Common Network Tools in Linux
In Linux systems, network management is one of the core skills for system administrators and developers. Linux provides a rich set of network tools for diagnosing network issues, monitoring traffic, configuring interfaces, and testing connectivity. According to a survey by Stack Overflow, over 70% of Linux users frequently use network tools for troubleshooting and performance optimization. These tools are not only easy to use but can also handle complex scenarios such as firewall configuration, traffic analysis, and security scanning.
1. Introduction: The Importance of Network Tools
As an open-source operating system, Linux dominates in the server, cloud computing, and embedded fields. The network is the bridge through which Linux systems interact with the outside world, and efficient network management can enhance system stability and performance. Common network tools such as ping, traceroute, netstat, ss, tcpdump, iptables, nmap, curl, wget, ifconfig/ip, ethtool, iwconfig, and dig each have their specialties, covering connectivity testing, traffic monitoring, configuration management, and security scanning.
Why are these tools necessary?
- Troubleshooting: Quickly locate connection issues, latency, or packet loss.
- Performance Optimization: Analyze bandwidth usage and bottlenecks.
- Security Protection: Detect intrusions and configure firewalls.
- Daily Operations: Configure interfaces and monitor traffic.
- Development Testing: Simulate network scenarios and test APIs.
This article will categorize these tools, with each tool including principles, installation, usage, and examples, ensuring the content is detailed and practical. Let us begin exploring the world of Linux network tools.
2. Connectivity Testing Tools
Connectivity testing is the foundation of network diagnostics, and these tools help check whether hosts are reachable and whether paths are normal.
2.1 ping: Testing Connectivity and Latency
Principle: ping uses the ICMP protocol to send Echo Request packets and receives Echo Reply, calculating the round-trip time (RTT). It can detect whether a host is online, network latency, and packet loss rate.
Installation: Most Linux distributions come with ping pre-installed (iputils package).
sudo apt install iputils-ping # Ubuntu
sudo dnf install iputils # CentOS
Basic Usage:
-
Test connectivity:
ping google.comExample output:
PING google.com (142.250.204.14) 56(84) bytes of data. 64 bytes from maa11s09-in-f14.1e100.net (142.250.204.14): icmp_seq=1 ttl=119 time=20.5 ms -
Specify number of packets:
ping -c 4 google.com -
Specify interval:
ping -i 0.5 google.com -
Test IPv6:
ping6 ipv6.google.com
Advanced Applications:
-
Flood test (requires root):
sudo ping -f google.com -
Test MTU:
ping -M do -s 1472 google.com -
Combine with scripts for monitoring:
#!/bin/bash if ! ping -c 1 google.com > /dev/null; then echo "Network down" | mail -s "Alert" [email protected] fi
Notes:
- ping may be blocked by firewalls; use traceroute instead.
- High-frequency pings may be seen as attacks; use with caution.
- Permissions: Regular users can ping; root can flood ping.
Example: Monitor network stability.
-
Script:
while true; do ping -c 1 google.com >> /var/log/network_log.txt sleep 60 done -
Analyze logs to find packet loss.
2.2 traceroute: Path Tracing Tool
Principle: traceroute sends packets with incrementing TTL, recording the IPs of routers along the way and their response times to diagnose path issues.
Installation:
sudo apt install traceroute
Basic Usage:
-
Trace path:
traceroute google.comExample output:
traceroute to google.com (142.250.204.14), 30 hops max, 60 byte packets 1 192.168.1.1 (192.168.1.1) 1.234 ms 1.567 ms 1.890 ms 2 * * * 3 maa11s09-in-f14.1e100.net (142.250.204.14) 20.5 ms 21.2 ms 20.8 ms -
Specify packet type:
traceroute -I google.com # ICMP traceroute -T google.com # TCP traceroute -U google.com # UDP -
Specify port:
traceroute -T -p 80 google.com
Advanced Applications:
-
IPv6:
traceroute6 ipv6.google.com -
MTU discovery:
traceroute -M google.com -
Combine with mtr (my traceroute):
sudo apt install mtr mtr google.commtr combines ping and traceroute, providing real-time path statistics.
Notes:
- Routers may disable ICMP, resulting in * * * output.
- Firewalls may block traceroute.
- Use traceroute -n to disable DNS resolution for faster output.
Example: Diagnose latency issues.
- Run traceroute and find high latency at hop 5.
- Solution: Contact ISP to optimize routing.
- Result: Latency reduced by 50ms.
2.3 mtr: Real-time Path Diagnosis
Principle: mtr combines ping and traceroute, providing statistics on packet loss and latency along the path.
Installation:
sudo apt install mtr
Basic Usage:
-
Path diagnosis:
mtr google.comExample output:
My traceroute [v0.93] host (0.0.0.0), 30 hops max, 60 byte packets 1 (192.168.1.1) 1.234 ms 1.567 ms 1.890 ms 2 (*) * * * * * * * * * * * * * * * * * * * * * 3 (maa11s09-in-f14.1e100.net) 20.5 ms 21.2 ms 20.8 ms -
Specify number of packets:
mtr -c 10 google.com -
Report mode:
mtr -r -c 10 google.com
Advanced Applications:
-
IPv6:
mtr -6 ipv6.google.com -
Combine with scripts:
#!/bin/bash mtr -r -c 10 google.com >> /var/log/mtr_log.txt
Notes:
- mtr requires root permissions to run advanced features.
- High load may affect measurement accuracy.
Example: Network jitter issues.
- Run mtr and find a 5% packet loss at hop 2.
- Solution: Replace the router.
- Result: Jitter eliminated.
3. Traffic Monitoring Tools
Traffic monitoring tools help analyze bandwidth usage and bottlenecks.
3.1 netstat / ss: Network Status Monitoring
Principle: netstat displays network connections, routing tables, and interface statistics, while ss is its modern replacement, based on socket statistics.
Installation:
sudo apt install net-tools # netstat
Basic Usage:
-
View listening ports:
netstat -tuln ss -tulnExample output:
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN -
View connections:
netstat -tunap | grep ESTABLISHED ss -tunap | grep ESTAB -
Count port connections:
netstat -tunap | grep :80 | wc -l ss -tunap | grep :80 | wc -l
Advanced Applications:
-
View routing table:
netstat -rn -
View process connections:
netstat -tunap | grep nginx -
ss advantages: faster, supports filtering:
ss dst 192.168.1.1
Notes:
- netstat is deprecated; ss is recommended.
- Root permissions are required to view process information.
Example: Diagnose high connection counts.
- Run ss -tunap | wc -l and find 5000 connections.
- Solution: Optimize application connection pool.
- Result: Connection count reduced to 1000.
3.2 iftop: Real-time Bandwidth Monitoring
Principle: iftop monitors traffic on network interfaces, displaying usage by IP or host.
Installation:
sudo apt install iftop
Basic Usage:
-
Monitor interface:
sudo iftop -i eth0Example output:
192.168.1.100 => 142.250.204.14 1.2Mb 800Kb 600Kb 192.168.1.100 <= 500Kb 300Kb 200Kb -
Specify port:
sudo iftop -i eth0 -f "port 80" -
Display hostnames:
sudo iftop -i eth0 -n
Advanced Applications:
-
Combine with scripts for monitoring:
#!/bin/bash iftop -i eth0 -t -s 60 > /var/log/iftop_log.txt
Notes:
- Root permissions are required.
- High traffic scenarios may affect performance.
Example: Detect abnormal traffic.
- Run iftop and find an unknown IP consuming 50% of bandwidth.
- Solution: Block the IP with a firewall.
- Result: Bandwidth restored to normal.
3.3 nload: Bandwidth Usage Graph
Principle: nload displays real-time graphs of incoming and outgoing traffic on network interfaces.
Installation:
sudo apt install nload
Basic Usage:
-
Monitor interface:
nload eth0Output: Real-time graphs showing Incoming and Outgoing rates.
-
Specify units:
nload -u M eth0 # Mbps
Advanced Applications:
-
Multiple interfaces:
nload eth0 eth1
Notes: Interactive tool, suitable for manual monitoring.
Example: Analyze peak traffic.
- Run nload and find high traffic peaks at night.
- Solution: Adjust backup task timing.
- Result: Traffic balanced.
4. Configuration and Security Tools
Configuration tools are used to manage network interfaces and security.
4.1 ifconfig / ip: Network Interface Configuration
Principle: ifconfig is a traditional tool, while ip is a modern replacement used to view and configure network interfaces.
Installation:
sudo apt install net-tools # ifconfig
Basic Usage:
-
View interfaces:
ifconfig ip addr showExample output:
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.1.100 netmask 255.255.255.0 broadcast 192.168.1.255 -
Configure IP:
sudo ifconfig eth0 192.168.1.100 netmask 255.255.255.0 sudo ip addr add 192.168.1.100/24 dev eth0 -
Enable/disable interface:
sudo ifconfig eth0 up sudo ip link set eth0 down
Advanced Applications:
-
Add alias interface:
sudo ip addr add 192.168.1.101/24 dev eth0 label eth0:1
Notes: ifconfig is deprecated; ip is recommended.
Example: Add a virtual IP.
- Run ip addr add 192.168.1.101/24 dev eth0.
- Result: The server supports multiple IPs.
4.2 iptables / nftables: Firewall Configuration
Principle: iptables is a traditional firewall, while nftables is a modern replacement used to filter network traffic.
Installation:
sudo apt install iptables nft
Basic Usage:
-
View rules:
sudo iptables -L -v -n sudo nft list ruleset -
Add rules:
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT sudo nft add rule ip filter input tcp dport 80 accept -
Save rules:
sudo iptables-save > /etc/iptables.rules sudo nft list ruleset > /etc/nftables.conf -
Load rules:
sudo iptables-restore < /etc/iptables.rules sudo nft -f /etc/nftables.conf
Advanced Applications:
-
NAT configuration:
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE -
Port forwarding:
sudo iptables -t nat -A PREROUTING -p tcp --dport 8080 -j DNAT --to-destination 192.168.1.10:80
Notes: nftables has better performance; it is recommended for new systems.
Example: Configure firewall.
- Run iptables -A INPUT -j DROP.
- Result: Only specified traffic is allowed.
4.3 nmap: Network Scanning Tool
Principle: nmap scans host ports and services by sending packets.
Installation:
sudo apt install nmap
Basic Usage:
-
Scan host:
sudo nmap 192.168.1.1Example output:
Starting Nmap 7.80 ( https://nmap.org ) at 2025-09-16 11:00 CST Nmap scan report for 192.168.1.1 Host is up (0.0012s latency). PORT STATE SERVICE 80/tcp open http -
Scan range:
sudo nmap 192.168.1.0/24 -
Scan ports:
sudo nmap -p 1-1000 192.168.1.1
Advanced Applications:
-
OS detection:
sudo nmap -O 192.168.1.1 -
Service version:
sudo nmap -sV 192.168.1.1 -
Script scanning:
sudo nmap -sC 192.168.1.1
Notes:
- Root permissions are required for advanced scans.
- Scanning others’ networks requires authorization to avoid legal issues.
Example: Security audit.
- Run nmap -sV -O 192.168.1.1.
- Discover open ports and OS versions.
- Solution: Close unnecessary ports.
4.4 curl / wget: HTTP Testing Tools
Principle: curl and wget are used to send HTTP requests, test connectivity, and download files.
Installation:
sudo apt install curl wget
Basic Usage:
-
curl test:
curl http://google.com curl -I http://google.com # Only header information -
wget download:
wget https://example.com/file.zip -
Specify method:
curl -X POST -d "data=hello" http://example.com/api
Advanced Applications:
-
Authentication:
curl -u user:pass http://example.com -
Proxy:
curl -x http://proxy:3128 http://google.com -
JSON API:
curl -H "Content-Type: application/json" -d '{"key":"value"}' http://api.example.com
Notes:
- curl supports more protocols; wget is suitable for downloads.
Example: API testing.
- Run curl -X GET http://api.example.com/users.
- Analyze response JSON.
- Result: Verify API is functioning correctly.
5. Conclusion
Common network tools in Linux are essential skills for operations and development, covering all aspects of network management from connectivity testing with ping to security scanning with nmap.