Ex.

No : 1 STUDY OF BASIC NETWORK COMMANDS

Aim: To learn to use basic network commands like tcpdump, netstat, ifconfig, nslookup and
traceroute.

Basic commands:
1. ifconfigCommand:
ifconfig in short “interface configuration” utility for system/network administration in
Unix/Linux operating systems to configure, manage and query network interface parameters via
command line interface or in a system configuration scripts.
The “ifconfig” command is used for displaying current network configuration information, setting
up an ip address, netmask or broadcast address to an network interface, creating an alias for network
interface, setting up hardware address and enable or disable network interfaces.
1. View All Network Setting
The “ifconfig” command with no arguments will display all the active interfaces details. The
ifconfig command also used to check the assigned IP address of an server.
[root@tecmint ~]# ifconfig

2. Display Information of All Network Interfaces

The following ifconfig command with -a argument will display information of all active or inactive
network interfaces on server. It displays the results for eth0, lo, sit0 and tun0.
[root@tecmint ~]# ifconfig -a

3. View Network Settings of Specific Interface

Using interface name (eth0) as an argument with “ifconfig” command will display details of
specific network interface.
[root@tecmint ~]# ifconfig eth0

2. TcpdumpCommand:
tcpdump is a most powerful and widely used command-line packets sniffer or package analyzer tool
which is used to capture or filter TCP/IP packets that received or transferred over a network on a
specific interface. It is available under most of the Linux/Unix based operating systems. tcpdump
also gives us a option to save captured packets in a file for future analysis. It saves the file in a pcap
format, that can be viewed by tcpdump command or a open source GUI based tool
calledWireshark(Network Protocol Analyzier) that reads tcpdumppcap format files.

Commands:
1. Capture Packets from Specific Interface
The command screen will scroll up until we interrupt and when we execute tcpdump command it
will captures from all the interfaces, however with -i switch only capture from desire interface.
# tcpdump -i eth0

2. Capture Only N Number of Packets

tcpdump command will capture all the packets for specified interface, until we Hit cancel button.
But using -coption, can capture specified number of packets. The below example will only capture
6 packets.

# tcpdump -c 5 -i eth0

3. Print Captured Packets in ASCII

tcpdump command with option -A displays the package in ASCII format. It is a character-encoding
scheme format.

# tcpdump -A -i eth0

4. Display Available Interfaces

To list number of available interfaces on the system, run the following command with -D option.

# tcpdump -D

5. Display Captured Packets in HEX and ASCII

The following command with option -XX capture the data of each packet, including its link level
header in HEX and ASCII format.

# tcpdump -XX -i eth0

6. Capture and Save Packets in a File

tcpdump has a feature to capture and save the file in a .pcap format, to do this just execute
command with -w option.

# tcpdump -w 0001.pcap -i eth0

7. Read Captured Packets File

To read and analyze captured packet 0001.pcap file use the command with -r option, as shown
below.
# tcpdump -r 0001.pcap

8. Capture IP address Packets

To capture packets for a specific interface, run the following command with option -n.
# tcpdump -n -i eth0

9. Capture only TCP Packets.

To capture packets based on TCP port, run the following command with option tcp.
 # tcpdump -i eth0 tcp

10. Capture Packet from Specific Port

To capture packets for specific port 22, execute the below command by specifying port number 22
as shown below.
# tcpdump -i eth0 port 22

11. Capture Packets from source IP

To capture packets from source IP, say you want to capture packets for 192.168.0.2, use the
command as follows.
# tcpdump -i eth0 src 192.168.0.2

12. Capture Packets from destination IP

To capture packets from destination IP, say you want to capture packets for 50.116.66.139, use the
command as follows.
# tcpdump -i eth0 dst 50.116.66.139

3. netstat Command:
netstat (network statistics) is a command line tool for monitoring network connections both
incoming and outgoing as well as viewing routing tables, interface statistics etc. netstat is available
on all Unix-like Operating Systems and also available on Windows OS as well. It is very useful in
terms of network troubleshooting and performance measurement. netstat is one of the most basic
network service debugging tools, to tell what ports are open and whether any programs are listening
on ports.

1. Listing all the LISTENING Ports of TCP and UDP connections

Listing all ports (both TCP and UDP) using netstat -a option.
# netstat -a | more

2. Listing TCP Ports connections

Listing only TCP (Transmission Control Protocol) port connections using netstat -at.
# netstat -at

3. Listing UDP Ports connections

Listing only UDP (User Datagram Protocol ) port connections using netstat -au.
# netstat -au

4. Listing all LISTENING Connections

Listing all active listening ports connections with netstat -l.
# netstat -l
5. Listing all TCP Listening Ports
Listing all active listening TCP ports by using option netstat -lt.
# netstat -lt

6. Listing all UDP Listening Ports

Listing all active listening UDP ports by using option netstat -lu.
# netstat -lu

7. Listing all UNIX Listening Ports

Listing all active UNIX listening ports using netstat -lx.
# netstat -lx

8. Showing Statistics by Protocol

Displays statistics by protocol. By default, statistics are shown for the TCP, UDP, ICMP, and IP
protocols. The -s parameter can be used to specify a set of protocols.
# netstat -s

9. Showing Statistics by TCP Protocol

Showing statistics of only TCP protocol by using option netstat -st.
# netstat -st

10. Showing Statistics by UDP Protocol

# netstat -su

11. Displaying Service name with PID

Displaying service name with their PID number, using option netstat -tp will display “PID/Program
Name”.
# netstat -tp

12. Displaying Promiscuous Mode

Displaying Promiscuous mode with -ac switch, netstat print the selected information or refresh
screen every five second. Default screen refresh in every second.
# netstat -ac 5 | greptcp

13. Displaying Kernel IP routing

Display Kernel IP routing table with netstat and route command.
# netstat -r

14. Showing Network Interface Transactions

Showing network interface packet transactions including both transferring and receiving packets
with MTU size.
 # netstat -i

15. Showing Kernel Interface Table

Showing Kernel interface table, similar to ifconfig command.
# netstat -ie

16. Displaying IPv4 and IPv6 Information

Displays multicast group membership information for both IPv4 and IPv6.
# netstat -g

17. Print Netstat Information Continuously

To get netstat information every few second, then use the following command, it will print netstat
information continuously, say every few seconds.
# netstat -c

18. Finding non supportive Address

Finding un-configured address families with some useful information.
# netstat --verbose

19. Finding Listening Programs

Find out how many listening programs running on a port.
# netstat -ap | grep http

20. Displaying RAW Network Statistics

# netstat --statistics --raw

4. nslookupCommand:
nslookup is a command-line administrative tool for testing and troubleshooting DNS servers
(Domain Name Server). It is used to query specific DNS resource records (RR) as well. Most
operating systems comes with built-in nslookup feature.

1. Find out “A” record (IP address) of Domain

# nslookup yahoo.com

2. Find out Reverse Domain Lookup

# nslookup 209.191.122.70

3. Find out specific Domain Lookup.

# nslookup ir1.fp.vip.mud.yahoo.com.

4.. To Query MX (Mail Exchange) record.

# nslookup -query=mx www.yahoo.com
5. To query NS(Name Server) record.
# nslookup -query=ns www.yahoo.com

6. To query SOA (Start of Authority) record.

# nslookup -type=soa www.yahoo.com

7. To query all Available DNS records.

# nslookup -query=any yahoo.com

8. Enable Debug mode

To enable Debug Mode ‘set debug’ will return you verbose information like TTL, here’s the output.
# nslookup -debug yahoo.com

5. TRACEROUTE Command:
traceroute is a network troubleshooting utility which shows number of hops taken to reach
destination also determine packets traveling path. Below we are tracing route to global DNS server
IP Address and able to reach destination also shows path of that packet is traveling.
# traceroute 4.2.2.2

Result:
Thus the basic network commands were studied and executed.