Someone recently asked me what some of the more useful linux networking commands are and what some of the implementations are. Here is a compiled list for some of those commands:<\/p>\n
(click continue reading below first before using the links… long page is long) In my next post, I will be going over 10 more useful linux networking commands. I will be touching on: <\/p>\n This is the command to start, restart or stop the network and is also available via the Service command option shown below: 1. netstat<\/strong> – netstat displays network connections, routing tables, interface stats, masquerade connections and multicast memberships. -a: Shows both listening and non-listening sockets. To list all connected processes: To display interface statistics: 2. ping<\/strong> – send ICMP ECHO_REQUEST packets to network hosts. Use Cntl-C to stop ping.<\/p>\n Increase Ping Time Interval: Example: Wait for 5 seconds before sending the next packet. Decrease Ping Time Interval: Example: Wait 0.1 seconds before sending the next packet. --- google.com ping statistics --- --- google.com ping statistics --- 1 <1 ms <1 ms <1 ms 10.1.0.1 Trace complete.<\/code> My traceroute [v0.71] Packets Pings <\/p>\n or course, since its google, you will get some strange responses:<\/p>\n Server Name: GOOGLE.COM.ZZZZZ.GET.LAID.AT.WWW.SWINGINGCOMMUNITY.COM Server Name: GOOGLE.COM.SUCKS.FIND.CRACKZ.WITH.SEARCH.GULLI.COM <\/p>\n 6. finger<\/strong> – Display information on a system user. i.e. finger user@host Uses $HOME\/.plan and $HOME\/.project user files. You can also use the finger -s option to view the login detail for a particular user. Block IP Block only TCP traffic on eth0 connection for this ip-address. Prevent DoS Attack: The following iptables rule will help you prevent the Denial of Service (DoS) attack on your webserver. Displaying the Status of Your Firewall To add line numbers use and scroll through the information Stop \/ Start \/ Restart the Firewall if you are using CentOS \/ RHEL \/ Fedora Linux, enter: You can also use the iptables command itself to stop the firewall and delete all the rules: -F : Deleting (flushing) all the rules. Find and Delete Firewall Rules For example delete line number 4, enter: Insert Firewall Rules To Save The Firewall Rules under CentOS \/ RHEL \/ Fedora Linux, enter: To Block an attackers IP Address, enter: To block incoming all service requests on port 80, enter: To block an ip address for port 80 only, enter: To block outgoing traffic to a particular host or domain such as facebook.com, enter: You can also drop a subnet like so: You can also use a domain name to drop traffic, enter: To open a range of ports, use the following syntax: To open range of IP addresses, use the following syntax: For more info, see the man file or use -h for a full list of flags <\/p>\n Locate the hosts IP via the A record: Locate the MX records information To display all information about a domains zonefile and records, you need to pass the -a (all) option: ;; AUTHORITY SECTION: ;; ADDITIONAL SECTION: To do a recerse IP lookup <\/p>\n Non-authoritative answer: You can also do a reverse DNS look-up by providing the IP Address as argument to nslookup. Name:\tredhat.com Query for specific DNS server information using the ‘-query=’ option and an of the specific dns record types To search for the mx record for Redhat Non-authoritative answer: Authoritative answers can be found from: or search for the soa record Non-authoritative answer: Authoritative answers can be found from: <\/p>\n 10. ss<\/strong> – The ss command dumps socket (network connection) statistics such as all TCP \/ UDP connections, current established connections per protocol (e.g., displays all established ssh connections), and displays all of the tcp sockets in various states such as ESTABLISHED or FIN-WAIT-1. Transport Total IP IPv6 Use ss to display all open network ports: Command arguments for ss<\/p>\n The general format of arguments to ss are: -h – show help page STATE-FILTER allows ss to construct arbitrary set of states to match entries. Its syntax is sequence of keywords state and exclude followed by identifier of state. Available identifiers are:<\/p>\n All standard TCP states: established, syn-sent, syn-recv, fin-wait-1, fin-wait-2, time-wait, closed, close-wait, last-ack, listen and closing. ADDRESS_FILTER is boolean expression with operations and, or and not, which can be abbreviated in C style f.e. as &, &&. * – dst ADDRESS_PATTERN – matches remote address and port * – inet – ADDRESS_PATTERN consists of IP prefix, optionally followed by colon and port. If prefix or port part is absent or replaced with *, this means wildcard match. To add a default gateway, we can specify that the packets that are not within the network have to be forwarded to a specific Gateway address. Now the route command will display the following entries.
\n
\n1. netstat<\/a>
\n2. ping<\/a>
\n3. traceroute<\/a>
\n4. mtr<\/a>
\n5. whois<\/a>
\n6. finger<\/a>
\n7. iptables <\/a>
\n8. host<\/a>
\n9. nslookup<\/a>
\n10. ss<\/a>
\n11. route<\/a><\/p>\n
\nifconfig, iwconfig, ethtool, arp, tcpdump, tracepath, nmap, telnet and dig<\/p>\n
\n
\n\/etc\/rc.d\/init.d\/network start
\n\/etc\/rc.d\/init.d\/network stop
\n\/etc\/rc.d\/init.d\/network restart
\n<\/code>
\nor
\n
\nservice network start
\nservice network stop
\nservice network restart
\n<\/code>
\n <\/p>\n
\nTo list externally connected processes use: netstat -punta<\/code><\/p>\n
\n-p: Shows PID of process owning socket
\n-u: Shows UDP connections
\n-t: Shows TCP connections
\n-n: Shows IP addresses only. Don’t resolve host names
\n-g: Shows multi-cast group membership info
\n-c: Shows Continuous mode – update info every second
\n-v: Shows Verbose
\n-e: Shows Extended information
\n-o: Shows network timer information
\n <\/p>\nnetstat -nap<\/code>
\n
\nTo show network statistics: netstat -s<\/code>
\n
\nTo display routing table info:
\n$ netstat -nr
\nKernel IP routing table
\nDestination Gateway Genmask Flags MSS Window irtt Iface
\n192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
\n169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
\n0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0
\n<\/code>
\nFlags:
\nG: route uses gateway
\nU: Interface is “up”
\nH: Only a single host is accessible (eg. loopback)
\nD: Entry generated by ICMP redirect message
\nM: Modified by ICMP redirect message<\/p>\n
\n$ netstat -i
\nKernel Interface table
\nIface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
\neth0 1500 0 2224 0 0 0 1969 0 0 0 BMRU
\nlo 16436 0 1428 0 0 0 1428 0 0 0 LRU
\n<\/code>
\nWhere:
\nRX-OK\/TX-OK: number of packets transmitted\/received error free
\nRX-ERR\/TX-ERR: number of dammaged\/error packets transmitted\/received
\nRX-DRP\/TX-DRP: number of dropped packets
\nRX-OVR\/TX-OVR: number of packets dropped because of a buffer overrun
\nFlags:
\nB: A broadcast address has been set
\nL: This interface is a loopback device
\nM: All packets are received
\nN: Trailers are avoided
\nO: ARP is turned off for this interface
\nP: Point-to-point connection
\nR: Interface is running
\nU: Interface is up
\n <\/p>\n
\n
\n$ ping -i 5 IP<\/code><\/p>\n
\n# ping -i 0.1 IP<\/code>
\n
\nSend X number of packets and stop
\n[root@host] ~ >> ping -c 5 google.com
\nPING google.com (74.125.225.110) 56(84) bytes of data.
\n64 bytes from ord08s08-in-f14.1e100.net (74.125.225.110): icmp_seq=1 ttl=57 time=12.1 ms
\n64 bytes from ord08s08-in-f14.1e100.net (74.125.225.110): icmp_seq=2 ttl=57 time=13.0 ms
\n64 bytes from ord08s08-in-f14.1e100.net (74.125.225.110): icmp_seq=3 ttl=57 time=12.3 ms
\n64 bytes from ord08s08-in-f14.1e100.net (74.125.225.110): icmp_seq=4 ttl=57 time=12.3 ms
\n64 bytes from ord08s08-in-f14.1e100.net (74.125.225.110): icmp_seq=5 ttl=57 time=11.8 ms<\/p>\n
\n5 packets transmitted, 5 received, 0% packet loss, time 3999ms
\nrtt min\/avg\/max\/mdev = 11.877\/12.330\/13.000\/0.396 ms<\/code>
\n
\nPing Flood
\n# ping -f 74.125.225.110
\nPING 69.167.143.106 (69.167.143.106) 56(84) bytes of data.
\n.^C
\n--- 74.125.225.110 ping statistics ---
\n9838 packets transmitted, 9837 received, 0% packet loss, time 9930ms
\nrtt min\/avg\/max\/mdev = 0.679\/0.962\/7.453\/0.323 ms, ipg\/ewma 1.009\/0.931 ms<\/code>
\n
\nFind IP
\n# ping -c 1 google.com
\nPING google.com (74.125.225.110)<\/strong> 56(84) bytes of data.
\n64 bytes from ord08s08-in-f14.1e100.net (74.125.225.110)<\/strong>: icmp_req=1 ttl=59 time=12.1 ms<\/p>\n
\n1 packets transmitted, 1 received, 0% packet loss, time 0ms
\nrtt min\/avg\/max\/mdev = 12.150\/12.150\/12.150\/0.000 ms<\/code>
\n
\nRecord and print route of how ECHO_REQUEST sent and ECHO_REPLY received
\n#ping -R google.com<\/code>
\nmost hosts ignore this request<\/p>\n
\n
\n3. traceroute<\/strong> – print the route packets take to a network host.
\ntraceroute [-d] [-F] [-I] [-n] [-v] [-x] [-f first_ttl] [-g gateway [-g gateway] | -r] [-i iface] [-m max_ttl] [-p port] [-q nqueries] [-s src_addr] [-t tos] [-w waittime ] host [packetlen]<\/p>\ntraceroute 74.125.225.104
\ntraceroute google.com
\nTracing route to www.l.google.com [209.85.225.104]
\nover a maximum of 30 hops:<\/p>\n
\n 2 35 ms 19 ms 29 ms 98.245.140.1
\n 3 11 ms 27 ms 9 ms te-0-3.dnv.comcast.net [68.85.105.201]
\n ...
\n 13 81 ms 76 ms 75 ms 209.85.241.37
\n 14 84 ms 91 ms 87 ms 209.85.248.102
\n 15 76 ms 112 ms 76 ms iy-f104.1e100.net [209.85.225.104]<\/p>\n
\n
\nTo disable IP address and hostname mapping use the -n flag.
\n$ traceroute google.com -n<\/code>
\n
\nTo configure the response wait time, use the \u2018-w\u2019 option which the command will take as the length of time to wait for a response. Below, the wait time is 0.1 seconds.
\n$ traceroute google.com -w 0.1<\/code>
\n
\nTraceroute usually defaults to 3 packets per hop. To modify this behavior, use the \u2018-q\u2019 option to configure the number of queries per hop.
\n$ traceroute google.com -q 5<\/code>
\n <\/p>\n
\n
\n4. mtr<\/strong> – a network diagnostic tool introduced in Fedora – Like traceroute except it gives more network quality and network diagnostic info. Leave running to get real time stats. Reports best and worst round trip times in milliseconds.
\nmtr 72.30.38.140
\nmtr yahoo.com<\/p>\n
\n example.lan Sun Mar 25 00:07:50 2007<\/p>\n
\nHostname %Loss Rcv Snt Last Best Avg Worst
\n 1. example.lan 0% 11 11 1 1 1 2
\n 2. ae-31-51.ebr1.Chicago1.Level3.n 19% 9 11 3 1 7 14
\n 3. ae-1.ebr2.Chicago1.Level3.net 0% 11 11 7 1 7 14
\n 4. ae-2.ebr2.Washington1.Level3.ne 19% 9 11 19 18 23 31
\n 5. ae-1.ebr1.Washington1.Level3.ne 28% 8 11 22 18 24 30
\n 6. ge-3-0-0-53.gar1.Washington1.Le 0% 11 11 18 18 20 36
\n 7. 63.210.29.230 0% 10 10 19 19 19 19
\n 8. t-3-1.bas1.re2.yahoo.com 0% 10 10 19 18 32 106
\n 9. p25.www.re2.yahoo.com 0% 10 10 19 18 19 19<\/code><\/p>\n
\n
\n5. whois<\/strong> – Lookup a domain name in the internic whois database.<\/p>\nwhois google.com<\/code><\/p>\n Server Name: GOOGLE.COM.PEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEENIS.COM
\n IP Address: 8.8.8.8
\n Registrar: DOMAIN.COM, LLC
\n Whois Server: whois.domain.com
\n Referral URL: http:\/\/www.domain.com<\/p>\n
\n IP Address: 69.41.185.195
\n Registrar: TUCOWS.COM CO.
\n Whois Server: whois.tucows.com
\n Referral URL: http:\/\/domainhelp.opensrs.net<\/p>\n
\n IP Address: 80.190.192.24
\n Registrar: EPAG DOMAINSERVICES GMBH
\n Whois Server: whois.enterprice.net
\n Referral URL: http:\/\/www.enterprice.net
\n<\/code>
\nheh… onward <\/p>\n
\n
\n$ finger gooduser
\nLogin: gooduser Name: (null)
\nDirectory: \/home\/gooduser Shell: \/bin\/bash
\nOn since Mon Nov 1 18:45 (IST) on :0 (messages off)
\nOn since Mon Nov 1 18:46 (IST) on pts\/0 from :0.0
\nNew mail received Fri May 7 10:33 2010 (IST)
\nUnread since Sat Jun 7 12:59 2008 (IST)
\nNo Plan.<\/code><\/p>\n
\n$ finger -s root
\nLogin Name \t\tTty Idle Login Time Office Office Phone
\nroot root *1 19d Wed 17:45
\nroot root *2 3d Fri 16:53
\nroot root *3 Mon 20:20
\nroot root *ta 2 Tue 15:43
\nroot root *tb 2 Tue 15:44
\n<\/code>
\n-s\tDisplay the user\u2019s login name, real name, terminal name and write status idle time, login time, and either office location and office phone number, or the remote host.
\n-p\tPrevent the -l option of finger from displaying the contents of the .forward, .plan, .project and .pubkey files.
\n-m\tPrevent matching of user names. User is usually a login name; however, matching will also be done on the users\u2019 real names, unless the -m option is supplied.Display the user\u2019s login name, real name, terminal name and write status idle time, login time, and either office location and office phone number, or the remote host.
\n-o\tWhen used in conjunction with the -s option, the office location and office phone information is displayed instead of the name of the remote host.<\/p>\n
\n
\n7. iptables<\/strong> – Iptables is used to set up, maintain, and inspect the tables of IPv4 packet filter rules in the Linux kernel.
\nFlush iptables -F
\n(or)
\niptables --flush<\/code>
\n <\/p>\n
\nBLOCK_THIS_IP=\"x.x.x.x\"
\niptables -A INPUT -s \"$BLOCK_THIS_IP\" -j DROP<\/code>
\n <\/p>\n
\niptables -A INPUT -i eth0 -s \"$BLOCK_THIS_IP\" -j DROP
\niptables -A INPUT -i eth0 -p tcp -s \"$BLOCK_THIS_IP\" -j DROP<\/code>
\n <\/p>\n
\niptables -A INPUT -p tcp --dport 80 -m limit --limit 25\/minute --limit-burst 100 -j ACCEPT<\/code>
\nIn this example:
\n-m limit: uses the limit iptables extension
\n\u2013limit 25\/minute: This limits a maximum of 25 connection per minute. Change this value based on your specific need
\n\u2013limit-burst 100: This value indicates that the limit\/minute will be enforced only after the total number of connection has reached the limit-burst level.
\n <\/p>\n
\n# iptables -L -n -v<\/code>
\n <\/p>\n
\n# iptables -n -L -v --line-numbers | less<\/code>
\n <\/p>\n
\n# service iptables stop
\n# service iptables start
\n# service iptables restart<\/code>
\n <\/p>\n
\n# iptables -F
\n# iptables -X
\n# iptables -t nat -F
\n# iptables -t nat -X
\n# iptables -t mangle -F
\n# iptables -t mangle -X
\n# iptables -P INPUT ACCEPT
\n# iptables -P OUTPUT ACCEPT
\n# iptables -P FORWARD ACCEPT<\/code><\/p>\n
\n-X : Delete chain.
\n-t : table_name : Select table (called nat or mangle) and delete\/flush rules.
\n-P : Set the default policy (such as DROP, REJECT, or ACCEPT).
\n <\/p>\n
\nTo display line number along with other information for existing rules, enter:
\n# iptables -L INPUT -n --line-numbers
\n# iptables -L OUTPUT -n --line-numbers
\n# iptables -L OUTPUT -n --line-numbers | less
\n# iptables -L OUTPUT -n --line-numbers | grep 172.16.54.1<\/code>
\nYou will get the list of IP;s. Find the number on the left which corresponds to the rule to delete, then use specific number to delete it. <\/p>\n
\n# iptables -D INPUT 4<\/code>
\nOR find the specific source IP 202.54.1.1 and delete it from the rules:
\n# iptables -D INPUT -s 202.54.1.1 -j DROP<\/code>
\n-D : Deletes one or more rules from the selected chain
\n <\/p>\n
\nTo insert one or more rules in the chain as a specific rule number, use the following syntax. First find out line numbers:
\n# iptables -L INPUT -n --line-numbers<\/code>
\noutputs:
\nChain INPUT (policy DROP)
\nnum target prot opt source destination
\n1 DROP all -- 202.54.1.1 0.0.0.0\/0
\n2 ACCEPT all -- 0.0.0.0\/0 0.0.0.0\/0 state NEW,ESTABLISHED <\/code>
\n
\nTo insert rule between 1 and 2, enter:
\n# iptables -I INPUT 2 -s 202.54.1.2 -j DROP<\/code>
\n
\nTo view updated rules, enter:
\n# iptables -L INPUT -n --line-numbers<\/code>
\n <\/p>\n
\n# service iptables save<\/code>
\n <\/p>\n
\n# iptables -A INPUT -s 5.6.7.8 -j DROP
\n# iptables -A INPUT -s 192.168.0.0\/24 -j DROP<\/code>
\n <\/p>\n
\n# iptables -A INPUT -p tcp --dport 80 -j DROP
\n# iptables -A INPUT -i eth1 -p tcp --dport 80 -j DROP<\/code>
\n <\/p>\n
\n# iptables -A INPUT -p tcp -s 5.6.7.8 --dport 80 -j DROP
\n# iptables -A INPUT -i eth1 -p tcp -s 192.168.1.0\/24 --dport 80 -j DROP<\/code>
\n <\/p>\n
\n# host -t a facebook.com
\nfacebook.com has address 173.252.100.16<\/code>
\nNote its IP address and enter the following to block all outgoing traffic to 173.252.100.16
\n# iptables -A OUTPUT -d 173.252.100.16 -j DROP<\/code>
\n <\/p>\n
\n# iptables -A OUTPUT -d 192.168.1.0\/24 -j DROP
\n# iptables -A OUTPUT -o eth1 -d 192.168.1.0\/24 -j DROP<\/code>
\n <\/p>\n
\n# iptables -A OUTPUT -p tcp -d www.facebook.com -j DROP
\n# iptables -A OUTPUT -p tcp -d facebook.com -j DROP<\/code>
\n <\/p>\n
\n#iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 42000:42100 -j ACCEPT<\/code>
\n <\/p>\n
\n## only accept connection to tcp port 80 (Apache) if ip is between 192.168.1.1 and 192.168.1.50 ##
\niptables -A INPUT -p tcp --destination-port 80 -m iprange --src-range 192.168.1.1-192.168.1.50 -j ACCEPT<\/code>
\n <\/p>\n
\n#man iptables
\n#iptables -h<\/code>
\n <\/p>\n
\n
\n8. host<\/strong> – Enter a host name and the command will return IP address. Unlike nslookup, the host command will use both \/etc\/hosts as well as DNS.
\nExample:
\nroot@user:# host google.com
\ngoogle.com has address 74.125.225.103
\ngoogle.com has address 74.125.225.104
\ngoogle.com has address 74.125.225.105
\ngoogle.com has address 74.125.225.110
\ngoogle.com has address 74.125.225.96
\ngoogle.com has address 74.125.225.97
\ngoogle.com has address 74.125.225.98
\ngoogle.com has address 74.125.225.99
\ngoogle.com has address 74.125.225.100
\ngoogle.com has address 74.125.225.101
\ngoogle.com has address 74.125.225.102
\ngoogle.com has IPv6 address 2607:f8b0:4009:802::100e
\ngoogle.com mail is handled by 40 alt3.aspmx.l.google.com.
\ngoogle.com mail is handled by 50 alt4.aspmx.l.google.com.
\ngoogle.com mail is handled by 10 aspmx.l.google.com.
\ngoogle.com mail is handled by 20 alt1.aspmx.l.google.com.
\ngoogle.com mail is handled by 30 alt2.aspmx.l.google.com.<\/code>
\n <\/p>\n
\nroot@host# host -t a yahoo.com
\nyahoo.com has address 72.30.38.140
\nyahoo.com has address 98.138.253.109
\nyahoo.com has address 98.139.183.24<\/code>
\n <\/p>\n
\nroot@hist# host -t mx yahoo.com
\nyahoo.com mail is handled by 1 mta7.am0.yahoodns.net.
\nyahoo.com mail is handled by 1 mta5.am0.yahoodns.net.
\nyahoo.com mail is handled by 1 mta6.am0.yahoodns.net.<\/code>
\n <\/p>\n
\n$ host -a yahoo.com
\n;; ANSWER SECTION:
\nyahoo.com.\t\t877\tIN\tNS\tns1.yahoo.com.
\nyahoo.com.\t\t877\tIN\tNS\tns2.yahoo.com.
\nyahoo.com.\t\t877\tIN\tNS\tns3.yahoo.com.
\nyahoo.com.\t\t877\tIN\tNS\tns4.yahoo.com.
\nyahoo.com.\t\t877\tIN\tNS\tns5.yahoo.com.
\nyahoo.com.\t\t877\tIN\tNS\tns6.yahoo.com.
\nyahoo.com.\t\t877\tIN\tNS\tns8.yahoo.com.
\nyahoo.com.\t\t498\tIN\tMX\t1 mta7.am0.yahoodns.net.
\nyahoo.com.\t\t498\tIN\tMX\t1 mta5.am0.yahoodns.net.
\nyahoo.com.\t\t498\tIN\tMX\t1 mta6.am0.yahoodns.net.
\nyahoo.com.\t\t420\tIN\tA\t98.139.183.24
\nyahoo.com.\t\t420\tIN\tA\t72.30.38.140
\nyahoo.com.\t\t420\tIN\tA\t98.138.253.109<\/p>\n
\nyahoo.com.\t\t877\tIN\tNS\tns2.yahoo.com.
\nyahoo.com.\t\t877\tIN\tNS\tns3.yahoo.com.
\nyahoo.com.\t\t877\tIN\tNS\tns4.yahoo.com.
\nyahoo.com.\t\t877\tIN\tNS\tns5.yahoo.com.
\nyahoo.com.\t\t877\tIN\tNS\tns6.yahoo.com.
\nyahoo.com.\t\t877\tIN\tNS\tns8.yahoo.com.
\nyahoo.com.\t\t877\tIN\tNS\tns1.yahoo.com.<\/p>\n
\nns6.yahoo.com.\t\t877\tIN\tA\t202.43.223.170
\nns8.yahoo.com.\t\t877\tIN\tA\t202.165.104.22<\/code> <\/p>\n
\nroot@host# host 72.30.38.140
\n140.38.30.72.in-addr.arpa domain name pointer ir1.fp.vip.sp2.yahoo.com.<\/code><\/p>\n
\n
\n9. nslookup<\/strong> – This is a network admin tool for querying DNS to obtain domain name or IP address mapping or any other specific DNS info and also used to troubleshoot DNS related problems<\/p>\nroot@host# nslookup yahoo.com
\nServer:\t\t127.0.1.1
\nAddress:\t127.0.1.1#53<\/p>\n
\nName:\tyahoo.com
\nAddress: 98.138.253.109
\nName:\tyahoo.com
\nAddress: 98.139.183.24
\nName:\tyahoo.com
\nAddress: 72.30.38.140<\/code>
\n <\/p>\n
\nroot@host# nslookup redhat.com ns1.redhat.com
\nServer:\t\tns1.redhat.com
\nAddress:\t209.132.186.218#53<\/p>\n
\nAddress: 209.132.183.181<\/code>
\n <\/p>\n
\nnslookup -query= a, mx, soa, ns, text eg.<\/p>\n
\nroot@host# nslookup -query=mx redhat.com
\nServer:\t\t127.0.1.1
\nAddress:\t127.0.1.1#53<\/p>\n
\nredhat.com\tmail exchanger = 5 mx1.redhat.com.
\nredhat.com\tmail exchanger = 10 mx2.redhat.com.<\/p>\n
\nredhat.com\tnameserver = ns4.redhat.com.
\nredhat.com\tnameserver = ns1.redhat.com.
\nredhat.com\tnameserver = ns2.redhat.com.
\nredhat.com\tnameserver = ns3.redhat.com.
\nmx1.redhat.com\tinternet address = 209.132.183.28
\nmx2.redhat.com\tinternet address = 66.187.233.33
\nns1.redhat.com\tinternet address = 209.132.186.218<\/code><\/p>\n
\nroot@host# nslookup -query=soa redhat.com
\nServer:\t\t127.0.1.1
\nAddress:\t127.0.1.1#53<\/p>\n
\nredhat.com
\n\torigin = ns1.redhat.com
\n\tmail addr = noc.redhat.com
\n\tserial = 2013010502
\n\trefresh = 300
\n\tretry = 180
\n\texpire = 604800
\n\tminimum = 14400<\/p>\n
\nredhat.com\tnameserver = ns4.redhat.com.
\nredhat.com\tnameserver = ns1.redhat.com.
\nredhat.com\tnameserver = ns2.redhat.com.
\nredhat.com\tnameserver = ns3.redhat.com.
\nns1.redhat.com\tinternet address = 209.132.186.218
\n<\/code>
\nBasically, any dns record type can be searched for using this method
\n <\/p>\n
\n
\n[root@host] ~ >> ss -s
\nTotal: 111 (kernel 128)
\nTCP: 44 (estab 1, closed 5, orphaned 0, synrecv 0, timewait 5\/0), ports 32<\/p>\n
\n*\t 128 - -
\nRAW\t 0 0 0
\nUDP\t 13 10 3
\nTCP\t 39 29 10
\nINET\t 52 39 13
\nFRAG\t 0 0 0 <\/code><\/p>\n
\n[root@host] ~ >> ss -l
\nRecv-Q Send-Q Local Address:Port Peer Address:Port
\n0 0 127.0.0.1:6082 *:*
\n0 0 *:infowave *:*
\n0 0 *:radsec *:*
\n0 0 *:gnunet *:*
\n0 0 *:eli *:*
\n0 0 *:mysql *:*
\n0 0 *:submission *:*
\n0 0 127.0.0.1:783 *:*
\n0 0 *:nbx-ser *:*
\n0 0 *:http *:*
\n0 0 *:nbx-dir *:*
\n0 0 *:smtps *:*
\n0 0 *:xfer *:*
\n0 0 *:us-cli *:*
\n0 0 10.1.0.1:domain *:*
\n0 0 *:munin *:*
\n0 0 68.197.153.147:domain *:*
\n0 0 68.197.153.148:domain *:*
\n0 0 127.0.0.1:domain *:*
\n0 0 *:ssh *:*
\n0 0 *:ddi-tcp-1 *:*
\n0 0 *:smtp *:*
\n0 0 *:ddi-tcp-2 *:*
\n0 0 127.0.0.1:rndc *:*
\n0 0 *:https *:*
\n0 0 *:trellisagt *:*
\n0 0 *:trellissvr *:*
\n0 0 :::imaps :::*
\n0 0 :::pop3s :::*
\n0 0 :::submission :::*
\n0 0 :::pop3 :::*
\n0 0 :::imap :::*
\n0 0 :::smtps :::*
\n0 0 :::us-cli :::*
\n0 0 :::ftp :::*
\n0 0 :::ssh :::*
\n0 0 :::smtp :::*<\/code> <\/p>\n
\nss [ OPTIONS ] [ STATE-FILTER ] [ ADDRESS-FILTER ]<\/em><\/strong>
\nusing common unix flag conventions.<\/p>\n
\n-? – the same, of course
\n-v, -V – print version of ss and exit
\n-s – print summary statistics. This option does not parse socket lists obtaining summary from various sources. It is useful when amount of sockets is so huge that parsing \/proc\/net\/tcp is painful.
\n-D FILE – do not display anything, just dump raw information about TCP sockets to FILE after applying filters. If FILE is – stdout is used.
\n-F FILE – read continuation of filter from FILE. Each line of FILE is interpreted like single command line option. If FILE is – stdin is used.
\n-r – try to resolve numeric address\/ports
\n-n – do not try to resolve ports
\n-o – show some optional information, f.e. TCP timers
\n-i – show some infomration specific to TCP (RTO, congestion window, slow start threshould etc.)
\n-e – show even more optional information
\n-m – show extended information on memory used by the socket. It is available only with tcp_diag enabled.
\n-p – show list of processes owning the socket
\n-f FAMILY – default address family used for parsing addresses. Also this option limits listing to sockets supporting given address family. Currently the following families are supported: unix, inet, inet6, link, netlink.
\n-4 – alias for -f inet
\n-6 – alias for -f inet6
\n-0 – alias for -f link
\n-A LIST-OF-TABLES – list of socket tables to dump, separated by commas. The following identifiers are understood: all, inet, tcp, udp, raw, unix, packet, netlink, unix_dgram, unix_stream, packet_raw, packet_dgram.
\n-x – alias for -A unix
\n-t – alias for -A tcp
\n-u – alias for -A udp
\n-w – alias for -A raw
\n-a – show sockets of all the states. By default sockets in states LISTEN, TIME-WAIT, SYN_RECV and CLOSE are skipped.
\n-l – show only sockets in state LISTEN
\n <\/p>\n
\n* – all – for all the states
\n* – connected – all the states except for listen and closed
\n* – synchronized – all the connected states except for syn-sent
\n* – bucket – states, which are maintained as minisockets, i.e. time-wait and syn-recv.
\n* – big – opposite to bucket
\n <\/p>\n
\nPredicates check socket addresses, both local and remote. There are the following kinds of predicates:<\/p>\n
\n* – src ADDRESS_PATTERN – matches local address and port
\n* – dport RELOP PORT – compares remote port to a number
\n* – sport RELOP PORT – compares local port to a number
\n* – autobound – checks that socket is bound to an ephemeral port
\n* – RELOP is some of < =, >=, == etc. To make this more convinient for use in unix shell, alphabetic FORTRAN-like notations le, gt etc. are accepted as well.
\n
\nThe format and semantics of ADDRESS_PATTERN depends on address family.<\/p>\n
\n* – inet6 – The same as inet, only prefix refers to an IPv6 address. Unlike inet colon becomes ambiguous, so that ss allows to use scheme, like used in URLs, where address is suppounded with [ … ].
\n* – unix – ADDRESS_PATTERN is shell-style wildcard.
\n* – packet – format looks like inet, only interface index stays instead of port and link layer protocol id instead of address.
\n* – netlink – format looks like inet, only socket pid stays instead of port and netlink channel instead of address.
\n* – PORT is syntactically ADDRESS_PATTERN with wildcard address part. Certainly, it is undefined for UNIX sockets.
\n <\/p>\n
\n
\n11. route<\/strong> – The route command shows or manipulates the IP routing table
\nBy default the route command will show the details of the kernel routing table entries.<\/p>\n[root@host] ~ >> route
\nKernel IP routing table
\nDestination Gateway Genmask Flags Metric Ref Use Iface
\n68.197.153.147 * 255.255.255.255 UH 0 0 0 eth0
\n10.2.0.2 * 255.255.255.255 UH 0 0 0 tun0
\n10.2.0.0 10.2.0.2 255.255.255.0 UG 0 0 0 tun0
\n68.197.153.0 * 255.255.252.0 U 0 0 0 eth0
\n168.254.0.0 * 255.255.0.0 U 0 0 0 eth0
\ndefault 10.2.0.1 0.0.0.0 UG 0 0 0 eth0 <\/code>
\n <\/p>\n
\nThe following ‘route add’ command will set the default gateway as 192.168.1.1.
\n$ route add default gw 192.168.1.1<\/code>
\n <\/p>\n
\n$ route
\nKernel IP routing table
\nDestination Gateway Genmask Flags Metric Ref Use Iface
\n192.168.1.0 * 255.255.255.0 U 0 0 0 eth0
\ndefault myserver.com 0.0.0.0 UG 0 0 0 eth0<\/code><\/p>\n