Managing Network Connections - Ubuntu Linux Toolbox: 1000+ Commands for Power Users (2013)

Ubuntu Linux Toolbox: 1000+ Commands for Power Users (2013)

Chapter 11

Managing Network Connections


· Using ethtool and mii-tool to work with network interface cards

· Getting network statistics with netstat

· Starting network devices

· Viewing Ethernet information with ifconfig and ip

· Managing wireless cards with iwconfig

· Checking DNS name resolution with dig, host, and hostname

· Checking connectivity with ping and arp

· Tracing connections with traceroute, route, and ip

· Watching the network with netstat, tcpdump, and nmap

Connecting to a network from Linux is often as easy as turning on your computer. Your wired or wireless network interfaces should just start up and immediately let you connect to other computers on your local network or the Internet. However, if your network interface doesn’t come up or requires some manual setup, there are many commands available for configuring network interfaces, checking network connections, and setting up special routing.

This chapter covers many useful commands for configuring and working with your network interface cards (NICs), such as ethtool, mii-tool, and ifconfig. More specifically, it covers ways of configuring wired and wireless Ethernet connections. With your hardware connected and network interfaces in place, the chapter describes commands such as netstat, dig, ip, and ping for getting information about your network.

Configuring Networks from the GUI

When you first install Ubuntu, the installer lets you configure any wired Ethernet cards attached to your computer with the use of a DHCP server detected on your network. The DHCP server can assign an IP address to your computer’s network interface, as well as assign a default gateway (to access the Internet or other remote networks), DNS server (for name to address resolution), and possibly a hostname.

Alternatively, you can set a static IP address, along with your hostname and IP addresses for your gateway machine and name servers. After installation, there are also graphical tools for configuring your network interfaces.

For Ubuntu desktop systems, the NetworkManager application manages your network interfaces. To change your network connections, either type Network Connections from the Dashboard or select the network icon (it looks like a pie slice) from the top bar. Then select Edit Connections from the menu. From the Network Connections window that appears, you can configure both wired and wireless network connections. Select the connection you are interested in and, if you choose, you can change the dynamic (DHCP) configuration to static IP addresses.

In some cases, however, your network interfaces may not be working, or you may want to work with your network interfaces in ways that are not supported from the GUI. For those cases, the following sections describe how to work with your network interfaces from the command line.

Managing Network Interface Cards

If the network hardware on your computer didn’t immediately come up and let you connect to the Internet, there are some steps you should go through to troubleshoot the problem:

· For a wired NIC, verify that it is properly installed and that the cable is connected to your network (ISP’s DSL, switch, and so on).

· After the cable is connected, make sure you have a link with no speed or duplex mismatches.

· Make sure that the cable is firmly seated in the NIC (it should click when it goes in). For wireless NICs, if there is no indication that the wireless card exists, but you know that your laptop has a wireless card, check for a small switch on the side of the laptop. On several occasions, I’ve seen that switch turned off by mistake, which prevents the wireless card from appearing at all on your list of available network interface cards.

To check your link from Linux, and to set speed and duplex, there are two commands you can use: the older mii-tool (net-tools package) and the newer ethtool (ethtool package). Use ethtool unless you have a very old NIC and NIC driver that are not compatible with the ethtool command.

To install the ethtool package and then view the syntax of the ethtool command, type the following:

$ sudo apt-get remove ethtool

$ ethtool -h | less View options to the ethtool command

The ethtool command outputs its built-in help to stderr. To be able to page through that help with less, you redirect stderr to stdout.

To display settings for a specific Ethernet card, add the interface name to the command. For example, to view card information for eth0, type the following:

$ sudo ethtool eth0 See settings for NIC at eth0

Settings for eth0:

Supported ports: [ TP ]

Supported link modes: 10baseT/Half 10baseT/Full

100baseT/Half 100baseT/Full


Supported pause frame use: No

Supports auto-negotiation: Yes

Advertised link modes: 10baseT/Half 10baseT/Full

100baseT/Half 100baseT/Full


Advertised auto-negotiation: Yes

Speed: 100Mb/s

Duplex: Full

Port: Twisted Pair


Transceiver: internal

Auto-negotiation: on

MDI-X: off

Supports Wake-on: plumbg

Wake-on: g

Current message level: 0x00000001 (1)


Link detected: yes

You will need root permissions to acquire information about the Ethernet interface, hence the use of the sudo command in the previous example.

To find out about the driver being used for a particular network card, use the -i option:

$ sudo ethtool -i eth0 Display driver information for NIC

driver: e1000e

version: 1.5.1-k

firmware-version: 0.5-7

bus-info: 0000:01:00.0

Use the -S option to display detailed statistics for a NIC:

$ sudo ethtool -S eth0 Show statistics for NIC at eth0

NIC statistics:

rx_packets: 1326384

tx_packets: 773046

rx_bytes: 1109944723

tx_bytes: 432773480

rx_errors: 5

tx_errors: 2

rx_dropped: 0

tx_dropped: 0

multicast: 0

collisions: 0

rx_length_errors: 0

rx_over_errors: 0

rx_crc_errors: 5

rx_frame_errors: 0

rx_fifo_errors: 0

rx_missed_errors: 0

tx_aborted_errors: 0

tx_carrier_errors: 2


The ethtool command can be used to change NIC settings as well as display them. To turn off auto-negotiation and hard-set the NIC to 100 Mbps, full duplex, type this:

$ sudo ethtool -s eth0 speed 100 duplex full autoneg off Change NIC

To turn off auto-negotiation and hard-set the speed to 10 Mbps, half-duplex, type this:

$ sudo ethtool -s eth0 speed 10 duplex half autoneg off Change NIC

The changes just made to your NIC settings are good for the current session. When you reboot, however, those setting will be lost. To make these settings stick at the next reboot or network restart, you need to create a new script to be executed at boot time. The following steps describe how to do this.

1. Choose a name for your new script, such as eth_options, and then create the script in the /etc/init.d directory:

$ sudo vi /etc/init.d/eth_options

2. Insert the following text into this new script:



ETHTOOL_OPTS="speed 10 duplex half autoneg off"


case "$1" in


echo -n "Setting $DEV options to $ETHTOOL_OPTS...";


echo " done.";;




exit 0

3. The specific settings you desire should be placed into the variable ETHTOOL_OPTS. For example:

ETHTOOL_OPTS="speed 10 duplex half autoneg off"

You can also change the DEV variable, which points to the first Ethernet interface, eth0.

4. Set up the script as an executable file:

$ sudo chmod +x /etc/init.d/eth_options

5. Set up the symbolic links to run your new script under the different runlevels:

$ sudo update-rc.d eth_options defaults

Adding system startup for /etc/init.d/eth_options ...

/etc/rc0.d/K20eth_options -> ../init.d/eth_options

/etc/rc1.d/K20eth_options -> ../init.d/eth_options

/etc/rc6.d/K20eth_options -> ../init.d/eth_options

/etc/rc2.d/S20eth_options -> ../init.d/eth_options

/etc/rc3.d/S20eth_options -> ../init.d/eth_options

/etc/rc4.d/S20eth_options -> ../init.d/eth_options

/etc/rc5.d/S20eth_options -> ../init.d/eth_options

You can run your script with the following command:

$ sudo /etc/init.d/eth_options start

Note You can find tips similar to this at the nixCraft site at

As mentioned earlier, ethtool may not work on some older NICs. So if you have an older NIC, try using mii-toolas follows:

$ sudo mii-tool Show negotiated speed, link status of old NIC

eth0: negotiated 100baseTx-FD flow-control, link ok

This example was taken from the same machine as the preceding examples, with the NIC auto-negotiating at 1000 Mbps, full-duplex. The mii-tool command is misreading the speed setting. This is why I recommend using mii-tool only as a last resort if ethtool doesn’t work with your old NIC.

To display the mii-tool output with more verbosity, use the -v option:

$ sudo mii-tool -v Show verbose settings output for old NIC

eth0: negotiated 100baseTx-FD flow-control, link ok

product info: Yukon-EC 88E1111 rev 0

basic mode: autonegotiation enabled

basic status: autonegotiation complete, link ok

capabilities: 1000baseT-FD 100baseTx-FD 100baseTx-HD

10baseT-FD 10baseT-HD

advertising: 100baseTx-FD 100baseTx-HD 10baseT-FD

10baseT-HD flow-control

link partner: 1000baseT-FD 100baseTx-FD 100baseTx-HD

10baseT-FD 10baseT-HD flow-control

In the example just shown, you can see that each mode (100baseTx and 10baseT) supports both half-duplex (HD) and full duplex (FD). The 1000baseT, however, supports only full duplex. To disable auto-negotiation and force a particular setting, use the -F option as follows:

$ sudo mii-tool -F 10baseT-FD eth0 Force speed/duplex to 10baseT-FD

If you change your mind and later want to re-enable auto-negotiation, use the -r option:

$ sudo mii-tool -r eth0 Enable auto-negotiation for an old NIC

restarting autonegotiation...

mii-tool does not provide a capability to save settings like ethtool does, so you have to run it after every reboot. This can be done by adding it at the end of /etc/rc.local.

The netstat command provides another way to get network interface statistics:

$ netstat -i Get network interface statistics for eth0

Kernel Interface table


eth0 1500 0 1757208 6 0 0 996834 4 0 0 BMRU

Use the -c option to get netstat to refresh network interface statistics every second:

$ netstat -ic Refresh network statistics every second

You can get cleaner (screen-oriented) refreshed output from netstat by combining it with the watch command as follows:

$ watch netstat -i Refresh network stats (screen oriented)

Every 2.0s: netstat -i Wed May 29 01:55:48 2013

Kernel Interface table


eth0 1500 0 1757208 6 0 0 996834 4 0 0 BMRU

As the output indicates, the netstat statistics are updated every 2.0 seconds.

Managing Network Connections

Starting and stopping the network interfaces for your wired Ethernet connections to your LAN or the Internet are usually handled automatically at the time you boot and shut down your Ubuntu system. However, you can use the commands in /etc/init.d to start and stop your network interfaces any time you want or update-rc.d to configure whether your network starts automatically.

The ifconfig and ip commands can also be used to configure, activate, and deactivate interfaces. However, on Ubuntu and other Debian derivatives, the commands in the /etc/init.d directory provide simpler tools to start and stop network interfaces. Therefore, in most cases, you should only use ifconfig and ip commands to gather information about your Ethernet interfaces and NICs (as shown later in this section).

Starting and Stopping Ethernet Connections

Your wired Ethernet interfaces just come up in many cases when you boot Ubuntu because the network service is set to be on when the system enters the common boot run levels. There is a set of underlying configuration files and scripts that make that happen and a few simple commands that enable you to control it.

For Ubuntu, control scripts and configuration files are located in the /etc/network/ directory. NICs are configured by editing /etc/network//interfaces. The file looks like the following:

auto lo

iface lo inet loopback

auto eth0

iface eth0 inet dhcp

auto eth1

iface eth1 inet dhcp

auto eth2

iface eth2 inet dhcp

auto ath0

iface ath0 inet dhcp

auto wlan0

iface wlan0 inet dhcp

To get more information on this file, type the following:

$ less /usr/share/doc/network-manager/README.Debian

If you change the interfaces file, and are using NetworkManager to manage your network interfaces, you need to run the following command:

$ sudo service network-manager restart

The script that starts the configured network-scripts files is /etc/init.d/network. As with other Linux services, you can start and stop the network service using the /etc/init.d/networking command.

To take all NICs offline and then bring them back online, allowing any change to the network scripts to take effect, type the following:

$ sudo /etc/init.d/networking restart Restart network interfaces

* Reconfiguring network interfaces...


You may see errors for extra interfaces defined but not available on your system, such as wireless interfaces. You can ignore any error that refers to a networking device you have not installed.

Use the start and stop options to start and stop your network interfaces, respectively:

$ sudo /etc/init.d/networking stop Shutdown network interfaces

$ sudo /etc/init.d/networking start Bring up network interfaces

To check the status of your network interfaces, type the following:

$ ifconfig Check network interface status

eth0 Link encap:Ethernet HWaddr 00:19:D1:5A:A9:E2

inet addr: Bcast: Mask:

inet6 addr: fe80::219:d1ff:fe5a:a9e2/64 Scope:Link


RX packets:14442 errors:0 dropped:0 overruns:0 frame:0

TX packets:13080 errors:0 dropped:0 overruns:0 carrier:0

collisions:434 txqueuelen:1000

RX bytes:3732823 (3.5 MiB) TX bytes:1142020 (1.0 MiB)

Interrupt:16 Memory:fe9e0000-fea00000

lo Link encap:Local Loopback

inet addr: Mask:

inet6 addr: ::1/128 Scope:Host


RX packets:35 errors:0 dropped:0 overruns:0 frame:0

TX packets:35 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

RX bytes:2121 (2.0 KiB) TX bytes:2121 (2.0 KiB)

If you have multiple network interfaces, you may want to just bring one interface up or down. To do that, use the ifup and ifdown commands:

$ sudo ifdown eth0 Take the eth0 network interface offline

$ sudo ifup eth0 Bring the eth0 network interface online

When your network interfaces are up, there are tools you can use to view information about those interfaces and associated NICs.

Viewing Ethernet Connection Information

To view the media access control (MAC) address for your NIC and IP address for your TCP/IP connections, you can use the ifconfig command. The following command line shows the address information and status of your eth0 Ethernet interface:

$ ifconfig eth0

eth0 Link encap:Ethernet HWaddr 00:D0:B7:79:A5:35

inet addr: Bcast: Mask:

inet6 addr: fe80::2d0:b7ff:fe79:a535/64 Scope:Link


RX packets:1413382 errors:6 dropped:0 overruns:0 frame:6

TX packets:834839 errors:4 dropped:0 overruns:0 carrier:4

collisions:0 txqueuelen:1000

RX bytes:1141608691 (1.0 GiB) TX bytes:470961026 (449.1 MiB)

In this example, the eth0 interface is the first Ethernet interface on the computer. The MAC address (HWaddr) of the NIC is 00:D0:B7:79:A5:35. You can see eth0’s IP address (, broadcast address (, and subnet mask ( Other information includes the number of packets received and transmitted, as well as problems (errors, dropped packets, and overruns) that occurred on the interface.

To get information on both active and inactive NICs, use the -a option:

$ ifconfig -a

Instead of using ifconfig (and several other commands described in this chapter), you can use the newer ip command. The ip command was made to show information about your network interfaces, as well as to change settings for network devices, routing, and IP tunnels. Here, the ip command is used to show information about the eth0 interface:

$ ip addr show eth0


mtu 1500 qdisc pfifo_fast qlen 1000

link/ether 00:d0:b7:79:a5:35 brd ff:ff:ff:ff:ff:ff

inet brd scope global eth0

inet6 fe80::2d0:b7ff:fe79:a535/64 scope link

valid_lft forever preferred_lft forever

The ip command allows for shorthand syntax. If you’re familiar with the Cisco IOS command line interface, the ip command works the same way. For example, instead of typing ip addr show, you could type the following to see information on all interfaces:

$ ip a

The ip command can operate on multiple network components, known as objects. One of these objects is addr, which allows ip to configure network addresses. I cover other objects of the ip command in the next examples.

To see how the ip command is used, use the help option. Along with the help option, you can identify an ip object to get information on using that object:

$ ip help View ip usage statement

Usage: ip [ OPTIONS ] OBJECT { COMMAND | help }

ip [ -force ] [-batch filename

where OBJECT := { link | addr | route | rule | neigh | ntable |

tunnel| tuntap | maddr | mroute | mrule |

monitor | xfrm | netns }

OPTIONS := { -V[ersion] | -s[tatistics] | -r[esolve] |

-f[amily] { inet | inet6 | ipx | dnet | link } |

-l[oops] { maximum-addr-flush-attempts } |

-o[neline] | -t[imestamp] | -b[atch] [filename] |

-rc[vbuf] [size]}

$ ip addr help View help for the addr object

$ ip route help View help for the route object

$ ip tunnel help View help for the tunnel object

Subnetwork masks can be confusing if you’re not used to them. You may find ipcalc (from the ipcalc package) useful to calculate a host computer’s netmask from its CIDR IP address:

$ ipcalc -bn


Netmask: = 27







Hosts/Net: 30 Class C, Private Internet

In the example just shown, the netmask (which indicates which part of an IP address represents the network and which represents the host) is That was derived from the /27 value at the end of the IP address

Using Wireless Connections

Setting up wireless connections in Linux has been tricky in the past, primarily because open source drivers were not available for many of the first wireless LAN cards. More recent releases of Ubuntu have shown a marked improvement.

For basic wireless configuration, I suggest you use the GUI tools (in particular, the Network Configuration window described earlier in this chapter, or Network Manager).

In rare cases, you may need to add wireless tools packages to get your wireless interfaces to work, such as wireless-tools and bcm43xx-fwcutter packages, which are available from the Ubuntu repositories. Likewise, you may need firmware that is available in the following packages: ipw2100-source, ipw2200-firmware, and zd1211-firmware.

If you are not able to configure your wireless LAN card using the Network Configuration window, you might be able to get your wireless card working using drivers and tools available from Atheros (, the MadWifi ( project, or the Ndiswrapper project ( Many packages of software from those projects are available from the standard Ubuntu repositories, described in Chapter 2.

If you need help determining exactly what wireless card you have, type the following:

$ dmesg | grep -i wireless Search for wireless PCI cards

Intel(R) Wireless WiFi Link AGN driver for Linux, in-tree:

Assuming that your wireless card is up and running, there are some useful commands in the wireless-tools package you can use to view and change settings for your wireless cards. In particular, the iwconfig command can help you work with your wireless LAN interfaces. The following scans your network interfaces for supported wireless cards and lists their current settings:

$ iwconfig

eth0 no wireless extensions.

eth1 IEEE 802.11-DS ESSID:"Mylan"

Mode:Managed Frequency:2.437 GHz Access Point: 43:5A:29:E7:95:75

Bit Rate:54 Mb/s Tx-Power=15 dBm

Retry long limit:7 RTS thr:off Fragment thr:off

Power Management:off

Wireless interfaces may be named wlanX or ethX, depending on the hardware and driver used. You may be able to obtain more information after setting the link up on the wireless interface:

$ ip link set eth1 up

$ iwconfig eth1

eth1 IEEE 802.11abgn ESSID:"Mylan"

Mode:Managed Frequency:2.437 GHz Access Point: 43:5A:29:E7:95:7

Bit Rate:54 Mb/s Tx-Power=15 dBm

Retry long limit:7 RTS thr:off Fragment thr:off

Power Management:off

Link Quality=70/70 Signal level=-39 dBm

Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0

Tx excessive retries:0 Invalid misc:0 Missed beacon:0

The settings just shown can be modified in a number of ways. Here are some ways to use iwconfig to modify your wireless interface settings. The following examples operate on a wireless interface named wlan0. These operations may or may not be supported, depending on which wireless card and driver you are using.

$ sudo iwconfig wlan0 essid "MyWireless" Set essid to MyWireless

$ sudo iwconfig wlan0 channel 3 Set the channel to 3

$ sudo iwconfig wlan0 mode Ad-Hoc Change Managed to Ad-Hoc mode

$ sudo iwconfig wlan0 ap any Use any access point

$ sudo iwconfig wlan0 sens -50 Set sensitivity to -50

$ sudo iwconfig wlan0 retry 20 Set MAC retransmissions to 20

$ sudo iwconfig wlan0 key 1234-5555-66 Set key to 1234-5555-66

The essid is sometimes called the Network Name or Domain ID. You use it as the common name that identifies your wireless network. Setting the channel lets your wireless LAN operate on that specific channel.

With Ad-Hoc mode, the network is composed of only interconnected clients with no central access point. In Managed/Infrastructure mode, by setting ap to a specific MAC address, you can force the card to connect to the access point at that address, or you can set ap to any and allow connections to any access point.

If you have performance problems, try adjusting the sensitivity (sens) to either a negative value (which represents dBm) or positive value (which is either a percentage or a sensitivity value set by the vendor). If you get retransmission failures, you can increase the retry value so your card can send more packets before failing.

You use the key option to set an encryption key. You can enter hexadecimal digits (XXXX-XXXX-XXXX-XXXX or XXXXXXXX). By adding an s: in front of the key, you can enter an ASCII string as the key (as in s:My927pwd).

Checking Name Resolution

Because IP addresses are numbers, and people prefer to address things by name, TCP/IP networks (such as the Internet) rely on DNS to resolve hostnames into IP addresses. Ubuntu provides several tools for looking up information related to DNS name resolution.

When you first installed Ubuntu, you either identified Domain Name System (DNS) servers to do name resolution or had them assigned automatically from a DHCP server. That information is then stored in the /etc/resolv.conffile, looking something like the following:





If present, the domain line identifies the local domain. This allows you to identify a machine by its base name and the DNS lookup assumes you mean the local domain. So, if you request a host named abc, your system will look up The search line lets you identify several domains to be searched.

The numbers just shown in the /etc/resolv.conf file are replaced by real IP addresses of computers that serve as DNS name servers. When you can connect to working DNS servers, there are commands you can use to query those servers and look up host computers.

The dig command (which should be used instead of the deprecated nslookup command) can be used to look up information from a DNS server. The host command can be used to look up address information for a hostname or domain name.

To search your DNS servers for a particular hostname ( in the following examples), use the dig command as follows:

$ dig Search DNS servers in /etc/resolv.conf

Instead of using your assigned name server, you can query a specific name server. The following example queries the DNS server at

$ dig @

Using dig, you can also query for a specific record type:

$ dig mx Queries for the mail exchanger

$ dig ns Queries for the authoritative name servers

Use the +trace option to trace a recursive query from the top-level DNS servers down to the authoritative servers:

$ dig +trace Recursively trace DNS servers

If you just want to see the IP address of a host computer, use the +short option:

$ dig +short Display only name/IP address pair

You can use digto do a reverse lookup to find DNS information based on an IP address:

$ dig -x Get DNS information based on IP address

You can use hostto do a reverse DNS lookup as well:

$ host domain name pointer

To get hostname information for the local machine, use the hostname and dnsdomainname commands:

$ hostname View the local computer's full DNS host name

You can also use hostname to set the local hostname temporarily (until the next reboot). Here’s an example:

$ sudo hostname Set local hostname

Changing the hostname of a running machine may adversely affect some running daemons. Instead, I recommend you set the local hostname so it is set each time the system starts up. Edit the first line in the /etc/hostname file. Here is an example:

Troubleshooting Network Problems

Troubleshooting networks is generally done from the bottom up. As discussed at the beginning of the chapter, the first step is to make sure that the physical network layer components (cables, NICs, and so on) are connected and working. Next, check that the links between physical nodes are working. After that, there are lots of tools for checking the connectivity to a particular host.

Checking Connectivity to a Host

When you know you have a link and no duplex mismatch, the next step is to ping your default gateway. You should have either configured the default gateway (gw) in the /etc/network/interfaces file or let the system set up the default gateway from a service such as DHCP. To check your default gateway in the actual routing table, use the ip command as follows:

$ ip route dev eth0 proto kernel scope link src dev eth0 scope link

default via dev eth0

The gateway for the default route in this example is To make sure there is IP connectivity to that gateway, use the ping command as follows, passing the address for your default gateway:

$ ping

PING ( 56(84) bytes of data.

64 bytes from icmp_seq=1 ttl=64 time=0.382 ms

64 bytes from icmp_seq=2 ttl=64 time=0.313 ms

64 bytes from icmp_seq=3 ttl=64 time=0.360 ms

64 bytes from icmp_seq=4 ttl=64 time=1.43 ms

--- ping statistics ---

4 packets transmitted, 4 received, 0% packet loss, time 2999ms

rtt min/avg/max/mdev = 0.313/0.621/1.432/0.469 ms

By default, ping continues until you press Ctrl+c. Other ping options include the following:

$ ping -a Add an audible ping as ping progresses

$ ping -c 4 Ping 4 times and exit (default in Windows)

$ ping -q -c 5 Show summary of pings (works best with -c)

$ sudo ping -f Send a flood of pings (must be root)

$ ping -i 3 Send packets in 3-second intervals

$ sudo ping -I eth0 Set source to eth0 (use if multiple NICs)

PING ( from eth0: 56(84) bytes of data.

$ sudo ping -I Set source to

PING ( from : 56(84) bytes of data.

$ ping -s 1500 Set packet size to 1500 bytes

PING ( 1500(1528) bytes of data.

Use the pingflood option with caution. By default, ping sends small packets (56 bytes). Large packets (such as the 1500-byte setting just shown) are good to make faulty NICs or connections stand out.

Checking Address Resolution Protocol

If you’re not able to ping your gateway, you may have an issue at the Ethernet MAC layer. The Address Resolution Protocol (ARP) can be used to find information at the MAC layer. To view and configure ARP entries, use the arpor ip neighbor command. This example shows arp listing computers in the ARP cache by hostname:

$ arp -v List ARP cache entries by name

Address HWtype HWaddress Flags Mask Iface

ritchie ether 00:10:5A:AB:F6:A7 C eth0

einstein ether 00:0B:6A:02:EC:98 C eth0

Entries: 1 Skipped: 0 Found: 1

In this example, you can see the names of other computers that the local computer’s ARP cache knows about and the associated hardware type and hardware address (MAC address) of each computer’s NIC. You can disable name resolution to see those computers’ IP addresses instead:

$ arp -vn List ARP cache entries by IP address

Address HWtype HWaddress Flags Mask Iface ether 00:10:5A:AB:F6:A7 C eth0 ether 00:0B:6A:02:EC:98 C eth0

Entries: 1 Skipped: 0 Found: 1

To delete an entry from the ARP cache, use the -d option:

$ sudo arp -d Delete address from ARP cache

Instead of just letting ARP dynamically learn about other systems, you can add static ARP entries to the cache using the -s option:

$ sudo arp -s 00:0B:6A:02:EC:95 Add IP/MAC addresses to ARP

To do the same actions with the ip command that you just did with the arp command, use the neighbor object (note that neighbor, nei, and n objects can be used interchangeably):

$ ip neighbor dev eth0 lladdr 00:10:5a:ab:f6:a7 DELAY dev eth0 lladdr 00:0b:6a:02:ec:98 REACHABLE

# ip nei del dev eth0

# ip n add lladdr 00:0B:6A:02:EC:95 dev eth0

To query a subnet to see if an IP is already in use, and to find the MAC address of the device using it, use the arping command. The arping command is used by ifup to avoid IP conflicts when bringing an Ethernet NIC up. Here are examples:

$ arping Query subnet to see if is in use

ARPING from eth0

Unicast reply from [00:0B:6A:02:EC:98] 0.694ms

Unicast reply from [00:0B:6A:02:EC:98] 0.683ms

$ sudo arping -I eth0 Specify interface to query from

Like the ping command, the arping command (from the iputils-arping package) continuously queries for the address until the command is ended when you type Ctrl+c. Typically, you just want to know if the target is alive, so you can run one of the following commands:

$ arping -f Query and stop at the first reply

$ arping -c 2 Query and stop after 2 counts

Tracing Routes to Hosts

After verifying that you can ping your gateway and even reach machines that are outside of your network, you may still have issues reaching a specific host or network. If that’s true, you can use traceroute (from the traceroute package) to find the bottleneck or point of failure:

$ traceroute Follow the route taken to a host

traceroute to (,

30 hops max,40 byte packets

1 ( 0.281 ms 0.289 ms 0.237 ms

2 ( 6.213 ms 6.189 ms 6.083 ms

3 ( 14.070 ms 14.025 ms 13.974 ms

4 ( 19 ms 19 ms 19 ms

5 ms 94.6 ms 94.6ms

6 ( 99.643 ms 101.647 ms 101.577 ms

7 233.316ms 233.153 ms

8 ( 99.3 ms 99.4 ms 99.3 ms

9 ( 99.25 ms 96.21 ms 100.22 ms

As you can see, the longest hop is between 4 (Global Crossing probably in Minneapolis) and 5 (GC in Seattle). That gap is not really a bottleneck; it just reflects the distance between those hops. Sometimes, the last hops look like this:

28 * * *

29 * * *

30 * * *

The lines of asterisks (*) at the end of the trace can be caused by firewalls that block traffic to the target. However, if you see several asterisks before the destination, those can indicate heavy congestion or equipment failures and point to a bottleneck.

By default, traceroute uses UDP packets, which provide a more realistic performance picture than ICMP. That’s because some Internet hops will give lower priority to ICMP traffic. If you’d still like to trace using ICMP packets, try the following command:

$ traceroute -I Use ICMP packets to trace a route

By default, traceroute connects to port 80. You can set a different port using the -p option:

$ traceroute -p 25 Connect to port 25 in trace

You can view IP addresses instead of hostnames by disabling name resolution of hops:

$ traceroute -n Disable name resolution in trace

An alternative to traceroute is the tracepath command, which also uses UDP to perform the trace:

$ tracepath Use UDP to trace the route

To view and manipulate the kernel’s routing table, the route command used to be the tool of choice. This is slowly being replaced by the ip route command. For the most part, the Ubuntu network scripts rely on ip route. But it doesn’t hurt to be familiar with both commands because route is still quite commonly used.

You can use the old route command to display your local routing table. Here are two examples of the route command, with and without DNS name resolution:

$ route Display local routing table information

Kernel IP routing table

Destination Gateway Genmask Flags Metric Ref Use Iface * U 0 0 0 eth0

default ritchie UG 0 0 0 eth0

$ route -n Display routing table without DNS lookup

Kernel IP routing table

Destination Gateway Genmask Flags Metric Ref Use Iface * U 0 0 0 eth0 UG 0 0 0 eth0

You can add a default gateway using the gw option:

$ sudo route add default gw Add as default gateway

You can add a new route to your network by specifying either the interface (eth0) or IP address of the gateway (such as gw

$ sudo route add -net netmask eth0

$ sudo route add -net netmask gw

You can delete a route using the del option:

$ sudo route del -net netmask Delete a route

Using the newer ip command, you can do the same activities just shown with the route command. Here are three different ways to show the same basic routing information:

$ ip route show Display basic routing information dev eth0 proto kernel scope link src dev eth0 scope link

default via dev eth0

$ ip route Display basic routing (example #2)

$ ip r Display basic routing (example #3)

The following are some examples of adding and deleting routes with ip:

$ sudo ip r add via dev eth0 Add route to eth0

$ sudo ip r add via Add route no interface

$ sudo ip r del Delete route

To make a new route permanent, edit the /etc/network/interfaces file and place the information about the new route in that file. For example, to add the route added with the preceding ip command, add the following lines to /etc/network/interfaces:

iface eth0 inet static




Displaying netstat Connections and Statistics

The tools shown in the preceding sections cover network troubleshooting mostly at the network layer (layer 3). To display information about packets sent between transport-layer protocols (TCP and UDP), and ICMP, you can use the netstat command:

$ netstat -s | less Show summary of TCP, ICMP, UDP activities

You can see a list of all TCP connections, including which process is handling the connection:

$ sudo netstat -tanp View active TCP connections

Active Internet connections (servers and established)

Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name

tcp 0 0* LISTEN 2039/cupsd

tcp 0 0* LISTEN 2088/sendmail


You can also view active UDP connections as follows:

$ sudo netstat -uanp View active UDP connections

Active Internet connections (servers and established)

Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name

udp 0 0* 2039/cupsd

udp 0 0* 2067/ntpd


To narrow your output from netstat to daemons bound to a TCP port, look for the word listen. For example:

$ sudo netstat -tanp | grep -i listen View daemons on a port

The command just shown is a great way to resolve port usage conflicts between daemons.

Other Useful Network Tools

If you’d like to see header information about packets as they are sent and received by your system, use tcpdump. The tcpdump command has a lot of advanced features, most of which revolve around filtering and finding a needle in a haystack of packets. If you run tcpdump on a remote machine, your screen will be flooded with all the SSH traffic between your client and the remote machine. To get started without having to learn too much about how tcpdumpfiltering works, run the following command:

$ sudo tcpdump | grep -v ssh Find packets not associated with ssh

If you’d like to dig deeper into packet-level traffic, use wireshark (formerly known as ethereal). Install the wireshark package. You can run wireshark with X over SSH on a remote machine. Wireshark is a very powerful packet sniffer that rivals the best commercial tools.

To explore networks and remote machines and see what services they offer, use nmap. The nmap command (from the nmap package) is the most common port scanner. It was even featured in the movie The Matrix Reloaded! Make sure that you are explicitly authorized to scan the systems or networks you are scanning. The nmap command is part of the nmap package and can be run as a user, but several scan types require root privileges.

Here’s how to do a basic host scan with nmap:

$ sudo nmap Scan ports on computer at

To get maximum verbosity from nmap, use the -vv option:

$ sudo nmap -vv Show maximum verbosity from nmap output

To use nmap to scan an entire network, use the network address as an argument. In the following example, you can add the -sP option to tell nmap to perform a simple ping sweep:

$ sudo nmap -vv -sP Scan hosts on an entire network

You can be very specific about the information that nmap gathers for you. In the following example, the -P0 option tells nmap not to use ping (this is good for scanning machines that don’t respond to ping). The -O option displays OS fingerprinting for the machine you are scanning. The -p 100-200 option tells nmap to scan only ports 100 through 200:

$ sudo nmap -vv -P0 -O -p 100-200 No ping, OS fp, ports 100-200

The nmap command has many more options for advanced usage. Refer to the nmap man page (man nmap) for further information.


Nearly every aspect of the network connections from your Ubuntu system can be configured, checked, and monitored using command-line tools. You can view and change settings of your NICs using ethtool and mii-toolcommands. You can view network statistics with netstat.

To start and stop your network, commands such as service, ifup, and ifdown are easy to manage. When a connection is established, you can see statistics about that connection using ifconfig and ip commands.

Besides using wired Ethernet cards, other network hardware such as wireless LAN cards are supported in Linux. Use commands such as iwconfig to work with wireless interfaces.

To check DNS name resolution, use the dig, host, and hostname commands. Commands for checking connectivity and routes to a host include ping, arp, traceroute, and ip.