The Top 5 Underrated Linux Networking Tools

Useful Linux Networking Commands

Inspired by Julia Evans’ tweet, the Cohesive team has come together to bring you our favorite Linux networking commands.

By Julia Evans
By Julia Evans
There are great resources out there to search. We had a few overlaps with Julia’s lists, since there are just some commands you’ll never stop using. Most commands you probably already know. Even folks in sales use the term ping when they talk about connecting!

Using the command line interface (CLI) is generally easier, but only if you can remember the commands and options. For those network commands and functions that slip from your memory, here’s a handy list:

  • ifconfig lets you set your IP address and the netmask of a network interface. You can also use it to to display and analyze network interface parameters to see if you need to enable or disable the interface.
sample ifconfig from Wikimedia Commons

sample ifconfig from Wikimedia Commons

netstat / ss (short for “network statistics”) displays network connections for incoming and outgoing TCP traffic, routing tables, and network protocol statistics. We most commonly use netstat to find problems in the network. Some recommend using ss instead.

To display what packets are being sent to port 80, use tcpdumptcpdump is a packet analyzer that displays packets being transmitted or received in that network. Want a fancy GUI view of packets? Use wireshark.

More useful diagnostic tools are traceroute / mtr. Use these to display the route or path between servers on a network. traceroute also records the route history so you can see each hop and the time it spend establishing each connection.

Fun fact, mtr is commonly know as “my traceroute” but was originally named Matt’s traceroute (MTR) by its writer, Matt Kimball.

iptables is handy when you need to set up tables for your firewalls and NAT.

To scan your network to find all the hosts and services, use nmap. By scanning the computer network, it builds a “map” of where packets end up. nmap lets you do host discovery and service and OS detection. We recommend it for network vulnerability detection too.

telnet is an oldie-but-goodie of networking. Use “teletype network” to see if a port on another server is open. telnet is not recommended on the open, unsecured internet. For public-facing networks use SSH instead.

 5 more unexpected Linux/Unix commands from Cohesive Networks


From Nicholas Clements, our Director of Development:

openssl is actually helpful in a couple of ways. My favourite (unexpected) way: acting like telnet but for secure connections.

$ openssl s_client -connect my_test_vns3:8000

And since Linux (and all Unixes — if that’s the correct plural) are file-handle-based, use lsof to”list open files” or all network connections, processes tied to particular ports, etc. Just look at the man page for lsof -i!

This is not network troubleshooting-specific, but I much prefer using less rather than more


From Barton Nicholls, our Senior Solutions Architect and Head of DevOps:

  • I find nslookup useful if I need to query the DNS to obtain either the IP address mapping or other specific DNS record information. nslookup is short for “name server lookup” It does not use the OS’s local DNS resolver library, so it’s a bit different than dig.

nslookup [-SubCommand ...] [{ComputerToFind| [-Server]}]

  • route might seem obvious but it’s a handy way to display your entries in the local IP routing table. You can also modify the route table with route. For example, you can add a default route using default gateway addresses of with:

route add mask

From Patrick Kerpan, our CEO:

  • The linux utility / command that everyone looking “over the shoulder” has said to me “I never knew that!” is iftop. It gives a dynamic terminal view of network interface throughput. By default, it orders connections by bandwidth usage, showing the “top” bandwidth consumers only.

iftop -N -n -i eth0

its magic.

Bonus! From Ryan Koop, Director of products and marketing:

hping3 is a ping from any source IP address. It much more feature rich, and it is one of the standard tools for security auditing and firewall testing. hping3 is the new version of hping and is scriptable with human readable descriptions.

By: Margaret Valtierra