Enumerate
NICs
ifconfig -a
Prints network information/configuration.
ifconfig eth0
Specific interface
ip addr show
Show NIC Info
ip addr show eth0
Specific interface
netstat -I
Shows interface stats.
netstat -ie
Shows interface stats, including MAC addresses.
ip link show
Shows the state of all network interfaces.
ls /sys/class/net/
Lists all network interfaces recognized by the kernel
lspci | grep -i network
Lists all PCI network interfaces by searching for "network"
nmcli device status
Lists network devices and their status using the NetworkManager command-line tool
nmtui
Provides a text user interface to NetworkManager
ethtool <interface>
Shows detailed info about a specific Eth interface
lshw -class network
Detailed info on all network interfaces. Requires lshw to be installed.
cat /sys/class/net/<interface>/address
Directly reads the MAC address from the system's file
Wireless
iwconfig
Displays wireless network configuration.
iw dev
Lists all wireless interfaces along with their details, including MAC addresses. Requires iw for wireless device operations.
ARP
arp
Displays the current ARP table/cache for the system.
arp -a
More readable format.
arp -an
Print the ARP cache.
ip neigh
Shows the ARP table. On newer systems. Part of 'iproute2'.
ip neigh show
List the entries.
ip -s -s neigh
Shows statistics about the ARP cache (size, entries, hits and misses).
arp-scan
Sends ARP packets to local network to discover IP and MAC addresses. Needs install.
cat /proc/net/arp
Displays the ARP table by reading the kernel's ARP table file.
DNS
dig <domain>
Queries DNS servers for info about domain names.
drill <domain>
Similar to dig, supports DNSSEC.
host <domain>
Shows IP address and basic DNS information.
nslookup <hostname/IP>
Queries Internet domain name servers for DNS lookup.
whois <domain>
Retrieves domain registration info.
nmcli device show
For systems using NetworkManager, includes DNS settings for network interfaces.
scutil --dns
(macOS specific) Displays the DNS config.
cat /etc/resolv.conf
Display DNS configuration.
cat /etc/hosts
Display hosts file.
Shows detailed DNS config and stats for systems using systemd-resolved for managing network name resolution.
It provides information about global and per-link DNS settings: systemd-resolve --status
Checks for DNS servers configured in network interface files (if applicable):
grep nameserver /etc/network/interfaces
grep nameserver /etc/sysconfig/network
Routing Tables
netstat -rn
Prints the kernel routing tables.
route -n
Displays the routing table in a numerical format, making it easier to parse.
ip route show
Lists the kernel routing tables. (Newer Linux command)
ip route list
Similar to ip route show.
ip route
Displays the routing table.
ss -r
Shows socket statistics with routing information. Not a direct way to list the routing table.
cat /proc/net/route
Displays the routing table from the system's proc filesystem.
ip route get <destination>
Traces the route to a specific destination.
traceroute <hostname/IP>
Traces the path packets take to reach a host, helping to identify network bottlenecks.
mtr <hostname/IP>
Combines ping and traceroute functionalities to provide continuous network diagnostics.
Sockets
ss -auntp
TCP connections and listeners, UDP listeners, and Processes.
netstat -auntp
TCP connections and listeners, UDP listeners, and PIDs.
Netstat Options
-a
Show both listening and non-listening sockets.
-t
Show TCP connections.
-u
Show UDP connections.
-n
Show numerical addresses instead of resolving hostnames.
-l
Show only listening sockets.
-p
Show the PID and name of the program to which each socket belongs.
-r
Display the routing table.
-i
Display a table of all network interfaces.
-s
Show statistics for all protocols.
-c
Continuously list the information.
-W
Avoid truncating IP addresses (useful for IPv6).
-e
Display extended information; more detailed.
-o
Show timer information (similar to ss -o).
-g
Display multicast group memberships.
-C
Show the routing cache.
-A <family>
Specify the address family (e.g., inet, inet6, unix).
-F
Display the Forwarding Information Base (FIB).
-M
Display masqueraded connections.
-x
Show UNIX domain sockets.
-Z
Show the SELinux security context for sockets.
--numeric-hosts
Show hosts numerically (avoid DNS lookup).
--numeric-ports
Show ports numerically.
--numeric-users
Show users numerically (avoid user name lookup).
--protocol=<family>
Show information for a specific protocol family.
--tcp
Shortcut for -A inet -t.
--udp
Shortcut for -A inet -u.
--unix
Shortcut for -A unix -x.
--inet
Shortcut for specifying IPv4 protocols only.
--inet6
Shortcut for specifying IPv6 protocols only.
SS Options
-h
Display help message.
-V
Show version info.
-n
Do not resolve service names (show numerical addresses and ports).
-r
Resolve hostnames (inverse of -n).
-a
Both listening and non-listening sockets.
-l
Listening sockets only.
-o
Show timer info.
-m
Show memory usage for each socket.
-p
Show process using the socket.
-i
Show internal TCP info.
-s
Show socket usage statistics.
-4
IPv4 sockets only.
-6
IPv6 sockets only.
-0
Packet sockets only.
-t
TCP sockets only.
-u
UDP sockets only.
-d
DCCP sockets only.
-w
RAW sockets only.
-x
Unix domain sockets only.
-f
Specify address family (use with inet, unix, link, netlink, inet6, etc.).
-A
Filter sockets by states (e.g., all, connected, synchronized, bucket, big).
-e
Show detailed socket info.
-E
Export socket info to a file.
-Z
Show socket security info.
-K
Show TCP congestion algorithm.
-c
Show continuous listing.
-S
Show socket details in summary format.
-b
Show BPF filter socket info.
-N <netns>
Switch to the specified network namespace (requires either PID or name of the netns).
-H
Do not print header.
state <filter>
Filter sockets by state (e.g., established, time-wait).
Connectivity
ping <hostname/IP>
Tests connectivity to a host and measures round-trip time.
traceroute <hostname/IP>
Traces the path packets take to reach a host, helping identify network bottlenecks.
mtr <hostname/IP>
Combines ping and traceroute functionalities.
nc <hostname/IP> <port>
Tests TCP connectivity to a specified port on a host.
telnet <hostname/IP> <port>
Attempts to establish a TCP connection to a specified port on a host.
curl <URL>
Retrieves content from a web server, useful for testing HTTP connectivity.
host <hostname>
Simple utility for DNS lookups.
iperf / iperf3
Measures the maximum network bandwidth between a client and a server.
Processes Using Network
lsof -i
Lists open files belonging to active network connections.
sudo lsof -i tcp:<port>
Lists processes using a specific TCP port.
sudo lsof -i udp:<port>
Lists processes using a specific UDP port.
netstat -tupln
Shows the PID and program name that are listening.
ss -tupln
Shows the PID and program name that are listening.
nethogs
Displays real-time network usage per process.
Find Processes Using a Specific Port
Use with caution as it sends signals to processes and could affect their behavior:
fuser <port>
Provides PID
fuser -nv tcp <port>
Identifies processes using a specific TCP port
fuser -nv udp <port>
Identifies processes using a specific UDP port.
Find Processes that have Port Information
Captures TCP packets with SYN or ACK flags, indicating connection attempts. Requires root privileges:
Sets up a rule in iptables to log network connections initiated by processes owned by a specific user. This requires analyzing the log to see the connections:
Solaris
netstat -anP tcp
netstat -anP udp
pfiles /proc/
pfiles `ptree | awk '{print $1}'`| egrep '^[0-9]|port:' >> /tmp/ports rpcinfo -p
Last updated
Was this helpful?