CIS120Linux Fundementals

ip and netstat Commands

The ip and netstat commands are essential tools for managing and monitoring network configurations and connections in Linux. The ip command is used for network interface configuration, IP address manipulation, and routing, while netstat is used to display network connections, routing tables, interface statistics, masquerade connections, and multicast memberships. Understanding these commands, their outputs, and their options is crucial for effective network management.

The ip Command

The ip command is part of the iproute2 package and is used to configure network interfaces, IP addresses, and routing.

Basic usage of ip:

ip [OPTIONS] OBJECT { COMMAND | help }

Commonly Used ip Options:

Option	Description
addr	Display or manipulate IP addresses
link	Display or manipulate network interfaces
route	Display or manipulate routing tables
neigh	Display or manipulate ARP cache
-s	Display detailed statistics

Examples and Output Explanations:

To display all IP addresses:

ip addr

Output:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 08:00:27:53:8b:dc brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.10/24 brd 192.168.1.255 scope global dynamic enp0s3
       valid_lft 86352sec preferred_lft 86352sec
    inet6 fe80::a00:27ff:fe53:8bdc/64 scope link 
       valid_lft forever preferred_lft forever

• lo: Loopback interface, used for local communication within the host.
• enp0s3: Ethernet interface, used for network communication.
• inet: IPv4 address of the interface.
• inet6: IPv6 address of the interface.
• mtu: Maximum Transmission Unit, the size of the largest packet that can be transmitted.
• qdisc: Queueing discipline, the algorithm used to manage the queue of packets.

To display the link layer information:

ip link

Output:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 08:00:27:53:8b:dc brd ff:ff:ff:ff:ff:ff

• link/loopback: Indicates the link type for the loopback interface.
• link/ether: Indicates the link type for the Ethernet interface.
• brd: Broadcast address.

To display the routing table:

ip route

Output:

default via 192.168.1.1 dev enp0s3 proto dhcp metric 100 
192.168.1.0/24 dev enp0s3 proto kernel scope link src 192.168.1.10 metric 100

• default: The default gateway.
• via: The gateway IP address.
• dev: The device (network interface) used.
• proto: The protocol used to configure the route.
• scope: The scope of the route (link, global, etc.).
• src: The source IP address for packets sent via this route.

The netstat Command

The netstat command displays various network-related information such as network connections, routing tables, interface statistics, masquerade connections, and multicast memberships.

Basic usage of netstat:

netstat [OPTIONS]

Commonly Used netstat Options:

Option	Description
-a	Show all sockets (listening and non-listening)
-t	Show TCP connections
-u	Show UDP connections
-n	Show numerical addresses instead of resolving hostnames
-r	Display the routing table
-i	Display network interface statistics
-s	Display summary statistics for each protocol
-p	Show process using the socket

Examples and Output Explanations:

To display all network connections:

netstat -a

Output:

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN     
tcp        0      0 192.168.1.10:22         192.168.1.100:54678     ESTABLISHED
udp        0      0 0.0.0.0:68              0.0.0.0:*                          
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags       Type       State         I-Node   Path
unix  2      [ ]         DGRAM                    13383    /run/systemd/notify

• Proto: Protocol (TCP, UDP, etc.).
• Recv-Q: Receive queue size.
• Send-Q: Send queue size.
• Local Address: Local address and port.
• Foreign Address: Remote address and port.
• State: Connection state (LISTEN, ESTABLISHED, etc.).

To display the routing table:

netstat -r

Output:

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
default         192.168.1.1     0.0.0.0         UG        0 0          0 enp0s3
192.168.1.0     *               255.255.255.0   U         0 0          0 enp0s3

• Destination: Network destination.
• Gateway: Gateway IP address.
• Genmask: Network mask.
• Flags: Route flags (U = up, G = gateway).
• Iface: Network interface.

To display network interface statistics:

netstat -i

Output:

Kernel Interface table
Iface      MTU    RX-OK  RX-ERR RX-DRP RX-OVR TX-OK  TX-ERR TX-DRP TX-OVR Flg
enp0s3     1500   4823   0      0      0      4325   0      0      0      BMRU
lo         65536  1522   0      0      0      1522   0      0      0      LRU

• Iface: Network interface.
• MTU: Maximum Transmission Unit.
• RX-OK: Received packets without errors.
• RX-ERR: Received packets with errors.
• RX-DRP: Dropped received packets.
• RX-OVR: Overruns on received packets.
• TX-OK: Transmitted packets without errors.
• TX-ERR: Transmitted packets with errors.
• TX-DRP: Dropped transmitted packets.
• TX-OVR: Overruns on transmitted packets.

To display summary statistics for each protocol:

netstat -s

Output:

Ip:
    4325 total packets received
    0 forwarded
    0 incoming packets discarded
    4325 incoming packets delivered
    4325 requests sent out
Tcp:
    240 active connection openings
    6 passive connection openings
    0 failed connection attempts
    0 connection resets received
    2 connections established
    2103 segments received
    2200 segments sent out
    0 segments retransmitted
    0 bad segments received.
    0 resets sent
Udp:
    200 packets received
    0 packets to unknown port received.
    0 packet receive errors
    200 packets sent

• Ip: Statistics for the IP protocol.
• Tcp: Statistics for the TCP protocol.
• Udp: Statistics for the UDP protocol.

Summary

The ip and netstat commands are powerful tools for network management and monitoring in Linux. Theipcommand allows for detailed configuration and display of network interfaces, IP addresses, and routing tables. Thenetstat` command provides extensive information on network connections, routing tables, and interface statistics. By mastering these commands and understanding their outputs, you can effectively manage and troubleshoot network issues.