CIS120Linux Fundementals

ip and netstat Commands

The ip and netstat commands are essential tools for managing and monitoring network configurations and connections in Linux. The ip command is used for network interface configuration, IP address manipulation, and routing, while netstat is used to display network connections, routing tables, interface statistics, masquerade connections, and multicast memberships. Understanding these commands, their outputs, and their options is crucial for effective network management.

The ip Command

The ip command is part of the iproute2 package and is used to configure network interfaces, IP addresses, and routing.

Basic usage of ip:

ip [OPTIONS] OBJECT { COMMAND | help }

Commonly Used ip Options:

Option	Description
`addr`	Display or manipulate IP addresses
`link`	Display or manipulate network interfaces
`route`	Display or manipulate routing tables
`neigh`	Display or manipulate ARP cache
`-s`	Display detailed statistics

Examples and Output Explanations:

To display all IP addresses:

ip addr

Output:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 08:00:27:53:8b:dc brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.10/24 brd 192.168.1.255 scope global dynamic enp0s3
       valid_lft 86352sec preferred_lft 86352sec
    inet6 fe80::a00:27ff:fe53:8bdc/64 scope link 
       valid_lft forever preferred_lft forever

This output is from the ip addr show or ip a command, which displays network interface details on a Linux system. Let's break it down:

Loopback Interface (lo)

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000

lo (Loopback Interface) – A special virtual interface used for internal communication within the system.
LOOPBACK – Indicates it's a loopback device.
UP, LOWER_UP – The interface is active.
mtu 65536 – Maximum Transmission Unit (packet size) is 65,536 bytes (much larger than standard Ethernet, since it's internal).
qdisc noqueue – No queuing discipline, as it doesn't need packet scheduling.
state UNKNOWN – No real "connection" exists (it’s always available).

link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

MAC address: Loopback interfaces use a dummy MAC (00:00:00:00:00:00).

inet 127.0.0.1/8 scope host lo

IPv4 Address: 127.0.0.1 (localhost).
/8 – Subnet mask (255.0.0.0), allowing all 127.x.x.x addresses.
Scope host – Only accessible on the local system.

inet6 ::1/128 scope host

IPv6 Address: ::1 (equivalent to 127.0.0.1 in IPv4).
/128 – Single IP (no network portion).
Scope host – Only accessible on the local system.

Ethernet Interface (`enp0s3`)

2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000

enp0s3 – The Ethernet network interface.
BROADCAST, MULTICAST – Supports broadcasting and multicasting.
UP, LOWER_UP – The interface is active and has a physical link.
mtu 1500 – Standard Ethernet MTU of 1500 bytes.
qdisc fq_codel – Queueing discipline (fq_codel helps reduce network latency).
state UP – The interface is operational.

link/ether 08:00:27:53:8b:dc brd ff:ff:ff:ff:ff:ff

MAC Address: 08:00:27:53:8b:dc (unique hardware identifier).
Broadcast Address: ff:ff:ff:ff:ff:ff (used to send messages to all devices on the network).

inet 192.168.1.10/24 brd 192.168.1.255 scope global dynamic enp0s3

IPv4 Address: 192.168.1.10 (local network address).
/24 – Subnet mask (255.255.255.0), meaning 192.168.1.x is the local network.
brd 192.168.1.255 – Broadcast address for this subnet.
scope global – Reachable beyond the local machine.
dynamic – Assigned by DHCP.

valid_lft 86352sec preferred_lft 86352sec

Lease Time: 86,352 seconds (about 24 hours) before DHCP reassigns the IP.

inet6 fe80::a00:27ff:fe53:8bdc/64 scope link

IPv6 Address: fe80::a00:27ff:fe53:8bdc (Link-Local Address, used within the local network).
/64 – Standard subnet size for IPv6.
Scope link – Only usable on this local network segment.

To display the link layer information:

ip link

Output:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 08:00:27:53:8b:dc brd ff:ff:ff:ff:ff:ff

link/loopback: Indicates the link type for the loopback interface.
link/ether: Indicates the link type for the Ethernet interface.
brd: Broadcast address.

To display the routing table:

ip route

Output:

default via 192.168.1.1 dev enp0s3 proto dhcp metric 100 
192.168.1.0/24 dev enp0s3 proto kernel scope link src 192.168.1.10 metric 100

default: The default gateway.
via: The gateway IP address.
dev: The device (network interface) used.
proto: The protocol used to configure the route.
scope: The scope of the route (link, global, etc.).
src: The source IP address for packets sent via this route.

The netstat Command

The netstat command displays various network-related information such as network connections, routing tables, interface statistics, masquerade connections, and multicast memberships.

Basic usage of netstat:

netstat [OPTIONS]

Commonly Used netstat Options:

Option	Description
`-a`	Show all sockets (listening and non-listening)
`-t`	Show TCP connections
`-u`	Show UDP connections
`-n`	Show numerical addresses instead of resolving hostnames
`-r`	Display the routing table
`-i`	Display network interface statistics
`-s`	Display summary statistics for each protocol
`-p`	Show process using the socket

Examples and Output Explanations:

To display all network connections:

netstat -a

Output:

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN     
tcp        0      0 192.168.1.10:22         192.168.1.100:54678     ESTABLISHED
udp        0      0 0.0.0.0:68              0.0.0.0:*                          
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags       Type       State         I-Node   Path
unix  2      [ ]         DGRAM                    13383    /run/systemd/notify

Proto: Protocol (TCP, UDP, etc.).
Recv-Q: Receive queue size.
Send-Q: Send queue size.
Local Address: Local address and port.
Foreign Address: Remote address and port.
State: Connection state (LISTEN, ESTABLISHED, etc.).

To display the routing table:

netstat -r

Output:

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
default         192.168.1.1     0.0.0.0         UG        0 0          0 enp0s3
192.168.1.0     *               255.255.255.0   U         0 0          0 enp0s3

Destination: Network destination.
Gateway: Gateway IP address.
Genmask: Network mask.
Flags: Route flags (U = up, G = gateway).
Iface: Network interface.

To display network interface statistics:

netstat -i

Output:

Kernel Interface table
Iface      MTU    RX-OK  RX-ERR RX-DRP RX-OVR TX-OK  TX-ERR TX-DRP TX-OVR Flg
enp0s3     1500   4823   0      0      0      4325   0      0      0      BMRU
lo         65536  1522   0      0      0      1522   0      0      0      LRU

Iface: Network interface.
MTU: Maximum Transmission Unit.
RX-OK: Received packets without errors.
RX-ERR: Received packets with errors.
RX-DRP: Dropped received packets.
RX-OVR: Overruns on received packets.
TX-OK: Transmitted packets without errors.
TX-ERR: Transmitted packets with errors.
TX-DRP: Dropped transmitted packets.
TX-OVR: Overruns on transmitted packets.

To display summary statistics for each protocol:

netstat -s

Output:

Ip:
    4325 total packets received
    0 forwarded
    0 incoming packets discarded
    4325 incoming packets delivered
    4325 requests sent out
Tcp:
    240 active connection openings
    6 passive connection openings
    0 failed connection attempts
    0 connection resets received
    2 connections established
    2103 segments received
    2200 segments sent out
    0 segments retransmitted
    0 bad segments received.
    0 resets sent
Udp:
    200 packets received
    0 packets to unknown port received.
    0 packet receive errors
    200 packets sent

Ip: Statistics for the IP protocol.
Tcp: Statistics for the TCP protocol.
Udp: Statistics for the UDP protocol.

Summary

The ip and netstat commands are powerful tools for network management and monitoring in Linux. Theipcommand allows for detailed configuration and display of network interfaces, IP addresses, and routing tables. Thenetstat` command provides extensive information on network connections, routing tables, and interface statistics. By mastering these commands and understanding their outputs, you can effectively manage and troubleshoot network issues.

ip and netstat Commands

The ip Command

Loopback Interface (lo)

Ethernet Interface (enp0s3)

The netstat Command

Summary

Ethernet Interface (`enp0s3`)