This page is a resource of the
of the BTC,
the College of Computing
of Georgia Tech.
Any reasonable distribution of Linux
has many basic network commands available for installation.
This page lists and describes the commands you should have available
if you have a Linux box and chose to install networking capabilities.
I have tried to make this list fairly complete;
if you see any omissions (or rather,
if you do not see something that should not have been omitted)
then please mail me.
I have arranged them according to the following categories:
The most fundamental commands are those used to configure
network interfaces and policies.
While they are primarily of interest to administrators
with the responsibility (and permissions) to configure the machine,
they permit regular users to at least determine how the machine is set up.
Note that most of these commands are used by shell scripts during boot
to set up networking automatically.
Linux recognizes network interfaces on bootup.
(Or at least it does so if the kernel is configured properly.)
Each interface is automatically assigned a label -
like ``lo0'' for the loopback interface
with which the machine talks to itself,
``eth3'' for the fourth internet card installed on the system
(since numbering starts with zero),
and ``ax0'' for the first Ham radio packet interface present.
These commands are presented in the order they would typically be used
while setting up networking.
If some of your network cards are fancy
and support multiple transceiver types,
then you start configuration
by using this command to specify which transceiver type you will use.
This command is used to configure network interfaces,
or to display their current configuration.
In addition to activating and deactivating interfaces
with the up and down settings,
this command is necessary for setting an interface's address information.
An IP interface, for example,
needs to be told both its own address
and the network mask and broadcast address of its subnet.
Once its interfaces are configured,
your machine can receive packets from the network.
But where should outgoing packets be sent?
Making this decision is called ``routing,''
and it is made by consulting the system's routing table.
The destination address of every outgoing packet
is checked against every line of this table;
if a matching line is found then the packet is sent out the interface
listed on that line of the table;
if no match is found the system returns the error ``Unreachable host.''
The route command is the tool used
to display or modify the routing table.
Sometimes users are granted the ability to bring certain interfaces
up or down on their own;
this is the command they use.
It is like an emasculated version of ifconfig,
that can only turn the interface on or off.
If your machine is configured to act as a firewall,
you can set up: IP accounting;
IP input, forwarding, and output filters;
and IP masquerading.
This is the command used to perform these functions.
It is also used to display the contents of the filter tables.
When the system transmits a packet,
it has to send it to a particular physical-layer address
(actually, some messages are sent in broadcast mode,
but these are kept to a minimum since they require the attention
of every processor connected to the LAN).
For instance, when you send an IP packet over Ethernet,
it will normally be sent to the Ethernet address of another machine
directly connected to it.
The ARP (Address Resolution Protocol) table
normally uses an automatic mechanism to find what physical addresses
go with which IP addresses.
The arp command displays this table,
and can be used to modify it,
though this necessity is rare.
TCP/IP Testing and Troubleshooting
The IP protocol includes control messages called ICMP packets.
One type of ICMP packet is called an ``echo request,''
and the IP rules require its recipient to send back an ``echo reply.''
These are incredibly useful because you can determine
(1) whether the remote host is up and talking to the network,
(2) the time required for a packet
to make a round-trip to the host,
and (3) (by sending a few dozen echo requests)
what fraction of the packets sent between the hosts
get lost somewhere along the way.
The ping command (named after the sound of an active sonar system)
sends echo requests to the host you specify on the command line,
and lists the responses received their round trip time.
When you terminate ping (probably by hitting control-C)
it summarizes the results,
giving the average round trip time and the percent packet loss.
This command is used constantly
to determine whether there is a problem
with the network connection between two hosts.
While ping gives information
about the performance of the network path between two hosts,
traceroute will actually show the route.
It attempts to list the series of hosts through which your packets travel
on their way to a given destination.
Complications can arise that will affect its operation;
see the manual page for details.
By observing the output of this command,
and especially by following it up with pings
of specific hosts on the route,
the exact location of a bad (high error or latency) link can be discovered.
People like names rather than numbers;
``www.linux.org'' is easier to remember
So the Internet includes a huge distributed database
called the Domain Name Service
that converts text host names into numeric IP addresses.
Basically, the last components of the name are used to identify the server
responsible for interpreting the first parts of the name.
So a query of ``elvis.mit.edu'' gets sent to a top-level DNS server
responsible for ``edu'',
which passes the request on to a DNS server at MIT,
which knows which machine they call ``elvis''.
These commands all perform a DNS query for you.
All three can do simple queries (host name to address),
reverse queries (address to host name),
and more exotic operations (like listing all of the hosts in a domain).
The dig command is often considered
to give the most behind-the-scenes information for those interested,
while host has the simplest default output.
Network Clients and Services
If you are configuring or running network services,
the first package you will be interested in
are the TCP wrappers which handle most incoming connections.
In the old days,
the FTP daemon (for instance) would run when the system started up,
grab port 21,
and spend the rest of its life listening for and servicing
incoming FTP requests.
But the fact that each service made its own decision
about which connections to accept
made the creation and enforcement of a uniform access policy difficult
These days your system instead contains TCP wrappers,
which monitor all of the incoming ports by themselves.
When a connection is made the wrappers decide whether access will be permitted,
and only when a connection is approved
is the daemon run to respond to it.
The access rules are usually found in the configuration files
/etc/hosts.allow and /etc/hosts.deny.
TCP wrapping is subdivided into two jobs.
The inetd daemon is usually run when networking is activated
and grabs control of the ports for FTP and telnet and whatever.
The /etc/inetd.conf file tells it what ports to monitor,
what service is offered on each port,
and what program to run when a connection is detected.
The program that inetd is usually instructed to run is tcpd,
which checks the /etc/hosts.allow and /etc/hosts.deny
files to see if the connection should be permitted
and if so starts or alerts the appropriate daemon.
These small utility programs let you check your
/etc/hosts.allow and /etc/hosts.deny files.
The tcpdchk command scans the files
and reports any errors or omissions it finds.
The tcpdmatch utility lets you specify
a hypothetical daemon/client pair and predicts,
given your setup files,
whether the connection would be accepted.
This table offers a summary of the most common services,
and the Linux daemons responsible for them,
which are mediated by the TCP wrappers:
File transfer protocol - The standard protocol
for transferring files across the Internet,
whether from password-protected user accounts
or publicly available ``anonymous'' servers.
Telnet remote terminal protocol - The standard
protocol for logging in to a remote machine.
System time - Responds with the time according
to the system clock.
Internet Bootstrap Protocol - If you want to control
IP address assignment from a central location,
you can have machines broadcast a query upon booting
that a nearby bootp server must respond to
with the IP address the machine should use,
and possibly the name of a configuration file to retrieve through tftp.
Trivial file transfer protocol - A very simple file
transfer protocol that lets any host download any publicly readable file
in its directory (which is normally /tftpboot).
If you use this make sure to protect it with TCP wrapper.
This is normally used to provide configuration files
to machines initializing themselves with bootp.
Gopher - A hierarchical information browser
that was in vogue before the introduction of HTML.
User information lookup - Takes a username
(or, for some servers, part of a user's real name) and responds with
basic statistics including time of last login
and whether the user has read his mail.
Access to service is often restricted through the TCP wrappers
since public knowledge about users reduces security.
PostOffice V.3 - A protocol for remote
User Authentication - An important service that,
given the number of an active IP port on a host,
returns the username of the user who is employing that port.
Used in many access and security related applications.
Net news (Usenet) transfer protocol - The protocol
that lets a client remotely query a news server.
Remote command execution - Allows a user to execute
a command on a remote system.
This and the next two services permit a common authentication shortcut,
where a user may create an .rhosts file in his home directory
that lists login names and machines
which can access his account without having to enter a password.
Whether to enable these services is an important security issue.
Remote login - Permits login from a remote system
(see rexec above).
Remote shell - Gives a user a command prompt
on a remote machine (see rexec above).
(BSD) Talk to another user - Allows two users to type
live messages back and forth to each other over the Internet.
Popular for dating couples at different colleges or institutions.
Unix-to-Unix Copy protocol - An Internet incarnation
of the ancient and venerated UUCP protocol
which linked the world of Unix computers
back when periodic modem connections were the primary means of communication.
There are some more complex services
which are usually always TCP wrapped:
This is the traditional Unix program
for sending and receiving email over the Internet.
It cannot be TCP wrapped and must be run as a daemon,
which is unfortunate since security bugs are found in it fairly often.
It is considered by many to be too large and multifaceted a program
to offer real security;
you should consider replacing it by qmail.
But sendmail does have quite sophisticated features,
including quite exhaustive mail sorting and filtering capabilities.
See the qmail home page for details.
Instead of being a monolithic jack of all trades like sendmail,
this package provides a small sleek program for each distinct mail operation.
It includes powerful and convenient features
related to aliasing and mailing lists.
Unfortunately for Linux users the author's stipulations on its distribution
(which are intended to ensure no tampering with the source code)
prevent its being encapsulated in an RPM,
so you will have to compile and install it yourself.
(Unlike sendmail this can be placed behind TCP wrappers.)
This program provides the same sort of functionality
as the rsh family,
but employs encryption to prevent your passwords and data
from being transmitted in cleartext across the Internet
where snooping eyes can intercept them.
It is thought to be very secure,
and in fact a monetary reward is offered to anyone
who can demonstrate otherwise.
And there are some miscellaneous servers that are not frequently used:
This is the miscellaneous network service daemon.
It responds to a dozen types of remote service request
associated with ISO FTAM,
the beefy European network management protocol
which has been mostly ignored in the TCP/IP world
in favor of SNMP.
In large networks,
the main routers are usually not configured
with permanent, static routing tables.
Instead, they each run a routing daemon
which exchanges information with other routers' routing daemons
to keep up-to-date tables that adapt themselves
to find the best routes between the system's subnetworks.
The routed daemon implements a variant
of the Xerox NS Routing Information Protocol.
This command displays the values
of a few dozen statistics relating to network activity
that are maintained inside the kernel.
These statistics are normally kept for the benefit of the SNMP daemon.
They may also be viewed by accessing the file /proc/net/snmp.
This is another command that will present
the contents of /proc/net files for you,
but offers a broader range of information than the nstat program.
It can list the currently active network connections,
dump the system routing tables,
present interface statistics,
and list masqueraded connections.
The collection of SNMP commands (snmpget, snmpnext, et cetera)
that come with the Linux CMU SNMP package
allow you to query a remote machine that has an SNMP daemon running.
This can provide network performance and error statistics for that host.
The CMU package also contains an snmpd(8) daemon
that you can run if you want your machine to provide SNMP information.
This is a sniffer,
a program that captures packets off of a network interface
and interprets them for you.
It understands all basic Internet protocols,
and can be used to save entire packets for later inspection.
This daemon can send and receive network packets
through a serial link between two computers.
It is commonly used to allow dialup machines to communicate with the Internet
despite not having a real Ethernet connection.
See the PPP
This command is similar to pppd
except that it uses the older SLIP protocol for encapsulating packets.
The diald daemon monitors your system for network traffic,
automatically dials up your Internet service provider
whenever you attempt to access the Internet.
This prevents you from having to keep up
with whether your modem is currently dialed in,
while making sure your dialup connection is terminated
when you are not using it.
At runtime you may configure diald's connection criteria,
including how long it should wait
before shutting down the modem due to inactivity.