Essential Linux Network Commands - ip, ifconfig, netstat, ss, ping, traceroute

Mastering essential network commands is crucial for Linux system administration, DevOps, and network troubleshooting. This comprehensive guide covers the most important network commands including the modern ip command suite, traditional tools like ifconfig and netstat, and their modern replacements ss and ip route. Learn how to effectively use ping and traceroute for connectivity testing and path analysis.

Network Commands Comparison

Command	Purpose	Replacement	Package	Best For
ip	Modern interface and routing management	ifconfig, route	iproute2	All modern network configuration
ifconfig	Legacy interface configuration	ip addr, ip link	net-tools	Older systems, basic info
ss	Socket statistics	netstat	iproute2	Connection monitoring, performance
netstat	Network statistics	ss	net-tools	Legacy systems, routing tables
ping	Connectivity testing	N/A	iputils	Basic connectivity checks
traceroute	Path analysis	tracepath, mtr	traceroute	Network path troubleshooting

Quick Reference:
• Modern replacement: Use ip instead of ifconfig
• Modern replacement: Use ss instead of netstat
• Check command availability: which ip ifconfig ss netstat ping traceroute
• Install modern tools: sudo apt install iproute2 (Debian/Ubuntu)
• Install legacy tools: sudo apt install net-tools (Debian/Ubuntu)
• Always use sudo for configuration changes
• Test commands in non-production environments first

Network Troubleshooting Workflow

Systematic Network Troubleshooting Process

Interface Status

→

IP Configuration

→

Routing Table

→

Local Connectivity

→

Remote Connectivity

→

Service Ports

ip Command - Modern Network Administration

🌐

ip addr - Address Management

Manage IP addresses and interface properties.

ip addr [command] [options]

Common Operations:

ip addr show - Show all interfaces
ip addr show eth0 - Show specific interface
ip addr add 192.168.1.100/24 dev eth0 - Add IP address
ip addr del 192.168.1.100/24 dev eth0 - Remove IP address

Examples:

# Show all interfaces with details
ip addr show

# Show specific interface
ip addr show eth0

# Add secondary IP address
sudo ip addr add 192.168.1.101/24 dev eth0

# Remove IP address
sudo ip addr del 192.168.1.101/24 dev eth0

# Show only IPv4 addresses
ip -4 addr show

# Show only IPv6 addresses
ip -6 addr show

🔗

ip link - Link Management

Manage network device status and properties.

ip link [command] [options]

Common Operations:

ip link show - Show all network devices
ip link set eth0 up - Bring interface up
ip link set eth0 down - Bring interface down
ip link set eth0 mtu 9000 - Set MTU

Examples:

# Show all network devices
ip link show

# Show specific device
ip link show eth0

# Bring interface up
sudo ip link set eth0 up

# Bring interface down
sudo ip link set eth0 down

# Change MTU size
sudo ip link set eth0 mtu 9000

# Show statistics
ip -s link show eth0

# Rename interface (requires down)
sudo ip link set eth0 down
sudo ip link set eth0 name lan0
sudo ip link set lan0 up

🛣️

ip route - Routing Management

Manage routing tables and static routes.

ip route [command] [options]

Common Operations:

ip route show - Show routing table
ip route add - Add static route
ip route del - Remove route
ip route get - Check route to destination

Examples:

# Show routing table
ip route show

# Show specific route
ip route get 8.8.8.8

# Add default gateway
sudo ip route add default via 192.168.1.1

# Add static route
sudo ip route add 10.0.0.0/8 via 192.168.1.254

# Remove route
sudo ip route del 10.0.0.0/8 via 192.168.1.254

# Add route for specific interface
sudo ip route add 192.168.2.0/24 dev eth0

# Show route cache
ip route show cache

ifconfig - Legacy Interface Configuration

🔧

Basic Interface Management

Traditional interface configuration and status.

ifconfig [interface] [options]

Common Operations:

ifconfig - Show all interfaces
ifconfig eth0 - Show specific interface
ifconfig eth0 up - Bring interface up
ifconfig eth0 down - Bring interface down

Examples:

# Show all interfaces
ifconfig

# Show specific interface
ifconfig eth0

# Bring interface up
sudo ifconfig eth0 up

# Bring interface down
sudo ifconfig eth0 down

# Assign IP address
sudo ifconfig eth0 192.168.1.100 netmask 255.255.255.0

# Assign IP with broadcast
sudo ifconfig eth0 192.168.1.100 netmask 255.255.255.0 broadcast 192.168.1.255

# Add secondary IP
sudo ifconfig eth0:0 192.168.1.101 netmask 255.255.255.0

# Show brief output
ifconfig -a

📊

Interface Statistics

View network interface statistics and metrics.

ifconfig [interface]

Key Metrics:

RX packets: Received packets
TX packets: Transmitted packets
RX errors: Receive errors
TX errors: Transmit errors
Collisions: Packet collisions

Statistics Example:

# Example ifconfig output
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.100  netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 fe80::a00:27ff:fe4e:66a1  prefixlen 64  scopeid 0x20<link>
        ether 08:00:27:4e:66:a1  txqueuelen 1000  (Ethernet)
        RX packets 254856  bytes 33292996 (33.2 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 189542  bytes 18115256 (18.1 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

# Key metrics to monitor:
# - RX/TX errors: Should be 0 or very low
# - Dropped packets: Indicates buffer issues
# - Collisions: Should be minimal on switched networks

⚡

Advanced Configuration

Advanced interface settings and troubleshooting.

ifconfig [interface] [parameter] [value]

Advanced Operations:

ifconfig eth0 mtu 9000 - Set MTU size
ifconfig eth0 promisc - Enable promiscuous mode
ifconfig eth0 -promisc - Disable promiscuous mode
ifconfig eth0 hw ether - Change MAC address

Examples:

# Change MTU size
sudo ifconfig eth0 mtu 9000

# Enable promiscuous mode
sudo ifconfig eth0 promisc

# Disable promiscuous mode
sudo ifconfig eth0 -promisc

# Change MAC address (requires interface down)
sudo ifconfig eth0 down
sudo ifconfig eth0 hw ether 00:11:22:33:44:55
sudo ifconfig eth0 up

# Create alias interface
sudo ifconfig eth0:0 192.168.1.101 netmask 255.255.255.0

# Remove alias interface
sudo ifconfig eth0:0 down

ss Command - Socket Statistics

📈

Basic Socket Monitoring

Monitor network connections and sockets.

ss [options] [filter]

Common Operations:

ss -tuln - Show listening TCP/UDP ports
ss -t - Show established TCP connections
ss -u - Show UDP connections
ss -s - Show socket statistics

Examples:

# Show all listening ports
ss -tuln

# Show established TCP connections
ss -t

# Show all TCP connections (including listening)
ss -ta

# Show all UDP connections
ss -ua

# Show socket statistics
ss -s

# Show processes using sockets
ss -tulnp

# Show connections to specific port
ss -t src :80

# Show connections from specific IP
ss -t dst 192.168.1.100

🔍

Advanced Socket Analysis

Advanced socket filtering and monitoring.

ss [options] [state] [expression]

Advanced Features:

Filter by connection state
Filter by source/destination
Show process information
Monitor socket memory usage

Examples:

# Show established connections only
ss -t state established

# Show listening sockets only
ss -t state listening

# Show connections in specific state
ss -t state time-wait
ss -t state close-wait

# Show connections with process info
ss -tulnp

# Show IPv4 only
ss -4 -tuln

# Show IPv6 only
ss -6 -tuln

# Show connections with timers
ss -t -o

# Show memory usage
ss -t -m

📊

Performance Monitoring

Monitor socket performance and troubleshooting.

ss [performance options]

Performance Metrics:

Socket memory usage
Connection states
Port usage statistics
Protocol statistics

Examples:

# Show detailed socket information
ss -t -i

# Show socket memory usage
ss -t -m

# Show TCP internal information
ss -t -i

# Monitor continuously
watch -n 1 'ss -tuln'

# Show summary statistics
ss -s

# Show all TCP information
ss -t -i -a

# Filter by port range
ss -t sport gt 1024

netstat - Legacy Network Statistics

📋

Basic Network Statistics

Traditional network connection monitoring.

netstat [options]

Common Operations:

netstat -tuln - Show listening ports
netstat -t - Show TCP connections
netstat -r - Show routing table
netstat -i - Show interface statistics

Examples:

# Show all listening ports
netstat -tuln

# Show all TCP connections
netstat -t

# Show routing table
netstat -r

# Show interface statistics
netstat -i

# Show extended interface statistics
netstat -ie

# Show with process information
netstat -tulnp

# Show kernel routing table
netstat -rn

# Show statistics by protocol
netstat -s

🔄

Continuous Monitoring

Real-time network monitoring with netstat.

netstat [options] [interval]

Monitoring Features:

Continuous statistics updates
Interface statistics monitoring
Connection state changes
Protocol statistics

Examples:

# Monitor connections continuously
netstat -t -c

# Monitor interface statistics continuously
netstat -i -c

# Monitor all statistics continuously
netstat -s -c

# Monitor specific interface
netstat -i eth0 -c

# Show listening ports continuously
netstat -tuln -c

# Monitor with 2-second intervals
netstat -t -c 2

# Show both listening and established
netstat -tua -c

📈

Advanced Statistics

Detailed network protocol statistics.

netstat -s

Protocol Statistics:

TCP connection statistics
UDP packet statistics
ICMP message statistics
IP packet statistics

Examples:

# Show all protocol statistics
netstat -s

# Show TCP statistics only
netstat -st

# Show UDP statistics only
netstat -su

# Show ICMP statistics
netstat -s -icmp

# Show IP statistics
netstat -s -ip

# Show statistics for specific protocol
netstat -s -tcp

# Monitor statistics continuously
netstat -s -c

ping - Connectivity Testing

🔄

Basic Connectivity Testing

Test network connectivity and latency.

ping [options] destination

Common Operations:

ping google.com - Basic connectivity test
ping -c 4 8.8.8.8 - Send specific number of packets
ping -I eth0 google.com - Use specific interface
ping -s 1000 google.com - Set packet size

Examples:

# Basic connectivity test
ping google.com

# Send specific number of packets
ping -c 4 8.8.8.8

# Use specific interface
ping -I eth0 google.com

# Set packet size
ping -s 1000 google.com

# Set interval between packets (seconds)
ping -i 2 google.com

# Flood ping (for stress testing)
ping -f 192.168.1.1

# Audible ping (beep when reply received)
ping -a google.com

# Set timeout for each packet
ping -W 5 google.com

📊

Advanced Ping Options

Advanced connectivity testing and troubleshooting.

ping [advanced options] destination

Advanced Features:

Timestamping
Record route
Pattern testing
Dead peer detection

Examples:

# Ping with timestamp
ping -D google.com

# Record route (limited hops)
ping -R google.com

# Set pattern in packet
ping -p ff google.com

# Set TTL (Time to Live)
ping -t 30 google.com

# Ping with deadline (seconds)
ping -w 10 google.com

# Don't fragment packet
ping -M do google.com

# Source route (obsolete but available)
ping -S 192.168.1.100 google.com

# Verbose output
ping -v google.com

🔧

Troubleshooting with Ping

Network troubleshooting techniques using ping.

ping [troubleshooting options]

Troubleshooting Scenarios:

MTU path discovery
Fragmentation testing
Network latency analysis
Packet loss detection

Examples:

# Find MTU without fragmentation
ping -M do -s 1472 google.com
# If successful, MTU is 1500 (1472 + 28 header)

# Test with different packet sizes
ping -s 500 google.com
ping -s 1000 google.com
ping -s 1500 google.com

# Continuous ping for monitoring
ping -c 1000 -i 0.1 google.com

# Quick ping (timeout 1 second)
ping -W 1 -c 5 google.com

# Ping IPv6 address
ping6 -c 4 2001:4860:4860::8888

# Ping with specific source IP
ping -I 192.168.1.100 google.com

# Broadcast ping (use with caution)
ping -b 192.168.1.255

traceroute - Path Analysis

🗺️

Basic Path Tracing

Trace network path to destination.

traceroute [options] destination

Common Operations:

traceroute google.com - Basic path trace
traceroute -n google.com - Don't resolve names
traceroute -I google.com - Use ICMP instead of UDP
traceroute -w 2 google.com - Set timeout

Examples:

# Basic path trace
traceroute google.com

# Don't resolve names (faster)
traceroute -n google.com

# Use ICMP instead of UDP
traceroute -I google.com

# Set timeout per hop (seconds)
traceroute -w 2 google.com

# Set number of queries per hop
traceroute -q 3 google.com

# Set maximum number of hops
traceroute -m 20 google.com

# Set initial TTL (start from hop N)
traceroute -f 5 google.com

# Use specific interface
traceroute -i eth0 google.com

🔧

Advanced Traceroute Options

Advanced path analysis and troubleshooting.

traceroute [advanced options] destination

Advanced Features:

TCP SYN tracing
Source port specification
Packet size adjustment
AS path lookup

Examples:

# Use TCP SYN (like tcptraceroute)
traceroute -T google.com

# Use specific source port
traceroute -p 33434 google.com

# Set packet size
traceroute -s 100 google.com

# Show AS numbers (if available)
traceroute -A google.com

# Use ICMP timestamp
traceroute -I -T google.com

# Use specific protocol
traceroute -P udp google.com  # UDP (default)
traceroute -P icmp google.com # ICMP
traceroute -P tcp google.com  # TCP

# Bypass firewall with specific port
traceroute -T -p 80 google.com

📊

Alternative Tools

Modern alternatives to traceroute.

tracepath, mtr, tcptraceroute

Alternative Tools:

tracepath - Simpler path tracing
mtr - Continuous path monitoring
tcptraceroute - TCP-based tracing
traceproto - Protocol-specific tracing

Examples:

# tracepath - simpler alternative
tracepath google.com

# mtr - continuous monitoring
mtr google.com

# mtr with report mode
mtr -r -c 10 google.com

# tcptraceroute - TCP based
tcptraceroute google.com 80

# tracepath with specific port
tracepath -p 80 google.com

# mtr with specific interface
mtr -i eth0 google.com

# mtr with AS lookup
mtr -z google.com

Practical Troubleshooting Examples

Real-World Network Troubleshooting Scenarios

# 1. Complete Network Diagnostics
# Check interface status
ip addr show
ip link show

# Check routing
ip route show

# Check DNS resolution
nslookup google.com
dig google.com

# Test connectivity
ping -c 4 8.8.8.8
ping -c 4 google.com

# Check path
traceroute google.com

# Check listening services
ss -tulnp

# 2. Interface Troubleshooting
# Check if interface is up
ip link show eth0

# Bring interface up if down
sudo ip link set eth0 up

# Check if IP address is assigned
ip addr show eth0

# Assign IP if missing
sudo ip addr add 192.168.1.100/24 dev eth0

# Check if gateway is reachable
ping -c 2 192.168.1.1

# 3. Routing Issues
# Check default gateway
ip route show | grep default

# Add default gateway if missing
sudo ip route add default via 192.168.1.1

# Check specific route
ip route get 8.8.8.8

# Add static route if needed
sudo ip route add 10.0.0.0/8 via 192.168.1.254

# 4. Service Port Troubleshooting
# Check if service is listening
ss -tuln | grep :80

# Check if firewall is blocking
sudo iptables -L

# Check process using port
ss -tulnp | grep :80

# Test remote connectivity to service
telnet 192.168.1.100 80
nc -zv 192.168.1.100 80

# 5. DNS Troubleshooting
# Check DNS resolution
nslookup google.com
dig google.com

# Check which DNS server is used
cat /etc/resolv.conf

# Test different DNS servers
nslookup google.com 8.8.8.8
nslookup google.com 1.1.1.1

# Check DNS configuration
systemd-resolve --status

# 6. Performance Issues
# Check interface statistics
ip -s link show eth0

# Check for errors
netstat -i

# Monitor connections in real-time
ss -t -o state established -p

# Check for packet loss
ping -c 100 -i 0.1 google.com

# Monitor bandwidth (install iftop)
sudo iftop -i eth0

# 7. Connection State Analysis
# Check all TCP connections
ss -ta

# Check specific states
ss -t state established
ss -t state time-wait
ss -t state close-wait

# Check connection timers
ss -t -o

# Check memory usage per socket
ss -t -m

# 8. Network Security Checks
# Check for unusual listening ports
ss -tulnp

# Check for established connections
ss -t state established -p

# Check for hidden processes
ss -tulnp | grep -v "^Netid"

# Monitor network traffic
sudo tcpdump -i eth0 -n

# 9. Advanced Troubleshooting
# MTU path discovery
ping -M do -s 1472 google.com

# Check for asymmetric routing
traceroute -T -p 80 google.com
traceroute -T -p 443 google.com

# Check for firewall blocking
tcptraceroute google.com 80
tcptraceroute google.com 443

# Continuous monitoring
mtr google.com

# 10. Scripting and Automation
# Basic connectivity check script
#!/bin/bash
ping -c 1 -W 5 8.8.8.8 > /dev/null 2>&1
if [ $? -eq 0 ]; then
    echo "Network is up"
else
    echo "Network is down"
fi

# Monitor service availability
#!/bin/bash
while true; do
    if ss -tuln | grep -q :80; then
        echo "HTTP service is running"
    else
        echo "HTTP service is down"
    fi
    sleep 30
done

# Log network statistics
#!/bin/bash
date >> /var/log/network-stats.log
ip -s link show eth0 >> /var/log/network-stats.log
ss -s >> /var/log/network-stats.log
echo "---" >> /var/log/network-stats.log

Common Use Cases

System Administration

Server Monitoring: Continuous network health checks
Service Verification: Ensure services are listening on correct ports
Network Configuration: Interface and routing management
Performance Tuning: Optimize network settings

DevOps & Cloud

Container Networking: Debug container network issues
Cloud Connectivity: Verify cloud instance networking
Automation Scripts: Network checks in deployment pipelines
Monitoring: Integration with monitoring systems

Security & Forensics

Intrusion Detection: Identify suspicious connections
Network Forensics: Analyze network traffic patterns
Firewall Testing: Verify firewall rules
Incident Response: Quick network assessment

Command Reference Tables

Command	Most Common Options	Purpose	Modern Alternative
ip addr	show, add, del, flush	IP address management	Replaces ifconfig
ip link	show, set, up, down	Interface status management	Replaces ifconfig status
ip route	show, add, del, get	Routing table management	Replaces route command
ss	-t, -u, -l, -n, -p	Socket statistics	Replaces netstat
ping	-c, -i, -s, -W	Connectivity testing	No direct replacement
traceroute	-n, -I, -w, -m	Network path analysis	mtr, tracepath

Important Considerations:
• Use modern commands (ip, ss) instead of deprecated ones (ifconfig, netstat)
• Be cautious with interface changes - you may lose connectivity
• Some commands require root privileges for configuration changes
• Flood pinging can be considered a network attack
• Traceroute to external networks may be blocked by firewalls
• Always understand the impact before running commands in production
• Keep command outputs for troubleshooting and documentation
• Consider using configuration management for persistent changes

Pro Tips:
• Use ip -br addr show for brief interface output
• Use ss -t state established to see active connections only
• Combine commands: watch -n 1 'ss -tuln' for real-time monitoring
• Use mtr instead of traceroute for continuous path monitoring
• Learn to read ss -i output for TCP connection details
• Use ping -M do for MTU path discovery
• Create aliases for frequently used command combinations
• Use ip route get to see the actual route taken by packets

Key Takeaways

Mastering essential Linux network commands is fundamental for effective system administration, DevOps, and network engineering. The modern ip command suite has largely replaced traditional tools like ifconfig and netstat, offering more features and better performance. Understanding when to use each command - from basic connectivity testing with ping to detailed socket analysis with ss - enables efficient network troubleshooting and management. Remember that these commands work together as part of a comprehensive network diagnostics toolkit, and proficiency with them is essential for maintaining reliable network services.

Next Step: Explore advanced networking topics like network namespaces, traffic control (tc), packet analysis with tcpdump, and network automation with tools like Ansible.