Too Long; Didn't ReadLinux has always been the go-to system for anyone serious about control and performance. But even the best setups hit a wall, sometimes especially when networking starts acting up. If you’ve worked in sysadmin, IT support, or DevOps, you already know how quickly a simple network issue can turn into a full-blown headache.
Maybe you’ve just pushed a new app live and suddenly it can’t talk to the database. Or your web service isn’t reachable, and you’re stuck wondering if it’s DNS, routing, or something deeper. These moments test both your patience and your command-line skills.
That’s where a solid set of Linux networking commands comes in. They’re your toolkit for figuring out what’s wrong, step by step. The goal isn’t to memorize them like flashcards, but to know what each one reveals about your system and the network around it.
Some old commands like telnet had their time, but modern environments call for better tools. In this guide, I’ve rounded up 20 essential from basics to advanced lifesavers, showing where classics still help and where newer tools like nmap and nmcli take over.
This isn’t just a list, it’s the kit I wish someone had handed me when I first started troubleshooting Linux networks.
Quick Reference Table: Linux Networking & Troubleshooting Commands
| Command | Primary Purpose |
|---|---|
hostname | Identify system hostname |
host | Perform quick DNS lookups |
ping | Test network connectivity and latency |
curl | Test HTTP/HTTPS responses or download content |
wget | Retrieve files or check URL reachability |
ip | Manage IP addresses, interfaces, and routes |
nmcli | Control NetworkManager connections and devices |
arp | Display/modify IP to MAC address mappings |
ss | Display socket statistics and connections |
traceroute | Show path packets take to reach a host |
mtr | Real-time path analysis (combines ping & traceroute) |
dig | Perform detailed DNS queries |
nslookup | Legacy DNS lookup tool |
nc (Netcat) | Test open ports or transfer raw data |
lsof | List open files and sockets (find processes on ports) |
tcpdump | Capture and inspect network packets |
resolvectl | Display DNS configuration (for systemd systems) |
nmap | Powerful port scanner and network discovery |
iftop | Show real-time bandwidth usage |
route | (Optional) Display/modify routing table (legacy) |
The Essentials: Your First Line of Defense
These are the go-to commands every Linux user should know before things get complicated. Think of them as your first response when something isn’t connecting or behaving the way it should. They help you confirm whether the issue is local, network-wide, or somewhere in between and give you a clear starting point before digging deeper.
1. hostname – Who Am I?
What it does: The hostname command shows or sets your system’s name on the network. Think of it as your machine’s ID badge, the one other systems recognize when you connect or send data. It’s especially useful for verifying server identities, DNS mappings, and ensuring everything’s labeled correctly in multi-server setups.
Why it matters: When you SSH into a server, the hostname immediately tells you where you are. In a large environment, hostnames are vital for inventory and management.
How to use:
hostname # Display the current hostname hostname -i # Show the IP address associated with the hostname
Pro tip:
Always use descriptive hostnames. web-prod-01 makes sense at a glance; linuxbox doesn’t tell you much.
2. host – Quick DNS Lookups
What it does: host is a simple and fast command-line utility for performing DNS lookups. It translates domain names into IP addresses and can also do reverse lookups to find which domain an IP belongs to.
Why it matters: DNS is basically the internet’s phonebook. When a service isn’t reachable by name, the first question is always, does that name resolve to the correct IP? The host command gives you that answer instantly.
How to use:
host example.com # Resolves example.com to its IP address host 8.8.8.8 # Resolves the IP address to its domain (reverse lookup)
Pro tip:
If host fails to resolve a domain you know exists. it might indicate an issue with your system’s DNS resolver configuration (e.g., /etc/resolv.conf).
3. ping – The Heartbeat Check
What it does: ping (Packet InterNet Groper) is the classic tool for checking connectivity between two systems. It sends ICMP (Internet Control Message Protocol) echo requests to a target and waits for replies, measuring how long each packet takes to travel back. It measures packet loss and round-trip time (latency). In short, it tells you whether a host is reachable and how healthy the connection is.
Why it matters: This is often the very first command you run when you suspect a network issue. It instantly tells you if your system can reach the destination and whether there’s delay or packet loss along the way.
How to use:
ping -c 4 google.com # Send 4 packets to google.com and stop ping -i 2 192.168.1.1 # Send pings every 2 seconds (default is 1 second)
Pro tip: High latency or packet loss often means something’s wrong in the path it could be network congestion, a bad cable, or even an overloaded router.
4. curl – Web Service Connectivity
What it does: curl (short for Client URL) is one of those tools that every Linux admin ends up relying on. While it can do much more, for networking troubleshooting, it’s excellent for checking HTTP/HTTPS responses or downloading content. It’s your go-to for checking if a web server or API endpoint is alive and responding.
Why it matters: You can use curl to simulate a web browser request, allowing you to see exactly what response a web server provides. That makes it easy to tell if the issue is with the network itself or something higher up like the web server, SSL configuration, or the application.
How to use:
curl -I https://example.com # Fetch only the HTTP headers, useful for quick status checks curl https://api.example.com/status # Fetch content from an API endpoint curl -v https://example.com # Verbose output, showing negotiation details
Pro tip: If ping works but curl fails, your network connectivity is likely fine, but the issue lies at the application layer (e.g., web server not running, firewall blocking port 80/443).
5. wget – Retrieving Content and Reachability
What it does: wget is a non-interactive network downloader. It can retrieve files from web, FTP, and HTTPS servers. For troubleshooting, it’s excellent for checking if a URL is reachable and for downloading large files to test bandwidth.
Why it matters: Similar to curl, wget confirms web connectivity but is particularly useful for validating if a file or resource can be downloaded from a remote server. The --spider option makes it a lightweight reachability checker without downloading anything.
How to use:
wget --spider https://example.com # Check if a URL is reachable without downloading wget https://example.com/largefile.zip # Download a file
Pro tip: wget is great for automation. Use it in scripts to pull updates, backups, or config files from a central server without manual effort.
Interface & Route Management: Getting Under the Hood
These commands help you view, configure, and fine-tune your network interfaces and routing tables. Whether you’re assigning IPs, checking routes, or diagnosing strange connectivity gaps, this is where you get real visibility into how traffic moves in and out of your system.
6. ip – The Modern Network Swiss Army Knife
What it does: The ip command is the modern, all-in-one replacement for legacy tools like ifconfig and route. It manages IP addresses, network interfaces, routing tables, and ARP entries. Mastering ip is crucial for any Linux professional.
Why it matters: ip gives you complete control and visibility over your system’s network configuration. From checking interface status to assigning IPs or inspecting routes, it lets you do everything from one place, cleanly and consistently.
How to use:
ip a # Shows all network interfaces and their IP addresses (ip addr show) ip route # Displays the kernel routing table ip link show eth0 # Shows details for a specific network interface (e.g., eth0) ip -s link show eth0 # Shows statistics for an interface sudo ip addr add 192.168.1.100/24 dev eth0 # Add an IP address to an interface (temporary)
Pro tip: Always prefer ip over ifconfig for modern Linux systems. Its output is more consistent and powerful for scripting.
7. nmcli – NetworkManager on the Command Line
What it does: nmcli is the command-line interface for NetworkManager, which is a dynamic network configuration daemon widely used on modern Linux distributions (especially desktops and many cloud VMs). It allows users to view and manage network interfaces, connections, and Wi-Fi settings.
Why it matters: If your system uses NetworkManager, nmcli is your primary tool for quickly inspecting and altering network configurations without diving into config files or GUI tools. It’s incredibly versatile for automating network setup.
How to use:
nmcli device status # Show status of all network devices nmcli connection show # List all network connections nmcli connection up "My_Connection" # Activate a specific connection nmcli device wifi list # Scan for Wi-Fi networks
Pro tip: nmcli is invaluable in cloud environments or embedded systems where a GUI isn’t available but NetworkManager is managing connectivity.
8. arp – IP to MAC Mapping
What it does: The arp command displays or edits your system’s ARP cache the table that maps IP addresses to physical MAC addresses on your local network. It’s how your machine knows which hardware device to send packets to when communicating within the same subnet.
Why it matters: ARP is how devices on a local network find each other using IP addresses. If your system can’t resolve a local IP to a MAC, it can’t communicate. Troubleshooting ARP issues often involves checking this table.
How to use:
arp -n # Displays the ARP table numerically (without resolving hostnames)
Pro tip: If you see “incomplete” entries in your ARP table for devices you expect to be active, it might indicate a local network issue, such as a faulty switch port or a device not responding to ARP requests.
9. ss – Socket Statistics
What it does: ss (Socket Statistics) is a modern, faster, and more capable replacement for the older netstat command. It displays socket statistics, open ports, and active network connections (both TCP and UDP).
Why it matters: When an application isn’t communicating, or you suspect a port conflict, ss quickly shows you what ports are open, what connections are established, and which processes are using them.
How to use:
ss -tulwn # Show TCP, UDP, listening, numeric, non-resolved connections ss -tulnp # Show TCP, UDP, listening, numeric, with process info (requires root) ss -s # Display summary statistics ss -tp src :80 # Show connections originating from local port 80
Pro tip: Always use ss over netstat if available. It’s faster and provides more detailed information, especially in systems with many active connections.
10. traceroute – Mapping the Packet Path
What it does: traceroute maps the path your packets take to reach a destination. It lists every router (hop) between your system and the target, along with the round-trip time for each.
Why it matters: If ping works but a service feels slow, traceroute helps you pinpoint where the latency is occurring. Maybe the problem’s inside your own network, maybe it’s with your ISP, or maybe it’s a router halfway across the world this tool shows you the trail.
How to use:
traceroute google.com # Trace the route to google.com traceroute -n 8.8.8.8 # Trace to a specific IP without resolving hostnames
Pro tip: If one hop shows high latency, that node might be overloaded or congested. Asterisks (*) in the output mean that a router isn’t responding to the probe, which could be due to firewall rules.
Advanced Diagnostics: Deeper Dives
Once you’ve ruled out the usual suspects, it’s time to go beyond the basics. These tools help you trace routes, analyze DNS behavior, and inspect traffic patterns to understand why something isn’t working as expected. They’re the commands you reach for when the simple checks pass — but something still feels off.
11. mtr – Live Path Analysis
What it does: mtr (My Traceroute) combines the functionality of ping and traceroute into a single, real-time diagnostic tool. It continuously sends packets and updates the path analysis, showing latency and packet loss for each hop in real-time.
Why it matters: For intermittent network issues or performance problems, mtr is incredibly useful. It highlights where packet loss or latency spikes are occurring dynamically, giving you a live view of network health.
How to use:
mtr google.com # Real-time path analysis to google.com (Ctrl+C to exit) mtr -n -c 10 8.8.8.8 # Send 10 packets numerically to an IP
Pro tip: Let mtr run for a few minutes when you suspect network instability. The constantly updating statistics can reveal intermittent issues that a single traceroute might miss.
12. dig – Detailed DNS Queries
What it does: dig (Domain Information Groper) is a powerful and flexible tool for performing detailed DNS queries. Unlike host or nslookup, dig gives you much more granular control and verbose output, showing authoritative name servers, TTLs, and various record types (A, AAAA, MX, TXT, etc.).
Why it matters: When troubleshooting complex DNS issues, especially those involving mail routing (MX records) or domain verification (TXT records), dig is indispensable. It queries name servers directly, giving you the most accurate and current view of DNS resolution.
How to use:
dig example.com +short # Get only the A record IP address dig example.com MX # Query for Mail Exchange (MX) records dig @8.8.8.8 example.com # Query a specific DNS server (e.g., Google’s public DNS)
Pro tip: When dealing with CDN or regional DNS propagation problems, try querying multiple public DNS resolvers (like 8.8.8.8 or 1.1.1.1). Differences in responses can reveal where DNS updates haven’t yet propagated globally.
13. nslookup – Legacy DNS Lookup
What it does: is a legacy but still widely used DNS lookup tool. It lets you query DNS servers to resolve domain names to IP addresses or perform reverse lookups the other way around. You can run it in both interactive and one-off (non-interactive) modes, making it handy for quick DNS checks.nslookup
Why it matters: While dig is more powerful, nslookup is often found on systems where dig might not be pre-installed, and its simplicity makes it easy for quick, basic checks.
How to use:
nslookup example.com # Resolve example.com nslookup 8.8.8.8 # Reverse lookup for 8.8.8.8
Pro tip: If you’re logged into an unfamiliar system or a minimal environment, nslookup is often the simplest way to confirm whether DNS resolution is working at all, even when other tools aren’t available.
14. nc (Netcat) – The Network Swiss Army Knife (for ports)
What it does: nc (Netcat) is a versatile utility often referred to as the “TCP/IP swiss army knife.” For troubleshooting, it’s primarily used to test if a specific port is open on a remote host or to transfer raw data over network connections.
Why it matters: When ping works but curl fails, nc can tell you if the target server is even listening on the expected port. It bypasses application-layer protocols to test raw TCP/UDP connectivity.
How to use:
nc -zv example.com 80 # Test if port 80 is open on example.com (zero-I/O, verbose) nc -zv 192.168.1.100 22-25 # Scan a range of ports on a local host
Pro tip: If nc -zv connects successfully, the port is open and reachable, meaning routing and firewalls are fine. If the service still fails afterward, the issue almost certainly lies within the application itself.
15. lsof – Open Files and Sockets
What it does: lsof (List Open Files) is a powerful utility that lists all open files and, crucially for networking, all open network sockets on a system. It can show you which process is using a specific port or which files a process has open.
Why it matters: When you try to start a service and it fails because “address already in use,” lsof shows you exactly what’s blocking it. Whether it’s Apache, Nginx, or some stray process that didn’t exit cleanly, this command reveals what’s really going on under the hood.
How to use:
sudo lsof -i :22 # Show processes using port 22 (SSH) sudo lsof -i TCP:80 # Show processes bound to TCP port 80 sudo lsof -i -u youruser # Show network activity for a specific user
Pro tip: lsof is a lifesaver when dealing with port conflicts, especially in Docker or container-heavy setups where multiple services might be fighting for the same port.
16. tcpdump – Packet Sniffer
What it does: tcpdump is a powerful command-line packet analyzer. It captures and inspects packets flowing through a network interface, allowing for a deeper understanding of network traffic.
Why it matters: When all other commands fail and you need to see what’s really happening, tcpdump cuts straight to the truth. It’s essential for diagnosing complex issues like firewall misconfigurations, protocol errors, or application-level communication failures.
How to use:
sudo tcpdump -i eth0 # Capture all packets on interface eth0 sudo tcpdump -i any host 192.168.1.100 # Capture packets to/from a specific host on any interface sudo tcpdump -i eth0 port 80 or port 443 # Capture HTTP/HTTPS traffic on eth0
Pro tip: The output of tcpdump can be overwhelming. Always use filters to narrow down the traffic you’re interested in. You can also save captures to a file (-w filename.pcap) and analyze them later with Wireshark.
17. resolvectl – Systemd DNS Control
What it does: resolvectl is the command-line front end for systemd-resolved, the DNS resolver that ships with most modern Linux systems using systemd. It lets you inspect how your system handles DNS resolution, including which nameservers it’s using, their status, and any active DNS settings.
Why it matters: If your system’s DNS resolution is acting strangely (e.g., some domains resolve, others don’t), resolvectl gives you a clear window into what’s going on. It’s often the fastest way to check if your system is using the correct DNS servers or caching outdated results.
How to use:
resolvectl status # Show current DNS configuration and status resolvectl query example.com # Query a specific domain using the system resolver
Pro tip: If your system runs systemd-resolved, always check resolvectl status before editing /etc/resolv.conf manually. That file is often managed automatically, and overwriting it can cause more trouble than it solves.
18. nmap – Powerful Port Scanner
What it does: nmap (Network Mapper) is a free and open-source utility for network discovery and security auditing. It’s a powerful port scanner that can check which services are open on a host, identify operating systems, and even detect vulnerabilities. It’s a much safer and more capable replacement for the legacy telnet command when testing open ports.
Why it matters: For a DevOps engineer, nmap is invaluable for verifying firewall rules, understanding the attack surface of a server, and ensuring only intended ports are open. It’s essential for pre-deployment checks and security assessments.
How to use:
nmap -sS 192.168.1.1 # Perform a SYN stealth scan on a target IP nmap -p 20-100 example.com # Scan a specific port range nmap -A 192.168.1.1 # Aggressive scan: OS detection, version detection, script scanning, and traceroute
Pro tip: Always use nmap responsibly and ethically, only scanning networks you have explicit permission to scan.
19. iftop – Real-time Bandwidth Monitoring
What it does: iftop (interface TOP) is a command-line tool that displays real-time bandwidth usage on a network interface. It continuously updates a list of active connections, showing how much data each is sending and receiving.
Why it matters: When a server is slow, but you’re not sure why, iftop can quickly tell you if network bandwidth is the bottleneck. It visually highlights which connections are consuming the most traffic.
How to use:
sudo iftop # Start iftop on the default interface sudo iftop -i eth0 # Monitor a specific interface
Pro tip: During performance bottlenecks, iftop can quickly identify if a single client or an unexpected process is saturating your network link. Press t to toggle different display modes (e.g., showing source/destination IP pairs, only one direction).
20. route (Optional, for Legacy Familiarity) – Old-school Routing
What it does: The route command (from the net-tools package) displays or modifies the IP routing table. It’s how you can see which gateways packets use to reach their destinations.
Why it matters: While its functionality is largely covered and superseded by the ip route command, route -n is still widely known and occasionally found on older systems or minimal installations where the ip command might not be immediately available. It’s useful for understanding the basic routing configuration.
How to use:
route -n # Display the routing table numerically (without resolving hostnames)
Pro tip: On modern systems, always prefer ip route. If you still find yourself reaching for route, it’s probably time to update your habits or scripts the ip suite is the standard now.
Wrapping Up: Your Network Troubleshooting Journey
Mastering these 20 Linux networking and troubleshooting commands isn’t about memorizing syntax, it’s about building a skillset that’ll serve you throughout your tech career. Whether you’re a system administrator, developer, or DevOps engineer, the ability to quickly diagnose and fix network issues is invaluable.
Linux’s real strength lies in its transparency, it gives you the tools to see exactly what’s happening under the hood. By incorporating these commands into your daily workflow, you’re not just fixing problems; you’re learning how networks truly operate, empowering you to build more resilient and efficient systems. With a focus on modern tools like ip, nmap, and nmcli, combined with classics like ping and curl, you’re well-equipped to handle just about any connectivity challenge.
Keep practicing, keep experimenting, and remember, every tricky network issue teaches you something new. Master these commands, and you’ll not only troubleshoot faster but also strengthen the culture of reliability and improvement in every environment you manage.
