Common Network Tools in Linux

Common Network Tools in Linux

In Linux systems, network management is one of the core skills for system administrators and developers. Linux provides a rich set of network tools for diagnosing network issues, monitoring traffic, configuring interfaces, and testing connectivity. According to a survey by Stack Overflow, over 70% of Linux users frequently use network tools for troubleshooting and performance optimization. These tools are not only easy to use but can also handle complex scenarios such as firewall configuration, traffic analysis, and security scanning.

1. Introduction: The Importance of Network Tools

As an open-source operating system, Linux dominates in the server, cloud computing, and embedded fields. The network is the bridge through which Linux systems interact with the outside world, and efficient network management can enhance system stability and performance. Common network tools such as ping, traceroute, netstat, ss, tcpdump, iptables, nmap, curl, wget, ifconfig/ip, ethtool, iwconfig, and dig each have their specialties, covering connectivity testing, traffic monitoring, configuration management, and security scanning.

Why are these tools necessary?

  • Troubleshooting: Quickly locate connection issues, latency, or packet loss.
  • Performance Optimization: Analyze bandwidth usage and bottlenecks.
  • Security Protection: Detect intrusions and configure firewalls.
  • Daily Operations: Configure interfaces and monitor traffic.
  • Development Testing: Simulate network scenarios and test APIs.

This article will categorize these tools, with each tool including principles, installation, usage, and examples, ensuring the content is detailed and practical. Let us begin exploring the world of Linux network tools.

2. Connectivity Testing Tools

Connectivity testing is the foundation of network diagnostics, and these tools help check whether hosts are reachable and whether paths are normal.

2.1 ping: Testing Connectivity and Latency

Principle: ping uses the ICMP protocol to send Echo Request packets and receives Echo Reply, calculating the round-trip time (RTT). It can detect whether a host is online, network latency, and packet loss rate.

Installation: Most Linux distributions come with ping pre-installed (iputils package).

sudo apt install iputils-ping  # Ubuntu
sudo dnf install iputils  # CentOS

Basic Usage:

  • Test connectivity:

    ping google.com
    

    Example output:

    PING google.com (142.250.204.14) 56(84) bytes of data.
    64 bytes from maa11s09-in-f14.1e100.net (142.250.204.14): icmp_seq=1 ttl=119 time=20.5 ms
    
  • Specify number of packets:

    ping -c 4 google.com
    
  • Specify interval:

    ping -i 0.5 google.com
    
  • Test IPv6:

    ping6 ipv6.google.com
    

Advanced Applications:

  • Flood test (requires root):

    sudo ping -f google.com
    
  • Test MTU:

    ping -M do -s 1472 google.com
    
  • Combine with scripts for monitoring:

    #!/bin/bash
    if ! ping -c 1 google.com > /dev/null; then
        echo "Network down" | mail -s "Alert" [email protected]
    fi
    

Notes:

  • ping may be blocked by firewalls; use traceroute instead.
  • High-frequency pings may be seen as attacks; use with caution.
  • Permissions: Regular users can ping; root can flood ping.

Example: Monitor network stability.

  • Script:

    while true; do
        ping -c 1 google.com >> /var/log/network_log.txt
        sleep 60
    done
    
  • Analyze logs to find packet loss.

2.2 traceroute: Path Tracing Tool

Principle: traceroute sends packets with incrementing TTL, recording the IPs of routers along the way and their response times to diagnose path issues.

Installation:

sudo apt install traceroute

Basic Usage:

  • Trace path:

    traceroute google.com
    

    Example output:

    traceroute to google.com (142.250.204.14), 30 hops max, 60 byte packets
    1  192.168.1.1 (192.168.1.1)  1.234 ms  1.567 ms  1.890 ms
    2  * * *
    3  maa11s09-in-f14.1e100.net (142.250.204.14)  20.5 ms  21.2 ms  20.8 ms
    
  • Specify packet type:

    traceroute -I google.com  # ICMP
    traceroute -T google.com  # TCP
    traceroute -U google.com  # UDP
    
  • Specify port:

    traceroute -T -p 80 google.com
    

Advanced Applications:

  • IPv6:

    traceroute6 ipv6.google.com
    
  • MTU discovery:

    traceroute -M google.com
    
  • Combine with mtr (my traceroute):

    sudo apt install mtr
    mtr google.com
    

    mtr combines ping and traceroute, providing real-time path statistics.

Notes:

  • Routers may disable ICMP, resulting in * * * output.
  • Firewalls may block traceroute.
  • Use traceroute -n to disable DNS resolution for faster output.

Example: Diagnose latency issues.

  • Run traceroute and find high latency at hop 5.
  • Solution: Contact ISP to optimize routing.
  • Result: Latency reduced by 50ms.

2.3 mtr: Real-time Path Diagnosis

Principle: mtr combines ping and traceroute, providing statistics on packet loss and latency along the path.

Installation:

sudo apt install mtr

Basic Usage:

  • Path diagnosis:

    mtr google.com
    

    Example output:

    My traceroute  [v0.93]
    host (0.0.0.0), 30 hops max, 60 byte packets
     1 (192.168.1.1)  1.234 ms  1.567 ms  1.890 ms
     2 (*)  * * *  * * *  * * *  * * *  * * *  * * *  * * *
     3 (maa11s09-in-f14.1e100.net)  20.5 ms  21.2 ms  20.8 ms
    
  • Specify number of packets:

    mtr -c 10 google.com
    
  • Report mode:

    mtr -r -c 10 google.com
    

Advanced Applications:

  • IPv6:

    mtr -6 ipv6.google.com
    
  • Combine with scripts:

    #!/bin/bash
    mtr -r -c 10 google.com >> /var/log/mtr_log.txt
    

Notes:

  • mtr requires root permissions to run advanced features.
  • High load may affect measurement accuracy.

Example: Network jitter issues.

  • Run mtr and find a 5% packet loss at hop 2.
  • Solution: Replace the router.
  • Result: Jitter eliminated.

3. Traffic Monitoring Tools

Traffic monitoring tools help analyze bandwidth usage and bottlenecks.

3.1 netstat / ss: Network Status Monitoring

Principle: netstat displays network connections, routing tables, and interface statistics, while ss is its modern replacement, based on socket statistics.

Installation:

sudo apt install net-tools  # netstat

Basic Usage:

  • View listening ports:

    netstat -tuln
    ss -tuln
    

    Example output:

    tcp   0  0  0.0.0.0:80  0.0.0.0:*  LISTEN
    
  • View connections:

    netstat -tunap | grep ESTABLISHED
    ss -tunap | grep ESTAB
    
  • Count port connections:

    netstat -tunap | grep :80 | wc -l
    ss -tunap | grep :80 | wc -l
    

Advanced Applications:

  • View routing table:

    netstat -rn
    
  • View process connections:

    netstat -tunap | grep nginx
    
  • ss advantages: faster, supports filtering:

    ss dst 192.168.1.1
    

Notes:

  • netstat is deprecated; ss is recommended.
  • Root permissions are required to view process information.

Example: Diagnose high connection counts.

  • Run ss -tunap | wc -l and find 5000 connections.
  • Solution: Optimize application connection pool.
  • Result: Connection count reduced to 1000.

3.2 iftop: Real-time Bandwidth Monitoring

Principle: iftop monitors traffic on network interfaces, displaying usage by IP or host.

Installation:

sudo apt install iftop

Basic Usage:

  • Monitor interface:

    sudo iftop -i eth0
    

    Example output:

    192.168.1.100    => 142.250.204.14    1.2Mb  800Kb  600Kb
    192.168.1.100    <=                  500Kb  300Kb  200Kb
    
  • Specify port:

    sudo iftop -i eth0 -f "port 80"
    
  • Display hostnames:

    sudo iftop -i eth0 -n
    

Advanced Applications:

  • Combine with scripts for monitoring:

    #!/bin/bash
    iftop -i eth0 -t -s 60 > /var/log/iftop_log.txt
    

Notes:

  • Root permissions are required.
  • High traffic scenarios may affect performance.

Example: Detect abnormal traffic.

  • Run iftop and find an unknown IP consuming 50% of bandwidth.
  • Solution: Block the IP with a firewall.
  • Result: Bandwidth restored to normal.

3.3 nload: Bandwidth Usage Graph

Principle: nload displays real-time graphs of incoming and outgoing traffic on network interfaces.

Installation:

sudo apt install nload

Basic Usage:

  • Monitor interface:

    nload eth0
    

    Output: Real-time graphs showing Incoming and Outgoing rates.

  • Specify units:

    nload -u M eth0  # Mbps
    

Advanced Applications:

  • Multiple interfaces:

    nload eth0 eth1
    

Notes: Interactive tool, suitable for manual monitoring.

Example: Analyze peak traffic.

  • Run nload and find high traffic peaks at night.
  • Solution: Adjust backup task timing.
  • Result: Traffic balanced.

4. Configuration and Security Tools

Configuration tools are used to manage network interfaces and security.

4.1 ifconfig / ip: Network Interface Configuration

Principle: ifconfig is a traditional tool, while ip is a modern replacement used to view and configure network interfaces.

Installation:

sudo apt install net-tools  # ifconfig

Basic Usage:

  • View interfaces:

    ifconfig
    ip addr show
    

    Example output:

    eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
          inet 192.168.1.100  netmask 255.255.255.0  broadcast 192.168.1.255
    
  • Configure IP:

    sudo ifconfig eth0 192.168.1.100 netmask 255.255.255.0
    sudo ip addr add 192.168.1.100/24 dev eth0
    
  • Enable/disable interface:

    sudo ifconfig eth0 up
    sudo ip link set eth0 down
    

Advanced Applications:

  • Add alias interface:

    sudo ip addr add 192.168.1.101/24 dev eth0 label eth0:1
    

Notes: ifconfig is deprecated; ip is recommended.

Example: Add a virtual IP.

  • Run ip addr add 192.168.1.101/24 dev eth0.
  • Result: The server supports multiple IPs.

4.2 iptables / nftables: Firewall Configuration

Principle: iptables is a traditional firewall, while nftables is a modern replacement used to filter network traffic.

Installation:

sudo apt install iptables nft

Basic Usage:

  • View rules:

    sudo iptables -L -v -n
    sudo nft list ruleset
    
  • Add rules:

    sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
    sudo nft add rule ip filter input tcp dport 80 accept
    
  • Save rules:

    sudo iptables-save > /etc/iptables.rules
    sudo nft list ruleset > /etc/nftables.conf
    
  • Load rules:

    sudo iptables-restore < /etc/iptables.rules
    sudo nft -f /etc/nftables.conf
    

Advanced Applications:

  • NAT configuration:

    sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
    
  • Port forwarding:

    sudo iptables -t nat -A PREROUTING -p tcp --dport 8080 -j DNAT --to-destination 192.168.1.10:80
    

Notes: nftables has better performance; it is recommended for new systems.

Example: Configure firewall.

  • Run iptables -A INPUT -j DROP.
  • Result: Only specified traffic is allowed.

4.3 nmap: Network Scanning Tool

Principle: nmap scans host ports and services by sending packets.

Installation:

sudo apt install nmap

Basic Usage:

  • Scan host:

    sudo nmap 192.168.1.1
    

    Example output:

    Starting Nmap 7.80 ( https://nmap.org ) at 2025-09-16 11:00 CST
    Nmap scan report for 192.168.1.1
    Host is up (0.0012s latency).
    PORT   STATE SERVICE
    80/tcp open  http
    
  • Scan range:

    sudo nmap 192.168.1.0/24
    
  • Scan ports:

    sudo nmap -p 1-1000 192.168.1.1
    

Advanced Applications:

  • OS detection:

    sudo nmap -O 192.168.1.1
    
  • Service version:

    sudo nmap -sV 192.168.1.1
    
  • Script scanning:

    sudo nmap -sC 192.168.1.1
    

Notes:

  • Root permissions are required for advanced scans.
  • Scanning others’ networks requires authorization to avoid legal issues.

Example: Security audit.

  • Run nmap -sV -O 192.168.1.1.
  • Discover open ports and OS versions.
  • Solution: Close unnecessary ports.

4.4 curl / wget: HTTP Testing Tools

Principle: curl and wget are used to send HTTP requests, test connectivity, and download files.

Installation:

sudo apt install curl wget

Basic Usage:

  • curl test:

    curl http://google.com
    curl -I http://google.com  # Only header information
    
  • wget download:

    wget https://example.com/file.zip
    
  • Specify method:

    curl -X POST -d "data=hello" http://example.com/api
    

Advanced Applications:

  • Authentication:

    curl -u user:pass http://example.com
    
  • Proxy:

    curl -x http://proxy:3128 http://google.com
    
  • JSON API:

    curl -H "Content-Type: application/json" -d '{"key":"value"}' http://api.example.com
    

Notes:

  • curl supports more protocols; wget is suitable for downloads.

Example: API testing.

  • Run curl -X GET http://api.example.com/users.
  • Analyze response JSON.
  • Result: Verify API is functioning correctly.

5. Conclusion

Common network tools in Linux are essential skills for operations and development, covering all aspects of network management from connectivity testing with ping to security scanning with nmap.

Leave a Comment