • Showing Progress: 
      curl -# [https://speed.hetzner.de/100MB.bin](https://speed.hetzner.de/100MB.bin) -o /dev/null

    The -# option displays a progress bar.

curl is our Swiss Army knife for web-related command-line tasks, from simple content retrieval to complex API interactions.


5. wget https://example.com/file.zip: Non-Interactive Downloader

wget (Web Get) is a free utility for non-interactive download of files from the web. This means it can download files in the background even if we log out of our terminal session. It’s especially useful for downloading large files or entire websites.

wget [https://example.com/archive.zip](https://example.com/archive.zip)

When we run this, wget downloads archive.zip to the current directory and shows progress information.

Key wget features we frequently use:

  • Downloading in Background: 
      wget -b [https://example.com/largefile.tar.gz](https://example.com/largefile.tar.gz)

    The -b (background) option runs wget as a background process.

  • Resuming Partial Downloads: 
      wget -c [https://example.com/incomplete_download.iso](https://example.com/incomplete_download.iso)

    The -c (continue) option resumes a partially downloaded file, invaluable for unstable networks.

  • Recursive Downloads (Caution!): 
      wget -r -l1 [https://example.com/static/](https://example.com/static/)

    The -r (recursive) option downloads all linked pages/files within a specified depth (-l1 for one level deep). Use with extreme caution as it can quickly download massive amounts of data.

wget is our trusted companion for automated downloads, especially in scripts, or for grabbing files from remote servers without needing interactive confirmation.


Network Diagnostics

While the commands above cover most of our daily needs, a few others come in handy for deeper network troubleshooting.

  • traceroute hostname: As briefly mentioned in the monitoring blog, traceroute maps the path that packets take to reach a destination, showing each hop along the way. Invaluable for diagnosing where connectivity breaks or where latency spikes. 
      traceroute google.com
  • host hostname or dig hostname: These are DNS lookup utilities. host is simpler for quick lookups, while dig provides much more detailed DNS query information, useful for troubleshooting complex DNS records. 
      host example.com
  dig example.com MX

    The MX option with dig shows mail exchange records.


Navigating the intricacies of Linux networking from the command line is a continuous learning process. What might seem like a daunting array of cryptic commands initially, soon transforms into a set of powerful, precise tools that give us unparalleled control and insight into our systems’ network interactions. From verifying our IP addresses with ip a, to troubleshooting connectivity with ping, inspecting open ports with ss, and fetching web content with curl or wget, these commands empower us to manage our Linux environments with confidence and efficiency. They are the digital threads we pull to understand and maintain the vast, invisible network that connects our servers to the world.


Stuck ?
Video Tutorial



home