UNIX Networking Commands
Common System Administrator files and commands
Network Status commands
Ø netstat <seconds>
running error stats + counts on config interface every N seconds
Ø netstat –a
socket ports and state
Ø netstat -s
protocol (tcp etc.) counts and errors
Ø netstat -r
routing table dump
Ø netstat –i
list of interfaces and gives 3 letter interface names If you use the –n flag, host addressed will be numeric and avoid a DNS lookup, which might be faster in some cases. Combine with the other switches.
Example:
o Network connections
% netstat -a | moreActive Internet connections (including servers)Proto Recv-Q Send-Q Local Address Foreign Address State... (deleted stuff)tcp 0 0 *:ftp *:* LISTEN (Waiting FTP Server)... (deleted stuff)tcp 0 0 michaela.baylor.:telnet lisa.baylor.edu:2733 ESTABLISHED (Telnet connection)... (deleted stuff)Active UNIX domain sockets (including servers)Proto RefCnt Flags Type State I-Node Path... (deleted stuff)unix 1 [ ACC ] STREAM LISTENING 1331 /dev/printer... (deleted stuff)
o Routing tables
% netstat -rKernel IP routing tableDestination Gateway Genmask Flags MSS Window irtt Iface129.62.148.0 * 255.255.254.0 U 1500 0 0 eth0127.0.0.0 * 255.0.0.0 U 3584 0 0 lodefault bulan2-e1.baylo 0.0.0.0 UG 1500 0 0 eth0
o Interface statistics (similiar to ifconfig)
% netstat -iKernel Interface tableIface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flagslo 3584 0 24 0 0 0 24 0 0 0 BLRUeth0 1500 0 BRU
Network interfaces commands
Ø ifconfig –a
Show all interfaces
· % ifconfig -alo Link encap:Local Loopback inet addr:127.0.0.1 Bcast:127.255.255.255 Mask:255.0.0.0 UP BROADCAST LOOPBACK RUNNING MTU:3584 Metric:1 RX packets:10714 errors:0 dropped:0 overruns:0 frame:0 TX packets:10714 errors:0 dropped:0 overruns:0 carrier:0 coll:0
eth0 Link encap:Ethernet HWaddr 00:60:8C:EA:03:C8 inet addr:129.62.149.74 Bcast:129.62.149.255 Mask:255.255.254.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:18935311 errors:12566 dropped:12566 overruns:0 frame:12566 TX packets:10342456 errors:30 dropped:0 overruns:0 carrier:249 coll:30864 Interrupt:10 Base address:0x300
ROOT ONLY
Connectivity
Ø ping <host>
send an ICMP echo message (one packet) to a host. This may go continually until you hit Control-C. Ping means a packet was sent from your machine via ICMP, and echoed at
the IP level. ping tells you if the OS is up; but doesn't tell you if inetd or other daemons are running.
Example: % ping ferdusy.weebly.comferdusy.weebly.com is alive
Ø telnet host <port>
talk to "hosts" at the given port number. By default, the telnet port is port 23. See the file /etc/services for a list of what services are in use at what ports. A few samples:
7 – echo port, use control-] to get out
25 – SMTP, use to send mail
79 – Finger
· Example:
o Echo (Port 7)- Echo back what you type
% telnet ferdusy echoTrying 129.62.148.2...Connected to Ferdusy.weebly.comEscape character is '^]'.hellohello^] (Hit Cntl-] to get to exit to telnet prompt)telnet> quitConnection closed.
o Daytime (Port 13) - Send time of day% telnet ferdusy daytimeTrying 129.62.148.2...Connected to Ferdusy.weebly.comEscape character is '^]'.Thu Feb 4 10:07:18 1999Connection closed by foreign host.
o HTTP (Port 80) - Connect to web server
% telnet ferdusy wwwTrying 129.62.148.2...Connected to Ferdusy.weebly.comEscape character is '^]'.GET /<!--This file created 3/19/97 4:30 PM by Claris Home Page version 2.0--><HTML><HEAD> <TITLE>Welcome to my Linux directory </TITLE>... (Deleted stuff)</BODY></HTML>Connection closed by foreign host.
Routing
Ø netstat –r
Print routing tables. The routing tables are stored in the kernel and used by ip to route packets to non-local networks.
Example:
% netstat -rKernel IP routing tableDestination Gateway Genmask Flags MSS Window irtt Iface129.62.148.0 * 255.255.254.0 U 1500 0 0 eth0127.0.0.0 * 255.0.0.0 U 3584 0 0 lodefault bulan2-e1.baylo 0.0.0.0 UG 1500 0 0 eth0
Ø route ... params
Show / manipulate the IP routing table
Showing routing table
% routeKernel IP routing tableDestination Gateway Genmask Flags Metric Ref Use Iface129.62.148.0 * 255.255.254.0 U 0 0 45 eth0127.0.0.0 * 255.0.0.0 U 0 0 3 lodefault bulan2-e1.baylo 0.0.0.0 UG 0 0 66 eth0
Ø routed
The BSD daemon that does dynamic routing. Started at boot. This runs the RIP routing protocol. ROOT ONLY. You won’t be able to run this without root access.
Ø gated
Gated is an alternative routing daemon to RIP. It uses the OSPF, EGP,and RIP protocols in one place. ROOT ONLY.
Ø traceroute <host>
Useful for tracing route of IP packets. The packet causes message to be sent back from all gateways in between the source and destination.
Example: % traceroute www.yahoo.comtraceroute to www1.yahoo.COM (204.71.200.66), 30 hops max, 40 byte packets 1 stugate6 (129.62.148.1) 7.953 ms 9.387 ms 0.886 ms 2 BORDER1-fa1-0-0.WACO.TX.VERIO.NET (128.241.72.1) 1.065 ms 0.988 ms 1.093ms 3 HOU1-S33.SESQUI.NET (128.241.7.209) 10.409 ms 10.22 ms 10.12 ms 4 fe0-1-0.iah0.verio.net (129.250.30.209) 11.826 ms 10.577 ms 10.304 ms 5 iah0-0.dfw1-0.verio.net (129.250.2.81) 15.841 ms 16.314 ms 15.554 ms 6 dfw1.dfw2.verio.net (129.250.2.162) 17.436 ms 15.607 ms 15.777 ms 7 dfw2.iad3.verio.net (129.250.2.210) 59.788 ms 59.44 ms 62.142 ms 8 iad3.iad0.verio.net (129.250.2.177) 60.357 ms 59.524 ms 60.014 ms 9 s0-0-1.br1.DCA.globalcenter.net (206.165.113.145) 59.706 ms 63.32 ms 60.876 ms10 pos6-0-0-155M.cr1.IAD.globalcenter.net (204.152.166.6) 64.315 ms 60.805 ms 61.49 ms11 fe4-1.cr2.IAD.globalcenter.net (204.152.166.162) 62.767 ms 62.994 ms 64.69 ms12 104.atm1-1-0.br1.NUQ.globalcenter.net (206.251.4.61) 188.249 ms 192.149 ms 200.304 ms13 pos0-1-155M.cr1.NUQ.globalcenter.net (206.132.160.25) 211.402 ms 220.327 ms 247.491 ms14 pos1-0-622M.cr1.SNV.globalcenter.net (206.251.0.74) 207.242 ms 198.57 ms 187.632 ms15 pos4-0-0-155M.hr5.SNV.globalcenter.net (206.251.0.197) 197.637 ms 198.819 ms 198.337 ms16 www1.yahoo.com (204.71.200.66) 193.683 ms 206.884 ms 200.106 ms
Arp
Ø arp –a
Print the arp table. Arp is used to translate IP addresses into Ethernet addresses. Root can add and delete arp entries. Deleting them can be useful if an arp entry is malformed or just wrong. Arp entries explicitly added by root are permanent -- they can also be by proxy. The arp table is
stored in the kernel and manipulated dynamically. Arp entries are cached and will time out and are deleted normally in 20 minutes.
Display and change ARP (Address Resolution Protocol) cache
molar:/etc% arp -aAddress HWtype HWaddress Flags Mask Ifacestugate6 ether 00:90:AB:C2:A0:00 C * eth0st-csi-a-dyn-01.baylor. ether 00:A0:C9:D7:5A:C5 C * eth0ferdusy.weebly.comether 00:A0:C9:D7:2C:06 C * eth0spud.weebly.comether 00:20:AF:E8:EE:25 C * eth0michaela.baylor.edu ether 00:00:94:7B:09:3C C * eth0GL09.weebly.comether 00:A0:C9:67:F4:8B C * eth0129.62.148.38 ether 00:A0:C9:D7:5A:E4 C * eth0burro.baylor.edu ether 00:00:94:75:45:13 C * eth0GL14.weebly.comether 00:A0:24:0C:42:B9 C * eth0GL15.weebly.comether 00:A0:24:0C:41:F5 C * eth0GL16.weebly.comether 00:A0:C9:67:F5:63 C * eth0lisa.weebly.comether 00:A0:C9:D7:2C:07 C * eth0
NFS/NIS
Network file system/yellow pages
Ø df .
Shows your filesystem and mount for the current directory
Ø df -t nfs
Show nfs mounts.
Ø mount
Use to mount a file system, ROOT ONLY.
/etc/fstab contains the mounts done at boot time.
/etc/exports contains mount points exported on a suste,/
/etc/mtab contains the mount table built by mount.
Other Useful Commands
Ø ps aux or ps alx
List of processes in action, usage varies from system to system.
“ps -aux | grep <string> “ often useful to filter output by string
Ø ps
List your processes in the foreground.
Ø nslookup (or nslookup <host>)
Makes queries to the DNS server to translate IP to a name, or vice versa.
Example:
· % nslookup Ferdusy.weebly.comServer: ccis03.weebly.com <= Name of queried name serverAddress: 129.62.16.4 <= IP address of queried name server
% nslookup 129.62.148.8 <= Reverse lookupServer: ccis03.weebly.com Address: 129.62.16.4
Name: ferdusy.weebly.comAddress: 129.62.148.8