Linux Networking Reference
ip command — interfaces and addresses
# List all interfaces and their IP addresses
ip addr show
ip a # short form
# Show one interface
ip addr show eth0
# Bring an interface up/down
ip link set eth0 up
ip link set eth0 down
# Add an IP address to an interface (temporary — not persistent)
ip addr add 10.0.0.5/24 dev eth0
# Remove an IP address
ip addr del 10.0.0.5/24 dev eth0ip replaces the older ifconfig. Use ip — ifconfig is not installed by default on modern systems.
Routes
# Show routing table
ip route show
ip r # short form
# Show the route a packet to a specific destination would take
ip route get 8.8.8.8
# Add a static route (temporary)
ip route add 192.168.50.0/24 via 10.0.0.1
# Add a default gateway (temporary)
ip route add default via 10.0.0.1
# Delete a route
ip route del 192.168.50.0/24 via 10.0.0.1Temporary routes added with ip route add are lost on reboot. To make them persistent, use nmcli or edit the network config files.
DNS tools
# Query DNS (shows full response with TTL, record type)
dig example.com
dig example.com A # A records only
dig example.com MX # MX records
dig example.com @8.8.8.8 # use a specific resolver
# Reverse lookup (IP to hostname)
dig -x 8.8.8.8
# Quick hostname resolution (no extra detail)
host example.com
host 8.8.8.8
# nslookup (interactive or one-shot)
nslookup example.com
nslookup example.com 8.8.8.8
# Which DNS servers am I using?
cat /etc/resolv.conf
resolvectl status # on systems using systemd-resolvedReading dig output:
;; ANSWER SECTION:
example.com. 3600 IN A 93.184.216.34
# ^TTL ^type ^valueOpen ports and sockets
# Show all listening ports and the processes using them
ss -tlnp # TCP, listening, numeric, with process
# All listening (TCP + UDP)
ss -ulnp # UDP
ss -tlnp # TCP
# All established connections
ss -tnp
# Show connections to a specific port
ss -tnp '( dport = :443 or sport = :443 )'
# Old way (still works, may not be installed)
netstat -tlnpReading ss -tlnp output:
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:* users:(("sshd",pid=1234))
LISTEN 0 511 0.0.0.0:80 0.0.0.0:* users:(("nginx",pid=5678))0.0.0.0:22— listening on all interfaces, port 22127.0.0.1:3306— listening on localhost only (internal service):::80— listening on all IPv6 interfaces
Testing connectivity
# Basic reachability (ICMP)
ping -c 4 8.8.8.8
# Test TCP connectivity to a specific port
nc -zv 10.0.0.5 22 # -z = scan, -v = verbose
nc -zv 10.0.0.5 443
# Test HTTP(S) with curl (shows response headers)
curl -v http://example.com
curl -vk https://example.com # -k = ignore TLS errors
# Trace the path packets take
traceroute 8.8.8.8
mtr 8.8.8.8 # interactive traceroute with live updates# Test multiple ports quickly
for port in 22 25 80 443; do
nc -zv -w2 target-host $port 2>&1
doneNetwork config files (RHEL/nmcli)
On RHEL 8/9, NetworkManager manages interfaces. Config files are in /etc/NetworkManager/system-connections/ in keyfile format (or the older /etc/sysconfig/network-scripts/ifcfg-* on RHEL 7/early 8).
# /etc/NetworkManager/system-connections/eth0.nmconnection
[connection]
id=eth0
type=ethernet
interface-name=eth0
[ipv4]
method=manual
addresses=10.0.0.5/24
gateway=10.0.0.1
dns=10.0.0.10;10.0.0.11
[ipv6]
method=disabledDo not edit these files directly unless you are comfortable with the format. Use nmcli to make changes — it updates the files and activates the changes cleanly.
nmcli quick reference
# Show connection status
nmcli connection show
# Show device status
nmcli device status
# Set a static IP on an interface
nmcli con mod eth0 ipv4.method manual ipv4.addresses "10.0.0.5/24" ipv4.gateway "10.0.0.1"
# Set DNS servers
nmcli con mod eth0 ipv4.dns "10.0.0.10 10.0.0.11"
# Apply the change
nmcli con up eth0
# Set DHCP
nmcli con mod eth0 ipv4.method auto
nmcli con up eth0
# Add a DNS search domain
nmcli con mod eth0 ipv4.dns-search "example.com internal.example.com"Packet capture with tcpdump
# Capture all traffic on eth0
tcpdump -i eth0
# Capture to a file (open with Wireshark)
tcpdump -i eth0 -w /tmp/capture.pcap
# Filter by host
tcpdump -i eth0 host 10.0.0.5
# Filter by port
tcpdump -i eth0 port 25
# Filter by protocol and port
tcpdump -i eth0 tcp port 443
# Watch DNS queries
tcpdump -i eth0 port 53
# Watch SMTP traffic to a specific host
tcpdump -i eth0 host mail.example.com and port 25
# Show packet contents in ASCII
tcpdump -i eth0 port 25 -A | head -50tcpdump is the first tool to reach for when you need to see what is actually on the wire. Useful for confirming whether traffic is reaching a host, and for diagnosing TLS handshake failures, routing issues, or unexpected connections.
Network namespaces (containers)
If you are working with containers, the application's network stack lives in a separate namespace. The host ip commands show host-level networking only.
# List network namespaces
ip netns list
# Run a command in a specific namespace
ip netns exec mynamespace ip addr show
# For Docker containers
docker exec -it container_name ip addr show
docker exec -it container_name ss -tlnpNetworking troubleshoot checklist
Service is not reachable — work through this in order:
- Is the service running and listening? —
ss -tlnp | grep PORT - Is it listening on the right interface? — check for
127.0.0.1:PORTvs0.0.0.0:PORT - Is the firewall blocking it? —
firewall-cmd --list-all - Is it reachable from the target host? —
nc -zv host portfrom the client - Is DNS resolving? —
dig hostname - Is the route correct? —
ip route get TARGET_IP - Is traffic actually arriving? —
tcpdump -i eth0 port PORTon the server - Is SELinux blocking it? — check
/var/log/audit/audit.logfor AVC denials
Netplan — network configuration on Debian/Ubuntu
Debian/Ubuntu 18.04+ uses Netplan as the network configuration front-end. YAML files in /etc/netplan/ are rendered into NetworkManager or systemd-networkd configuration.
# List netplan config files
ls /etc/netplan/
# Example: /etc/netplan/00-installer-config.yaml
# Static IP configuration
network:
version: 2
renderer: networkd # or: NetworkManager
ethernets:
eth0:
dhcp4: false
addresses:
- 192.168.1.100/24
routes:
- to: default
via: 192.168.1.1
nameservers:
addresses: [8.8.8.8, 8.8.4.4]
search: [example.com]
# Apply changes (test first)
netplan try # applies config; rolls back in 120s if you don't confirm
netplan apply # apply permanently (no rollback)netplan try is the safe way to apply network changes remotely — if the new config breaks connectivity you will be disconnected, the timer expires, and the old config is restored automatically. Always use netplan try before netplan apply on production servers.
ARP / neighbour table
The ARP table maps IP addresses to MAC addresses. It is useful for diagnosing duplicate IP issues, identifying which physical host is at an IP, and verifying L2 connectivity.
# View the ARP / neighbour table
ip neigh show
ip neigh show dev eth0 # limit to one interface
# Example output:
# 192.168.1.1 dev eth0 lladdr 00:11:22:33:44:55 REACHABLE
# 192.168.1.50 dev eth0 lladdr FAILED ← host not responding at L2
# Delete a stale ARP entry (forces re-resolution)
ip neigh del 192.168.1.50 dev eth0
# Flush all entries on an interface
ip neigh flush dev eth0
# Check for duplicate IPs (two different MACs for same IP)
ip neigh show | grep 192.168.1.1A FAILED or missing ARP entry means the host is not responding at Layer 2 — either the host is down, the MAC address changed (VM migration, NIC replacement), or there is a VLAN mismatch. An IP showing two different MACs is a duplicate IP conflict.