Enumerate

NICs

ifconfig -a

Prints network information/configuration.

ifconfig eth0

Specific interface

ip addr show

Show NIC Info

ip addr show eth0

Specific interface

netstat -I

Shows interface stats.

netstat -ie

Shows interface stats, including MAC addresses.

ip link show

Shows the state of all network interfaces.

ls /sys/class/net/

Lists all network interfaces recognized by the kernel

lspci | grep -i network

Lists all PCI network interfaces by searching for "network"

nmcli device status

Lists network devices and their status using the NetworkManager command-line tool

nmtui

Provides a text user interface to NetworkManager

ethtool <interface>

Shows detailed info about a specific Eth interface

lshw -class network

Detailed info on all network interfaces. Requires lshw to be installed.

cat /sys/class/net/<interface>/address

Directly reads the MAC address from the system's file

Wireless

iwconfig

Displays wireless network configuration.

iw dev

Lists all wireless interfaces along with their details, including MAC addresses. Requires iw for wireless device operations.

ARP

arp

Displays the current ARP table/cache for the system.

arp -a

DNS

dig <domain>

Queries DNS servers for info about domain names.

drill <domain>

Similar to dig, supports DNSSEC.

host <domain>

Shows IP address and basic DNS information.

nslookup <hostname/IP>

Queries Internet domain name servers for DNS lookup.

whois <domain>

Retrieves domain registration info.

nmcli device show

For systems using NetworkManager, includes DNS settings for network interfaces.

scutil --dns

(macOS specific) Displays the DNS config.

cat /etc/resolv.conf

Display DNS configuration.

cat /etc/hosts

Display hosts file.

Shows detailed DNS config and stats for systems using systemd-resolved for managing network name resolution. It provides information about global and per-link DNS settings: systemd-resolve --status

Checks for DNS servers configured in network interface files (if applicable): grep nameserver /etc/network/interfaces grep nameserver /etc/sysconfig/network

Routing Tables

netstat -rn

Prints the kernel routing tables.

route -n

Displays the routing table in a numerical format, making it easier to parse.

ip route show

Lists the kernel routing tables. (Newer Linux command)

ip route list

Similar to ip route show.

ip route

Displays the routing table.

ss -r

Shows socket statistics with routing information. Not a direct way to list the routing table.

cat /proc/net/route

Displays the routing table from the system's proc filesystem.

ip route get <destination>

Traces the route to a specific destination.

traceroute <hostname/IP>

Traces the path packets take to reach a host, helping to identify network bottlenecks.

mtr <hostname/IP>

Combines ping and traceroute functionalities to provide continuous network diagnostics.

Sockets

ss -auntp

TCP connections and listeners, UDP listeners, and Processes.

netstat -auntp

TCP connections and listeners, UDP listeners, and PIDs.

Netstat Options

-a

Show both listening and non-listening sockets.

-t

Show TCP connections.

-u

Show UDP connections.

-n

Show numerical addresses instead of resolving hostnames.

-l

Show only listening sockets.

-p

Show the PID and name of the program to which each socket belongs.

-r

Display the routing table.

-i

Display a table of all network interfaces.

-s

Show statistics for all protocols.

-c

Continuously list the information.

-W

Avoid truncating IP addresses (useful for IPv6).

-e

Display extended information; more detailed.

-o

Show timer information (similar to ss -o).

-g

Display multicast group memberships.

-C

Show the routing cache.

-A <family>

Specify the address family (e.g., inet, inet6, unix).

-F

Display the Forwarding Information Base (FIB).

-M

Display masqueraded connections.

-x

Show UNIX domain sockets.

-Z

Show the SELinux security context for sockets.

--numeric-hosts

Show hosts numerically (avoid DNS lookup).

--numeric-ports

Show ports numerically.

--numeric-users

Show users numerically (avoid user name lookup).

--protocol=<family>

Show information for a specific protocol family.

--tcp

Shortcut for -A inet -t.

--udp

Shortcut for -A inet -u.

--unix

Shortcut for -A unix -x.

--inet

Shortcut for specifying IPv4 protocols only.

--inet6

Shortcut for specifying IPv6 protocols only.

SS Options

-h

Display help message.

-V

Show version info.

-n

Do not resolve service names (show numerical addresses and ports).

-r

Resolve hostnames (inverse of -n).

-a

Both listening and non-listening sockets.

-l

Listening sockets only.

-o

Show timer info.

-m

Show memory usage for each socket.

-p

Show process using the socket.

-i

Show internal TCP info.

-s

Show socket usage statistics.

-4

IPv4 sockets only.

-6

IPv6 sockets only.

-0

Packet sockets only.

-t

TCP sockets only.

-u

UDP sockets only.

-d

DCCP sockets only.

-w

RAW sockets only.

-x

Unix domain sockets only.

-f

Specify address family (use with inet, unix, link, netlink, inet6, etc.).

-A

Filter sockets by states (e.g., all, connected, synchronized, bucket, big).

-e

Show detailed socket info.

-E

Export socket info to a file.

-Z

Show socket security info.

-K

Show TCP congestion algorithm.

-c

Show continuous listing.

-S

Show socket details in summary format.

-b

Show BPF filter socket info.

-N <netns>

Switch to the specified network namespace (requires either PID or name of the netns).

-H

Do not print header.

state <filter>

Filter sockets by state (e.g., established, time-wait).

Connectivity

ping <hostname/IP>

Tests connectivity to a host and measures round-trip time.

traceroute <hostname/IP>

Traces the path packets take to reach a host, helping identify network bottlenecks.

mtr <hostname/IP>

Combines ping and traceroute functionalities.

nc <hostname/IP> <port>

Tests TCP connectivity to a specified port on a host.

telnet <hostname/IP> <port>

Attempts to establish a TCP connection to a specified port on a host.

curl <URL>

Retrieves content from a web server, useful for testing HTTP connectivity.

host <hostname>

Simple utility for DNS lookups.

iperf / iperf3

Measures the maximum network bandwidth between a client and a server.

Processes Using Network

lsof -i

Lists open files belonging to active network connections.

sudo lsof -i tcp:<port>

Lists processes using a specific TCP port.

sudo lsof -i udp:<port>

Lists processes using a specific UDP port.

netstat -tupln

Shows the PID and program name that are listening.

ss -tupln

Shows the PID and program name that are listening.

nethogs

Displays real-time network usage per process.

Find Processes Using a Specific Port

Use with caution as it sends signals to processes and could affect their behavior:

fuser <port>

Provides PID

fuser -nv tcp <port>

Identifies processes using a specific TCP port

fuser -nv udp <port>

Identifies processes using a specific UDP port.

Find Processes that have Port Information

pfiles \ `ptree | awk '{print $1}'\`| egrep '^[0-9]|port:'

Captures TCP packets with SYN or ACK flags, indicating connection attempts. Requires root privileges:

tcpdump -i <interface> -n 'tcp[tcpflags] & (tcp-syn|tcp-ack) != 0'

Sets up a rule in iptables to log network connections initiated by processes owned by a specific user. This requires analyzing the log to see the connections:

iptables -A OUTPUT -m owner --uid-owner <user> -j LOG

Solaris

netstat -anP tcp netstat -anP udp pfiles /proc/ pfiles `ptree | awk '{print $1}'`| egrep '^[0-9]|port:' >> /tmp/ports rpcinfo -p

PreviousNetwork NextModify

Last updated 1 year ago

Was this helpful?

Enumerate

NICs

ifconfig -a

Prints network information/configuration.

ifconfig eth0

Specific interface

ip addr show

Show NIC Info

ip addr show eth0

Specific interface

netstat -I

Shows interface stats.

netstat -ie

Shows interface stats, including MAC addresses.

ip link show

Shows the state of all network interfaces.

ls /sys/class/net/

Lists all network interfaces recognized by the kernel

lspci | grep -i network

Lists all PCI network interfaces by searching for "network"

nmcli device status

Lists network devices and their status using the NetworkManager command-line tool

nmtui

Provides a text user interface to NetworkManager

ethtool <interface>

Shows detailed info about a specific Eth interface

lshw -class network

Detailed info on all network interfaces. Requires lshw to be installed.

cat /sys/class/net/<interface>/address

Directly reads the MAC address from the system's file

Wireless

iwconfig

Displays wireless network configuration.

iw dev

Lists all wireless interfaces along with their details, including MAC addresses. Requires iw for wireless device operations.

ARP

arp

Displays the current ARP table/cache for the system.

arp -a

DNS

dig <domain>

Queries DNS servers for info about domain names.

drill <domain>

Similar to dig, supports DNSSEC.

host <domain>

Shows IP address and basic DNS information.

nslookup <hostname/IP>

Queries Internet domain name servers for DNS lookup.

whois <domain>

Retrieves domain registration info.

nmcli device show

For systems using NetworkManager, includes DNS settings for network interfaces.

scutil --dns

(macOS specific) Displays the DNS config.

cat /etc/resolv.conf

Display DNS configuration.

cat /etc/hosts

Display hosts file.

Checks for DNS servers configured in network interface files (if applicable): grep nameserver /etc/network/interfaces grep nameserver /etc/sysconfig/network

Routing Tables

netstat -rn

Prints the kernel routing tables.

route -n

Displays the routing table in a numerical format, making it easier to parse.

ip route show

Lists the kernel routing tables. (Newer Linux command)

ip route list

Similar to ip route show.

ip route

Displays the routing table.

ss -r

Shows socket statistics with routing information. Not a direct way to list the routing table.

cat /proc/net/route

Displays the routing table from the system's proc filesystem.

ip route get <destination>

Traces the route to a specific destination.

traceroute <hostname/IP>

Traces the path packets take to reach a host, helping to identify network bottlenecks.

mtr <hostname/IP>

Combines ping and traceroute functionalities to provide continuous network diagnostics.

Sockets

ss -auntp

TCP connections and listeners, UDP listeners, and Processes.

netstat -auntp

TCP connections and listeners, UDP listeners, and PIDs.

Netstat Options

-a

Show both listening and non-listening sockets.

-t

Show TCP connections.

-u

Show UDP connections.

-n

Show numerical addresses instead of resolving hostnames.

-l

Show only listening sockets.

-p

Show the PID and name of the program to which each socket belongs.

-r

Display the routing table.

-i

Display a table of all network interfaces.

-s

Show statistics for all protocols.

-c

Continuously list the information.

-W

Avoid truncating IP addresses (useful for IPv6).

-e

Display extended information; more detailed.

-o

Show timer information (similar to ss -o).

-g

Display multicast group memberships.

-C

Show the routing cache.

-A <family>

Specify the address family (e.g., inet, inet6, unix).

-F

Display the Forwarding Information Base (FIB).

-M

Display masqueraded connections.

-x

Show UNIX domain sockets.

-Z

Show the SELinux security context for sockets.

--numeric-hosts

Show hosts numerically (avoid DNS lookup).

--numeric-ports

Show ports numerically.

--numeric-users

Show users numerically (avoid user name lookup).

--protocol=<family>

Show information for a specific protocol family.

--tcp

Shortcut for -A inet -t.

--udp

Shortcut for -A inet -u.

--unix

Shortcut for -A unix -x.

--inet

Shortcut for specifying IPv4 protocols only.

--inet6

Shortcut for specifying IPv6 protocols only.

SS Options

-h

Display help message.

-V

Show version info.

-n

Do not resolve service names (show numerical addresses and ports).

-r

Resolve hostnames (inverse of -n).

-a

Both listening and non-listening sockets.

-l

Listening sockets only.

-o

Show timer info.

-m

Show memory usage for each socket.

-p

Show process using the socket.

-i

Show internal TCP info.

-s

Show socket usage statistics.

-4

IPv4 sockets only.

-6

IPv6 sockets only.

-0

Packet sockets only.

-t

TCP sockets only.

-u

UDP sockets only.

-d

DCCP sockets only.

-w

RAW sockets only.

-x

Unix domain sockets only.

-f

Specify address family (use with inet, unix, link, netlink, inet6, etc.).

-A

Filter sockets by states (e.g., all, connected, synchronized, bucket, big).

-e

Show detailed socket info.

-E

Export socket info to a file.

-Z

Show socket security info.

-K

Show TCP congestion algorithm.

-c

Show continuous listing.

-S

Show socket details in summary format.

-b

Show BPF filter socket info.

-N <netns>

Switch to the specified network namespace (requires either PID or name of the netns).

-H

Do not print header.

state <filter>

Filter sockets by state (e.g., established, time-wait).

Connectivity

ping <hostname/IP>

Tests connectivity to a host and measures round-trip time.

traceroute <hostname/IP>

Traces the path packets take to reach a host, helping identify network bottlenecks.

mtr <hostname/IP>

Combines ping and traceroute functionalities.

nc <hostname/IP> <port>

Tests TCP connectivity to a specified port on a host.

telnet <hostname/IP> <port>

Attempts to establish a TCP connection to a specified port on a host.

curl <URL>

Retrieves content from a web server, useful for testing HTTP connectivity.

host <hostname>

Simple utility for DNS lookups.

iperf / iperf3

Measures the maximum network bandwidth between a client and a server.

Processes Using Network

lsof -i

Lists open files belonging to active network connections.

sudo lsof -i tcp:<port>

Lists processes using a specific TCP port.

sudo lsof -i udp:<port>

Lists processes using a specific UDP port.

netstat -tupln

Shows the PID and program name that are listening.

ss -tupln

Shows the PID and program name that are listening.

nethogs

Displays real-time network usage per process.

Find Processes Using a Specific Port

Use with caution as it sends signals to processes and could affect their behavior:

fuser <port>

Provides PID

fuser -nv tcp <port>

Identifies processes using a specific TCP port

fuser -nv udp <port>

Identifies processes using a specific UDP port.

Find Processes that have Port Information

pfiles \ `ptree | awk '{print $1}'\`| egrep '^[0-9]|port:'

Captures TCP packets with SYN or ACK flags, indicating connection attempts. Requires root privileges:

tcpdump -i <interface> -n 'tcp[tcpflags] & (tcp-syn|tcp-ack) != 0'

Sets up a rule in iptables to log network connections initiated by processes owned by a specific user. This requires analyzing the log to see the connections:

iptables -A OUTPUT -m owner --uid-owner <user> -j LOG

Solaris

netstat -anP tcp netstat -anP udp pfiles /proc/ pfiles `ptree | awk '{print $1}'`| egrep '^[0-9]|port:' >> /tmp/ports rpcinfo -p

PreviousNetwork NextModify

Last updated 1 year ago

Was this helpful?