Skip to content

1.5 Networking

Networking tools in Linux vary significantly across distributions.

The newer iproute2 package includes ss and ip which largely replace commands such as ifconfig, route, and netstat.

On the man page of the netstat command, you can read:

This program is mostly obsolete.  Replacement for netstat is ss. Replacement for  netstat -r  is ip route.  Replacement for netstat  i is ip -s link.  Replacement for netstat -g is ip maddr.

Like the man page says, the ss command has replaced the netstat command. Other deprecated programs in the net-tools package include:

route and netstat -r that have been replaced with ip route

arp which have been replaced by ip neigh or neighbor.

Some useful terminology to learn across these programs:

inet - internet protocol family (IPv4) inet6 - the modern protocol of IP addresses represented in hexidecimal lo - virtual loop back device/interface for troubleshooting ifconfig lo wlo1 - wireless network interface (NIC) RX - Receive TX - Transmit

Network Monitoring

Tshark

-i for interface-f for capture filter

❯ sudo tshark -i wlo1 -f "src port 443"

You can also read -r from and write -w to a file.

tcpdump

Similar to tshark, tcpdump can also analyze packets on a network.

List interfaces with -D.

❯ tcpdump -D
1.wlo1 [Up, Running, Wireless, Associated]
2.any (Pseudo-device that captures on all interfaces) [Up, Running]
3.lo [Up, Running, Loopback]
4.enp2s0 [Up, Disconnected]
5.virbr0 [Up, Disconnected]
6.docker0 [Up, Disconnected]

The syntax is very similar to tshark

❯ sudo tcpdump -i wlo1 port 443 -w tcpdump.pcap
My Traceroute mtr

Article on mtr command. Combines ping and traceroute functionality.

-r report mode sends 10 packets in the background and write to sdout. Use -c to cycle the number of packets.

❯ mtr -r -c 15 google.com > report.txt

mtr uses ICMP echos by default, but you can use UDP with -u and TCP SYN packets with -T.

Checking Open Ports

You want set up a server for SSH, the first step is making sure port 22 is open. Here are the various ways to check.

ss -tuln | grep ':22'
telnet localhost 22
sudo lsof -iTCP #look for a name with ssh
Firewalls

Let's say telnet refuses connection and the other commands do not find port 22, this could be UFW (Uncomplicated Firewall) is blocking it. UFW basically a wrapper over iptables for Ubuntu. sudo ufw status will let you know if it is enabled or not, and what ports it allows or blocks.

UFW will either use iptables or nftables by default. Here we can see nf_tables is used, if it wasn't, it would say "legacy".

iptables -V
iptables v1.8.7 (nf_tables)

iptables is old and nftables if preferred.