Linux Network Cheatsheet
This file is mostly about a RedHat based distribution and uses nmcli, and NetworkManager. For Debian based distribution information, see the last section, Debian based distros use /etc/network/interfaces
1 RedHat Deprecated Network Commands
Deprecate | Replacement command(s) |
---|---|
arp | ip n (neighbour) |
ifconfig | ip a (ip addr) |
ip link | |
ip -s (ip -stats) | |
iptunnel | ip tunnel |
iwconfig | iw |
nameif | ip link, ifrename |
netstat | ss, |
ip route (netstat -nr) | |
(not really | ip -s link (netstat -i) |
deprecated) | ip maddr (netstat -g) |
route | ip r (ip route) |
2 What are the top networking commands for Linux?
What Are The Top Network Commands in Linux?
arp
arpwatch
bmon
curl
dhclient
dig
dstat
ethtool
ftp
host
hping3
ifstat
ip addr
iptables
iftop
ifup / Ifdown
iwconfig
netstat
nslookup
nload
nmap
ping
route
scp
sftp
ss
ssh
tcpdump
telnet
tshark
tracepath
traceroute
w
wget
whois
2.1 arp -e
arp -ae
arp -ane
arp -e
2.2 arpwatch -i ens33
sudo arpwatch -d eth0
# for debugging
2.3 bmon
captures bandwidth data and provices human readable data
2.4 curl
curl -O https://zintis.ops/opening.pdf
2.5 dhclient
analyzes client's ip address, subnet mask, gw, dns etc. Or, renews dhcp lease
sudo dhclient ens3
2.6 dig
dig -x 55.1.2.3
dig @8.8.8.8 cbc.ca
2.7 dstat
obsoletes vmstat
, iostat
, mpstat
, netstat
, ifstat
used with python to extend its functionality
To see real-time system resource statistics, you can use it with no arguments
sudo dstat
If not already installed sudo dnf install dstat
2.8 ethtool
check settings of your NIC ethtool ens33
2.9 ftp and sftp
2.10 host
host cbc.ca
2.11 hping3
packet analyzing tool and capture tool. can start hping3 and then run the commands interactively. Useful for penetration testing and works with tcp, udp, icmp protocols.
To capture traffic from your ens33 interface:
sudo hping
hping recv ens33
2.12 ifstat
Interface stats, bandwidth, or usage, received frames, discarded frames errors, statistics, etc.
ifstat ens33
ifstat -z ens33
# to clear the stats to zero.
2.13 ip addr
from ipcisco.com
plenty of usages here in addition to addr, like: ip addr show
command. With
this command, all the interfaces of your device will be on the screen with
its networking info.
$ ip addr show
Beside checking, how can we assign an ip address to an interface? It is very simple in Linux. We can use “ip addr add” command to add an ip address to an interface. Let’s add 10.10.10.1 ip address to Ethernet 1.
$ sudo ip addr add 10.10.10.1/24 dev eth1
Like adding, removing an ip address form an interface is done with the same command with a small difference.
$ sudo ip addr del 10.10.10.1/24 dev eth1
2.14 ip link
If you would like to list all the up links, you can use the below commad:
$ ip link ls up
List
the links
that are up
.
- $
ip link show dev ens33
You can show the link status
of your all your links
with
- $
ip link show
You can show the link status
of just one device
- $
ip link show eth0
You can show the link status
of just one device
- $
ip link show dev ens33
You can show the link status
and statistics
-s
of a device
- $
ip -s link show dev ens33
ip -c ...
To add colour to any of the ip commands including all the above commands.
2.14.1 ip link show
This command shows you all the ip available interfaces:
ip link show
ip link
# show is thedefault
so these 2 are the same.
2.15 ip neigh
Very similar to arp
$ ip neigh
$ ip -c neigh
# with colour
2.16 iptables
rules in chains
2.17 iftop
sudo iftop -n # -n to skip resolving ip addresses
sudo iftop -n -i ens33
2.18 ifup / ifdown ens33
2.19 iwconfig
configure wireless interfaces, SSID, frequencies, etc.
iwconfig eth0
2.20 netstat
- netstat -nr
for open socket info (numeric)
- netstat by itself is good too to see active internet connections and active unix domain sockets
- netstat -s statistics (gives a nice summary of # of open connections) this should be looked at once a day (minimum)
- netstat -c continuous (pick other options carefully)
- netstat -e extended information
- netstat -p PID info for sockets shown
show the PIDs of processes with a connection
- netstat -a all (all sockets displayed, not just default connected sockets)
- netstat -Z
show SELinux security context for sockets
- netstat
-tanp show =all
(meaning listening AND established)tcp
(t) sessionsnumeric
(n), and show theprocesses
(p) - netstat
-tan
tcp, all (listening and established), numeric - netstat - s -e | grep ESTAB #notice the space before the s
Give netstat -s
a try. It gives you lots of info in a table form.
2.20.1 netstat is not obsolete, but other tools may be appropriate too.
Replacements are:
- netstat is ss
- netstat -r is
ip route
- netstat -i is
ip -s link
- netstat -g is
ip maddr
But netstat -natp
is still useful, as is netstat -s
don't forget these.
2.21 netstat on darwin (apple)
- netstat -s -s show statitics (second -s supresses all with zero count)
- netstat -b show byte count (in and out) of interface (need to specify -i)
- netstat -d show dropped byte count (in and out) of interface
- netstat -L show listen queues
2.22 nslookup
usual
2.23 nload
bandwidth monitoring tools nload devices ens3
2.24 nmap
check open ports on any device. For security audits. See nmap.org
nmap
nmap -sP 192.168.111.12
# ping scannmap -sT 192.168.111.12
# TCP port scan (up to 1000)nmap -sT -p 80,443,22 192.168.111.12
# scanning ports 80, 443, and 22nmap -sS --script vuln 192.168.111.12
# silent, vuln script scannmap 192.168.111.13
# your own host or others
2.25 ping, route add, route del 192.168.10.0/24 gw 192.168.10.1
2.26 scp
secure copy to remote hosts. Can copy files and directories. You need scp -r to copy directories.
2.27 sftp
like scp, secure ftp to a remote host athat support SSH and sftp. Will need to generate ssh keys first.
2.28 ss
show detail info on sockets in sue. IT is a securite ftp over Ciscls network.
use the -pe
option to show the processes in established connections.
2.29 ssh
usual
2.30 tcpdump
- sudo tcpdump -i eth0
- sudo tcpdump -i ens33 –n -s0 -v port 80
-i interface
-nn numeric hosts, numeric ports
-s0 snap length (of packet captured / trucated ) or size of pkt
-v verbose -vv increases detail of output
- port Only capture traffic on port 80
-A ascii output (otherwise binary)
- proto 17 (without the - it is
- sudo tcpdump -i ens33 upd
- sudo tcpdump -i ens33 proto 17
- sudo tcpdump -i ens33 host 172.28.105.3
- sudo tcpdump -i ens33 dst 10.0.55
- sudo tcpdump -i ens33 src 172.28.105.2
- sudo tcpdump -i ens33 -l (force line buffered)
- sudo tcpdump -i ens33 -c (force packet buffered)
- sudo tcpdump -i esn33 -s0 -l port 80 | grep "Server"
- sudo tcpdump -i ens33 -w save-my-capture.pcap
- sudo tcpdump -in ens3 -w save-my-capture.pcap -s0
- sudo tcpdump -in ens3 -w save-my-capture.pcap -c 120
and or && or or or || or not or !
2.31 ss (socket statistics)
detailed info on socket statistics.
- -l to list listening sockets
- -t for tcp only
- ss -tulpn
tcp or udp, processes, listening, numeric
- ss -tuepn
tcp or udp, processes, established, numeric
- ss -tue
tcp or udp, established
- ss -e
established
- ss -es
established statistics
I find the most useful are -tulpn
and -tue
2.31.1 Additional ss tips
Use the -4
option to show just ipv4 connections, and -6
for ipv4
ss command also lets you filter socket port number or address number. eg, to display all socket connections with ssh as destination or source port:
ss -at '( dport = :22 or sport = :22 )'
ss -at '( dport = :ssh or sport = :ssh )'
These are paricularly useful on large servers with many connections, so you can filter for what you are looking for. Otherwise, just list them all.
For example: ss -tn src :80 or src :443
2.32 ssh (better than telnet which you shouldn't use anymore)
usual
2.33 tshark
a wireshark utility
- sudo tshark -i ens33
- sudo tshark -D (display all the interfaces we are capturing)
2.34 tracepath
like traceroute, but do not need superuser
2.35 traceroute
usual
2.36 w
check current system activity. ( a longer form of who
)
2.37 who
who is on the system
2.38 wget
like curl but can do recursive directory tree traversals.
3 Persistent Setup / Configuration using NetworkManager
Since RHEL 8 network.service file was changed to NetworkManager.service system that is designed to always run as a daemon. But changing the IP address in RHEL 8 is basically the same as it was in RHEL 7. If you want to use a static address instead of DHCP you can use the above guide to manually configure each of your network cards.
3.1 Traditional /etc/ifconfig???? and /etc/resolv.conf
These files may still be there, but they may NOT to be configured directly, because they may be configured by NetworkManager.
First you should verify if NetworkManager is controlling the setup or not. i.e. is it running.
systemctl status NetworkManager
systemctl is-enabled NetworkManager
If NetworkManager is running, then you can use the nmcli
3.2 Files used by NetworkManager
- /etc/protocols # list of protocols, i.e. TCP is '6'
- /etc/services # list of ports, i.d telnet is '23' dns is '53'
3.2.1 /etc/sysconfig/network-scripts directory
The file is ifcfg-eth0 or ifcfg-ens33 (whatever the physical name is) Here are two examples, the first using dhcp, the second using static ip addressing:
ifcfg-eth0
TYPE=Ethernet PROXY_METHOD=none BROWSER_ONLY=no BOOTPROTO=dhcp DEFROUTE=yes IPV4_FAILURE_FATAL=no IPV6INIT=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no IPV6_ADDR_GEN_MODE=stable-privacy NAME=ens33 UUID=dae548fd-88f6-4250-ad80-deaebde0104a DEVICE=ens33 ONBOOT=yes
ifcfg-eth0
TYPE=Ethernet NM_CONTROLLED=yes PROXY_METHOD=none BROWSER_ONLY=no BOOTPROTO=static IPADDR=172.17.18.19 NETMASK=255.255.255.0 NETWORK=172.17.18.0 BROADCAST=172.17.18.255 GATEWAY=172.17.18.1 DNS1=208.67.220.220 DNS2=208.67.222.222 DEFROUTE=yes IPV4_FAILURE_FATAL=no IPV6INIT=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no IPV6_ADDR_GEN_MODE=stable-privacy NAME=ens33 UUID=dae548fd-88f6-4250-ad80-deaebde0104a DEVICE=ens33 ONBOOT=yes
zintis@c8host /etc/sysconfig/network-scripts $ grep ONBOOT ifcfg-* ifcfg-ens33:ONBOOT=yes ifcfg-seneca-k1001:ONBOOT=yes ifcfg-seneca-opendns:ONBOOT=yes ifcfg-static:ONBOOT=no
3.2.2 For Seneca OPS335 class:
DEVICE=eth0 HWADDR={0c:00: BOOTPROTO=static DOMAIN=zintis.perkons.ops IPV6INIT=no ONBOOT=yes
3.2.3 Which files in /etc/sysconf/network-scripts are in use?
The configuration files in this directory are named based on the
nmcli "connection name". So for example if you run
nmcli dev status and get this output
zintis@c8host ~ $ nmcli dev status
DEVICE TYPE STATE CONNECTION
ens33 ethernet connected ens33
virbr0 bridge connected virbr0
virbr1 bridge connected virbr1
vnet0 tun connected vnet0
vnet1 tun connected vnet1
lo loopback unmanaged –
virbr0-nic tun unmanaged –
virbr1-nic tun unmanaged –
zintis@c8host ~ $
Then you should expect to see ens33, virbr0, virbr1, vnet0, vnet1 all as
files in /etc/sysconf/network-scripts
with the prefix 'ifcfg-'
In actual fact, I only see the physical interface, i.e.
one file: "ifcfg-ens33"
Using nmcli add will add more here. i.e. Do not edit these directly. Rather use nmcli and see nmcli.org file.
3.2.4 /etc/resolv.conf
This file is read-only when using NetworkManager. Use it to confirm that the DNS settings have be read properly from the network-scripts files. Do NOT configure this manually as those configs will be over-written by NetworkManager. (To change this behaviour and go old school, see the old-school settings in this document.
3.2.5 File that configures NetworkManager
but do not edit this… just look.
4 Related Commands
4.1 Restarting network services
For changes to the config files to be in effect, you must restart the network services using the command:
sudo systemctl restart NetworkManager
systemctl --state=running
- sudo systemctl status NetworkManager.service
- sudo systemctl stop NetworkManager.service
- sudo systemctl status NetworkManager.service
- sudo systemctl start NetworkManager.service
- sudo systemctl status NetworkManager.service
- sudi systemctl restart NetworkManager.service
- You could also use nmcli to start/stop the network.
- nmcli networking off
- nmcli networking on
4.2 cat /etc/resolv.conf
Since CentOS uses NetworkManager to make changes, this file is now read-only by the user. It is still a quick way to check what the current DNS server settings are though.
To change DNS use the following:
4.3 Changing DNS settings
- sudo nmcli connection
- sudo nmcli connection mod {connetionName} ipv.dns "208.67.222.222 208.67.220.220"
See nmcli connection
4.4 nmcli
This is the command-line tool for controlling NetworkManager.
4.4.1 man nmcli and nmcli –help
- nmcli options
- -p for pretty output
- -m –mode switch from tabular mode to multiline mode (default is tabular)
- -s –show-secrets will show passwords in remote connection events
- -v –version
- -h –help
- nmcli object
- g[eneral] NetworkManager's general status and operations
- n[etworking] overall networking control
- r[adio] NetworkManager radio switches
- c[onnection] NetworkManager's connections
- d[evice] devices managed by NetworkManager
- a[gent] NetworkManager secret agent or polkit agent
- m[onitor] monitor NetworkManager changes
4.5 nmcli g[eneral]
4.5.1 nmcli g status
4.5.2 nmcli g hostname
To get the current hostname
4.5.3 nmcli g hostname this-is-my-new-hostname
This changed it to 'thisis-my-new-hostname'
4.5.4 nmcli g logging
4.5.5 nmcli -t -f RUNNING general
4.6 nmcli n[etworking]
4.6.1 nmcli n on, off # careful!! you may turn off all network interfaces here.
4.6.2 nmcli n connectivity
none : not connected to any network. portal: behind a captive portal and cannot reach the full Internet. limited: connected to a network, but it has no access to the Internet. full: connected to a network and has full access to the Internet.
5 nmcli connection
5.1 nmcli c[onnection] (use tab completion, including double-tab)
The NAME field in the output always denotes the connection ID (name). It is not the interface name even though it might look the same.
(From the man pages of nmcli:)
COMMAND := { show | up | down | add | modify | clone | edit |
delete | monitor | reload | load | import | export }
NetworkManager stores all network configuration as "connections", which are collections of data (Layer2 details, IP , etc.) that describe how to create or connect to a network. A connection is "active" when a device uses that connection's configuration to create or connect to a network. There may be multiple connections that apply to a device, but only one of them can be active on that device at any given time. The additional connections can be used to allow quick switching between different networks and configurations.
Consider a machine which is usually connected to a DHCP-enabled network, but
sometimes connected to a testing network which uses static IP addressing.
Instead of manually reconfiguring eth0 each time the network is changed,
the settings can be saved as two connections which both apply to eth0, one
for DHCP (called default) and one with the static addressing details
(called testing). When connected to the DHCP-enabled network the user would
run nmcli con up default
, and when the static network the user would
run nmcli con up testing
.
To construct a meaningful connection you at the very least need to set the connection.type property (or use the type alias) to one of known NetworkManager connection types:
· ethernet
· wifi
· wimax
· pppoe
· gsm
· cdma
· infiniband
· bluetooth
· vlan
· bond
· bond-slave
· team
· team-slave
· bridge
· bridge-slave
· vpn
· olpc-mesh
· adsl
· tun
· ip-tunnel
5.1.1 nmcli connection show # shows all connections
zintis@c8host /etc/sysconfig/network-scripts $ =nmcli con show=
NAME UUID TYPE DEVICE
ens33 dae548fd-88f6-4250-ad80-deaebde0104a ethernet ens33
virbr0 dd447f32-256d-4af3-9dd0-45a3cf425865 bridge virbr0
virbr1 b0b8b543-bff7-4dce-a644-5d38c5a30ce8 bridge virbr1
vnet0 ccc79efb-6e29-4314-b9de-d6d5af29987e tun vnet0
vnet1 4452479a-1918-4e4f-8783-4df089287829 tun vnet1
Notice the two columns NAME and DEVICE are the same. They DO NOT have to be.
The NAME fuction is what allows you to create multiple "connection profiles" for a given device.
5.1.2 nmcli connection show active
5.1.3 nmcli connection add
nmcli con add type ethernet con-name my-office ifname eth0
adding different connection names to the same physical device.
nmcli con add type ethernet con-name my-home ifname eth0
NetworkManager will set its internal parameter connection.autoconnect to yes. NetworkManager will also write out settings to /etc/sysconfig/network-scripts/ifcfg-my-office where the ONBOOT directive will be set to yes.
Note that manual changes to the ifcfg file will not be noticed by NetworkManager until the interface is next brought up.
5.1.4 nmcli connection clone followed by edit.
nmcli
5.1.5 nmcli connection edit
This runs an interactive mini-session. I tested this:
nmcli connection edit type ethernet con-name google
set ipv4.dns 8.8.8.8 8.8.4.4
save
quit
To make this change temporary, issue the command save temporary in place of save.
I think I prefer nmcli conn mod over nmcli conn edit.
nmcli connection mod google ipv4.dns "8.8.8.8 8.8.4.4"
5.1.6 nmcli connection up
5.1.7 Example session showing nmcli connection modify
cd /etc/sysconfig/network-scripts sudo nmcli networking on nmcli connection ip -4 address show sudo nmcli connection up static ping cisco.com # fail sudo nmcli connection up ens33 ping cisco.com # success sudo nmcli connection modify static ipv4.dns "208.67.222.222 208.67.220.220" sudo nmcli connection modify static ipv4.gateway 192.168.128.1 sudo nmcli connection up static ping cisco.com # success ip -4 address show ens33 sudo nmcli connection up ens33 ping cisco.com # success ip -4 address show ens33 cat ifcfg-static cat ifcfg-ens33 nmcli connection modify seneca-google autoconnect off # equivalent to ONBOOT=no
5.1.8 $ ls /etc/sysconfig/network-scripts
ifcfg-ens33 ifcfg-seneca-google ifcfg-sene
sudo nmcli connection up static
5.1.9 nmcli connection monitor
5.1.10 DNS example
To set up DNS ip address for google, you can create a connection called
"google " with the following DNS:
sudo nmcli connection add type ethernet con-name google ifname ens33
sudo nmcli connection mod google ipv4.dns "8.8.8.8 8.8.4.4"
To set up DNS ip address for opendns, you can create a connection called
"opendns" with the following DNS:
sudo nmcli connection mod opendns ipv4.dns "208.67.222.222 208.67.220.220"
to switch to between them do this:
Typical sets to creating a new "connection profile" in nmcli
5.1.11 Table comparing nmcli commands to ifcfg-* configuartions
nmcli connection modify | ifcfg-* file | Outcome |
---|---|---|
ipv4.methed manual | BOOTPROTO=none | IPv4 address is static |
ipv4.method auto | BOOTPROTO=dhcp | IPv4 settings assigned |
by dhcp protocol | ||
ipv4.address "10.1.1.5/24" | IPADDR=10.1.1.5 | Set static ip addr |
PREFIX=24 | AND subnet mask | |
ipv4.gateway 10.1.1.1 | GATEWAY=10.1.1.1 | Set ipv4 gateway |
ipv4.dns "8.8.8.8 8.8.4.4" | DNS1=8.8.8.8 | /etc/resolv.conf is |
DNS2=8.8.4.4 | updated | |
ipv4.dns-search acme.com | DOMAIN=acme.com | /etc/resolv.conf is |
modified to use acme.com | ||
ipv4.ignore-auto-dns true | PEERDNS=no | Ignore DNS server info |
received from DHCP | ||
connection.autoconnect yes | ONBOOT=yes | Active this on boot |
connection.id eth0 | NAME=eth0 | Name of this connection |
connection.interface-name | DEVICE=eth0 | Bind this connection to |
the interface eth0 | ||
802-3-ethernet.mac-address | HWADDR=00:00:ca:fe:be:ef | The connection is bound |
00:00:ca:fe::be:ef | to the network using | |
this MAC addr | ||
ipv4.never-default no | DEFROUTE=yes | Never use provided int |
gateway as default gw |
5.2 nmcli r[adio]
5.2.1 nmcli r
show the status of your wifi radio
5.2.2 nmcli r wifi [on | off]
5.3 nmcli d[evice]
5.3.1 nmcli d
5.3.2 nmcli d -help
5.3.3 nmcli d show [<ifname>]
5.3.4 nmcli d connect [<ifname>]
5.3.5 nmcli d reapply [<ifname>]
5.3.6 nmcli d modify [<ifname>]
5.3.7 nmcli d disconnect [<ifname>]
5.3.8 nmcli d delete [<ifname>]
5.3.9 nmcli d monitor [<ifname>]
5.3.10 nmcli d wifi [list [ifname <ifname>] [bssid <BSSID>]]
5.3.11 nmcli d wifi connect <(B)SSID> [password <password>] [wep-key-type key|phrase] [ifname <ifname>]
[bssid <BSSID>] [name <name>] [private yes|no] [hidden yes|no]
5.3.12 nmcli d wifi rescan
5.4 nmcli g[eneral]
5.4.1 nmcli monitor
good to see what is happening with interface state changes.
6 nmcli examples (from man page)
- nmcli -t -f RUNNING general tells you whether NetworkManager is running or not.
- nmcli -t -f STATE general shows the overall status of NetworkManager.
- nmcli radio wifi off switches Wi-Fi off.
- nmcli connection show lists all connections NetworkManager as.
- nmcli -p -m multiline -f all con show shows all configured connections in multi-line mode.
- nmcli connection show –active lists all currently active connections.
- nmcli -f name,autoconnect c s shows all connection profile names and their auto-connect property.
- nmcli -p connection show "My default em1" shows details for "My default em1" connection profile.
- nmcli –show-secrets connection show "My Home WiFi" shows details for "My Home WiFi" connection profile with all passwords. Without –show-secrets option, secrets would not be displayed.
- nmcli -f active connection show "My default em1" shows details for "My default em1" active connection, like IP, DHCP information, etc.
- nmcli -f profile con s "My wired connection" shows static configuration details of the connection profile with "My wired connection" name.
- nmcli -p con up "My wired connection" ifname eth0 activates the connection profile with name "My wired connection" on interface eth0. The -p option makes nmcli show progress of the activation.
7 nm settings compared to ifcfg settings
These are set with nmcli conn mod <device> … for example:
` sudo nmcli con mod ens3 ipv4.route "192.168.111.0/24 192.168.111.13 100"
nmcli con mod | ifcfg-* file | Effect |
---|---|---|
ipv4.method manual | BOOTPROTO=none | IPv4 address configured statically |
ipv4.method auto | BOOTPROTO=dhcp | Will look for configuration |
settings from a DHCPv4 server | ||
ipv4.address | IPADDR=192.168.0.10 | Set static IPv4 address, |
"192.168.0.10/24" | PREFIX=24 | network prefix |
ipv4.gateway 192.168.0.1 | GATEWAY=192.168.0.1 | Set IPv4 Gateway |
ipv4.dns 8.8.8.8 | DNS1=8.8.8.8 | Modify /etc/resolv.conf to |
use this nameserver | ||
ipv4.dns-search | DOMAIN=example.com | Modify /etc/resolv.conf to use this |
example.com | domain in the search directive | |
ipv4.ignore-auto-dns | PEERDNS=no | Ignore DNS Server information from |
true | the DHCP Server | |
connection.autoconnect | ONBOOT=yes | Automatically activate this |
yes | connection on boot | |
connection.id eth0 | NAME=eth0 | The name of this connection |
connection.interface-name | DEVICE=eth0 | The connection is bound to the |
eth0 | network interface with this name | |
802-3-ethernet.mac-address | HWADDR= | The connection is bound to network |
08:00:27:4b:7a:80 | 08:00:27:4b:7a:80 | interface with this MAC Address |
ipv4.never-default no | DEFROUTE=yes | Never use provided interface's |
gateway as default gateway |
Aftwards use nmcli dev show
to see what has been set.
8 Troubleshooting Tips
8.1 Physical (layer 1)
Don't overlook this obvious one even on a virtual environment. At the end of the day the packets have to flow off your machine somehow.
8.2 Link (layer 2)
Looking at the layer 2 of the OSI model. ip link netstat -i arp -a ip neigh # like arp -a
ip neigh # on C8host 192.168.111.216 dev virbr0 lladdr 52:54:00:41:fa:57 STALE 192.168.111.200 dev virbr0 lladdr 52:54:ca:fe:be:ef STALE 192.168.111.251 dev virbr0 lladdr 52:54:00:59:5d:be STALE 192.168.2.1 dev ens33 lladdr 40:c7:29:ef:1f:80 DELAY
8.3 Network (layer 3)
netstat -nr
ip route
ip route list
# these two are the sameip route show
# these two are the sameip route show default
# good one to start withip route show table local
ip route get 172.16.17.18
# shows where to go and from what address (source)ip route get 0.0.0.0]
ip route help
or just
ip route add default gw 192.168.111.1
ip route add default via 192.168.128.1 dev ens09 proto static metric 101
ip route delete default via 10.1.1.1
ip route add 192.168.111.0/24 via 192.168.128.1 dev ens09
ip route delete 192.168.111.0/24 via 192.168.128.1
ip route replace 192.168.168.0/24 via 10.0.2.2 dev enp0s3
ping -4 -c 3 -n 8.8.8.8
8.4 Domain Name Service (DNS)
dig cbc.ca dig senecacollege.ca dig @192.168.1.1 senecacollege.ca
8.5 iptables (could also be firewall, so firewalld)
open a separate terminal window and watch the iptable rule counters while attempting to run whatever does not work: i.e. ping, or ssh, or a webpage
- sudo iptables -L [INPUT] -v -n
- sudo watch -n 2 iptables -L [INPUT] -v -n
8.6 selinux (Secure Linux)
9 Putting it all together
- ip address
- ip link set ens33 up
- nmcli networking on
- nmcli link show ens33
- nmcli connection
- nmcli general status ens33
- edit /etc/sysconfig/network-scripts/ifcfg-ens33
- nmcli networking off
- nmcli networking on
- edit /etc/resolv.conf to add a nameserver like 8.8.8.8
10 Configuration (when using libvirtd) see kvm.org file.
When using KVM
and virtualization
, the configs are slightly different.
The biggest difference is that you now have more than just the physical
interfaces.
With the installation of libvirtd
and its services create a virtual bridge
interface
virbr0
with network 192.168.122.0/24. In your setup there might
be requirements to use a different network. We will tune the virbr0 and eth1
( In this case eth1
is the base interface
for virbr0
. Check your setup to
determine what the base interface/physical interface is called. )
Update the interface configuration files as below
cat /etc/sysconfig/network-scripts/ifcfg-eth1 TYPE=Ethernet BOOTPROTO=none NAME=eth1 ONBOOT=yes BRIDGE=virbr0 HWADDR=00:0c:29:41:15:0a cat /etc/sysconfig/network-scripts/ifcfg-virbr0 TYPE=BRIDGE DEVICE=virbr0 BOOTPROTO=none ONBOOT=yes IPADDR=192.168.1.10 NETMASK=255.255.255.0 GATEWAY=192.168.1.1
Note – Replace the IP Address / MAC/UUID Info with the appropriate in your setup.
Enable the IPv4 forwarding
echo net.ipv4.ip_forward = 1 | tee /usr/lib/sysctl.d/60-libvirtd.conf /sbin/sysctl -p /usr/lib/sysctl.d/60-libvirtd.conf # Configure Firewall firewall-cmd --permanent --direct --passthrough ipv4 -I FORWARD -i bridge0 -j ACCEPT firewall-cmd --permanent --direct --passthrough ipv4 -I FORWARD -o bridge0 -j ACCEPT firewall-cmd --reload
=============================================================
11 ip commands
ip commands are in the form Some ip commands have the -c option to colour the output.
The most common ip commands are:
ip address
ip route
ip neigh
You can check syntax using:
ip link help
ip address help
ip route help
ip neigh help
11.1 Installing iproute
sudo dnf upgrade iproute
11.2 ip Syntax
ip [ OPTIONS ] OBJECT { COMMAND | help } ip [ -force ] -batch filename OBJECT := { link | address | addrlabel | *route* | rule | neigh | ntable | tunnel | tuntap | maddress | mroute | mrule | monitor | xfrm | netns | l2tp | tcp_metrics | token | macsec } OPTIONS := { -V[ersion] | -h[uman-readable] | -s[tatistics] | -d[etails] | -r[esolve] | -iec | -f[amily] { inet | inet6 | ipx | dnet | link } | -4 | -6 | -I | -D | -B | -0 | -l[oops] { maximum-addr-flush-attempts } | -o[neline] | -rc[vbuf] [size] | -t[imestamp] | -ts[hort] | -n[etns] name | -a[ll] | -c[olor] | -br[ief] | -j[son] | -p[retty] } SHORTCUTS -4 shortcut for -family inet. -6 shortcut for -family inet6. -B shortcut for -family bridge. -D shortcut for -family decnet. -I shortcut for -family ipx. -M shortcut for -family mpls. -0 shortcut for -family link. COMMAND Usually just, *add*, *delete* and *show*. EXAMPLES ip addr ip neigh ip link set ens33 up ip route ip addr show ip addr show dev ens09 ip addr show type bridge ip -4 a s ens33 Use tab completion to see that the above command is really ip -4 address show ens33 ip link ip link | grep UP ip link set ens33 down|up # staple command ip addr add 192.168.128.77/24 dev ens09 # this adds a static address # to eth1 on the fly ip addr show dev ens09 ip addr del 192.168.128.77/24 dev ens09 ip addr flush dev ens09 # removes all protocols, not just ipv4 ip addr del 192.168.128.77/24 dev ens09 # this removes the static address ip -s link show dev ens09 ip -s link show dev ens09 # extra statistics *good ip route list ip route add default via 192.168.128.1 dev ens09 proto static metric 101 ip route list ip route show ip route show table local
- note that the output will have a 'scope'
Scope Description global valid everywhere site valid only within this site (IPv6) link valid only on this device host valid only inside this host (machine) ip route delete default via 10.1.1.1 ip route add 192.168.111.0/24 via 192.168.128.1 dev ens09 ip route add 10.0.0.0/8 vai 192.168.128.1 dev ens09 ip route delete 192.168.111.0/24 ip route replace 192.168.168.0/24 via 10.0.2.2 dev enp0s3 ip route get 172.16.17.18 172.16.17.18 via 192.168.128.1 dev ens33 srce 10.0.2.10 cache ip route get 0.0.0.0 ip neigh # like arp -a
11.3 ip route
Syntax:
ip route add {NETWORK/MASK} via {GATEWAYIP}
ip route add {NETWORK/MASK} dev {DEVICE}
ip route add default {NETWORK/MASK} dev {DEVICE}
ip route add default {NETWORK/MASK} via {GATEWAYIP}
Before adding the follow route:
sudo ip route add 192.168.111.0/255.255.255.0 dev ens3
My vm guest was sending local ip subnet traffic to the default gw. I was getting a icmp redirect from the gw telling my vm to go direct.
After I added the route, this was fixed.
11.3.1 The ip route BEFORE my change:
default via 192.168.111.1 dev ens3 proto static metric 100 192.168.111.1 dev ens3 proto static scope link metric 100 192.168.111.12 dev ens3 proto kernel scope link scrc 192.168.111.12 metric 100
11.3.2 ip route AFTER my change:
default via 192.168.111.1 dev ens3 proto static metric 100 =192.168.111.0/24dev ens3 scope link 192.168.111.1 dev ens3 proto static scope link metric 100 192.168.111.12 dev ens3 proto kernel scope link scrc 192.168.111.12 metric 100
Then I was no longer getting icmp redirects from my default GW
ip route list
11.4 Using nmcli to add a route:
see nmcli.org file:
sudo nmcli connection modify ens3 ipv4.routes '192.168.111.0/24 192.168.111.11 100'
nmcli connection modify
but in a nut-shell here, ip route
should show you the route that
nmcli con mod ens3 ipv4.routes
added
I also ran commands such as, editing /etc/sysconfig/network-scripts/route-ens3
but I don't believe that did anything because once I nmcli network off/on
to
restart the network, it looks like NetworkManager automatically added
/etc/sysconfig/network-scripts/route-ens3-1
that looked like this:
ADDRESS0=192.168.111.0 NETMASK0=255.255.255.0 GATEWAY0=192.168.111.13 METRIC0=100
I did not add or edit this file manually, so it was the work of NetworkManager, after I issued the command:
sudo nmcli con mod ens3 ipv4.route "192.168.111.0/24 192.168.111.13 100"
By the way, .13
is the host's own ip address on ens3
so that packets destined
for the local subnet
, get out the local .13 interface
.
Confirm this
12 Example session:
nmcli connection modify static ipv4.method manual nmcli connection modify static ipv4.dns "208.67.220.220 208.67.222.222" nmcli connection modify static ipv4.gateway "192.168.128.1" nmcli connection modify static connection.autoconnect no nmcli connection up static nmcli connection ip -4 address show ens33 sudo systemctl enable NetworkManager sudo systemctl status NetworkManager.service sudo systemctl start NetworkManager.service sudo systemctl status NetworkManager.service sudo systemctl restart NetworkManager.service sudo systemctl status NetworkManager.service sudo systemctl stop NetworkManager.service sudo systemctl disable NetworkManager.service
13 Restarting network
Restarting network variations in CentOS
sudo systemctl enable NetworkManager
sudo systemctl restart NetworkManager.service
sudo systemctl restart NetworkManager
# should be the same thing- =sudo systemctl start NetworkManager
then check NetworkManager with
sudo systemctl status NetworkManager -l
13.1 Restarting using nmcli
nmcli networking off
nmcli networking on
zintis@c8host /etc/sysconfig/network-scripts $ nmcli connection NAME UUID TYPE DEVICE ens33 dae548fd-88f6-4250-ad80-deaebde0104a ethernet -- seneca-k1001 1f8bb745-52c0-4e0f-af86-6cf0a1a6b2b9 ethernet -- seneca-opendns f0ed2894-2a3d-411a-aae3-615ee2998b4d ethernet -- static f05a8dde-6957-4baa-aa0c-3da268920f78 ethernet -- zintis@c8host /etc/sysconfig/network-scripts $ sudo nmcli networking on zintis@c8host /etc/sysconfig/network-scripts $ nmcli connection NAME UUID TYPE DEVICE ens33 dae548fd-88f6-4250-ad80-deaebde0104a ethernet ens33 virbr0 359f656e-d089-46d9-9488-b591ee1228be bridge virbr0 vnet0 0740372b-2b85-4b36-bf79-9ae57bc72c2b tun vnet0 vnet1 6fd56129-3678-4cd8-8acf-38c579b36c10 tun vnet1 seneca-k1001 1f8bb745-52c0-4e0f-af86-6cf0a1a6b2b9 ethernet -- seneca-opendns f0ed2894-2a3d-411a-aae3-615ee2998b4d ethernet -- static f05a8dde-6957-4baa-aa0c-3da268920f78 ethernet --
13.2 ifup in CentOS is actually a script that runs nmcli
ifdown eth0
ifup eth0
# see script below:
The basic installation of RHEL 8 provides a new version of the ifup and ifdown scripts which call the NetworkManager service through the nmcli tool.
$ which ifup /usr/sbin/ifup $ file /usr/sbin/ifup /usr/sbin/ifup: symbolic link to /etc/alternatives/ifup $ file /etc/alternatives/ifup /etc/alternatives/ifup: symbolic link to /usr/libexec/nm-ifup $ file /usr/libexec/nm-ifup /usr/libexec/nm-ifup: POSIX shell script, ASCII text executable $ cat !$ cat /usr/libexec/nm-ifup #!/bin/sh nmcli connection load "/etc/sysconfig/network-scripts/ifcfg-$1" && exec nmcli connection up filename "/etc/sysconfig/network-scripts/ifcfg-$1" zintis@c8host /usr/lib/systemd/system $
The custom commands in /sbin/ifup-local
, ifdown-pre-local
and ifdown-local
scripts are not executed.
14 Layer 2 tools
MAC address can be displayed with :
cat /sys/class/net/ens33//address
00:0c:29:81:40:98
Also by running ifconfig,
Possibly from /etc/sysconfig/network-scripts/ifcfg-ens33
and in line HWADDR=
ip link
# this is the proper future-proof way.ip link
ip monitor help touch my-ip-monitor-output ip monitor link route file my-ip-monitor-output dev ens33 nmcli connection up
14.1 phyical link up/down baseline comparison
14.1.1 down:
ip link show ens33
2: ens33: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq_codel state DOWN mode DEFAULT group default qlen 1000 link/ether 00:0c:29:81:40:98 brd ff:ff:ff:ff:ff:ff
14.1.2 breaking it down:
ens33 < _NO-CARRIER_,BROADCAST,MULTICAST,UP>
mtu 1500
qdisc fq_codel
state DOWN
mode DEFAULT
group default
qlen 1000
link/ether 00:0c:29:81:40:98
brd ff:ff:ff:ff:ff:ff
14.1.3 up:
ip link show ens33
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000 link/ether 00:0c:29:81:40:98 brd ff:ff:ff:ff:ff:ff
14.1.4 breaking it down:
ens33: <BROADCAST,MULTICAST,UP,LOWER_UP>
mtu 1500
qdisc fq_codel
state UP
mode DEFAULT
group default
qlen 1000
link/ether 00:0c:29:81:40:98
brd ff:ff:ff:ff:ff:ff
15 deprecated commands
15.1 debian/ubuntuu
sudo /etc/init.d/networking restart sudo /etc/init.d/networking stop sudo /etc/init.d/networking start
15.2 Centos (old school)
sudo /etc/init.d/network restart sudo /etc/init.d/network stop sudo /etc/init.d/network start sudo service restart network sudo /etc/init.d/networking restart sudo /etc/init.d/network restart
Deprecate | Replacement command(s) |
---|---|
arp | ip n (neighbour) |
ifconfig | ip a (ip addr) |
ip link | |
ip -s (ip -stats) | |
iptunnel | ip tunnel |
iwconfig | iw |
nameif | ip link, ifrename |
netstat | ss, |
ip route (netstat -nr) | |
(not really | ip -s link (netstat -i) |
deprecated) | ip maddr (netstat -g) |
route | ip r (ip route) |
15.3 network vs NetworkManager
In CentOS 8 or RHEL 8 there is no ‘network.service’
which used to serve
as a legacy daemon in the earlier version. Because now all network-related
commands
will utilize NetworkManager
Service in the backend.
network
and NetworkManager
are two separate services that operate network
connections. If you have Network Manager running, you won't need
network service - they don't work together.'
network
is deprecated in RedHat and CentOS
15.4 Start Network Service without NetworkManager (but best not to)
If you use NM_CONTROLLED=no
in ifcfg file
then you will be unable to bring
up interfaces with ‘ifup‘
command.
So, to remove an interface from the control of NetworkManager
, edit
the ifcfg-eth0
(or whatever the interface in question is called) and
add the line : NM_CONTROLLED=no
In that case this interface will be managed by legacy network scripts
15.5 ifconfig
ifconfig
Still useful to see config settings.
16 If using OpenStack, you will have to disable NetworkManager
So that the OpenStack
can use the legacy network scripts
to configure and
control the network interfaces.
These are the steps to disable NetworkManager
chkconfig --list NetworkManager
service NetworkManager stop
ORsystemctl NetworkManager stop
??chkconfig --list NetworkManager
- edit each
/etc/sysconfig/network-scripts/ifcfg-
file and add:NM_CONTROLLED=no
ONBOOT=yes
service network start
chkconfig network on
17 Possible troubleshooting tip (unconfirmed)
In Centos7.0 disabling NetworkManager will leave a dhcp client running configured for NetworkManager. This causes the error message RTNETLINK answers: File exists when the network service is started.
The stale dhclient process has the additional "benefit" that when the lease expires your dhclient will choke, since it cannot reach NetWorkManager, thus removing your IP address.
If you grep for it, you will see that it points to a NetWorkManager configuration file.
[root@host ~]# ps -ef | grep dhc root 1865 792 0 Apr28 ? 00:00:00 /sbin/dhclient -d -sf \ /usr/libexec/nm-dhcp-helper -pf /var/run/dhclient-eno1.pid -lf\ /var/lib/NetworkManager/dhclient-c96e56d3-a4c9-4a87-85ca-93dc8f2-eno1.lease\ -cf /var/lib/NetworkManager/dhclient-eno1.conf eno1
So what you can do is kill the dhclient and only then start your network service.
I too faced this on a CentOS 7.2 cloned virtual machine. This is how I fixed it.
systemctl disable NetworkManager systemctl enable network Find MAC address of the interface through command /sbin/ifconfig -a and append that in /etc/sysconfig/network-scripts/ifcfg-<interface_name>.
You can use the below commands for the first interface.
nic_file=`ls /etc/sysconfig/network-scripts/ifcfg-e*`
ifconfig -a | grep ether | awk '{ print $2 }' | sed 's/.*/HWADDR=&/' >> ${nic_file}
Then fire reboot to restart the server
18 dhclient
-4
or -6
as first option
to the dhclient will limit the command to either
ipv4 or ipv6
Check what interface you want to use first, with nmcli dev
or ifconfig
19 VMWare Fusion commands
Just a reminder:
Control-command-F
to toggle full screen.(C-command-F)
alt-cntl-hammer
if on VMWare workstation(M-C-hammer)
20 Good site to see wifi settings and general nm-settings-ifcfg-rh
21 frustration simply setting a static ip address!!
Have a centos 8 vm up and running and I can't change the ip address to a
static one, and have it stay over a reboot? Everytime you reboot it switches
back to a dhcp address? I have confirmed a correct
/etc/sysconfig/network-scripts/ifcfg-ens3
file.
21.1 Steps to try:
- set a new nmcli connection called 'wired'
nmcli conn edit con-name wired ethernet
# this asked for other parms and I just quit out of it but afterwards, nmcli connection showed this:
nmcli connection show NAME UUID TYPE DEVICE Wired connection 1 4058c455-ff34-3ec2-80fc-e19ca95567b7 ethernet ens3 ens3 857dda65-7355-3f5c-8d85-b5c505edda9f ethernet -- wired 9c1d948f-b9d0-49ec-b6a4-f2377fce6914 ethernet --
- However, when I check the connection, it shows that ipv4.address is auto
NOT static.
nmcli connection show NAME UUID TYPE DEVICE Wired connection 1 4058c455-ff34-3ec2-80fc-e19ca95567b7 ethernet ens3 ens3 857dda65-7355-3f5c-8d85-b5c505edda9f ethernet -- wired 9c1d948f-b9d0-49ec-b6a4-f2377fce6914 ethernet -- root@vm5/etc/sysconfig/network-scripts[1035]$ nmcli connection show "Wired connection 1" connection.id: Wired connection 1 connection.uuid: 4058c455-ff34-3ec2-80fc-e19ca95567b7 connection.stable-id: -- connection.type: 802-3-ethernet connection.interface-name: ens3 connection.autoconnect: yes connection.autoconnect-priority: -999 connection.autoconnect-retries: -1 (default) connection.multi-connect: 0 (default) connection.auth-retries: -1 connection.timestamp: 1588106497 connection.read-only: no connection.permissions: -- connection.zone: -- connection.master: -- connection.slave-type: -- connection.autoconnect-slaves: -1 (default) connection.secondaries: -- connection.gateway-ping-timeout: 0 connection.metered: unknown connection.lldp: default connection.mdns: -1 (default) connection.llmnr: -1 (default) connection.wait-device-timeout: -1 802-3-ethernet.port: -- 802-3-ethernet.speed: 0 802-3-ethernet.duplex: -- 802-3-ethernet.auto-negotiate: no 802-3-ethernet.mac-address: -- 802-3-ethernet.cloned-mac-address: -- 802-3-ethernet.generate-mac-address-mask:-- 802-3-ethernet.mac-address-blacklist: -- 802-3-ethernet.mtu: auto 802-3-ethernet.s390-subchannels: -- 802-3-ethernet.s390-nettype: -- 802-3-ethernet.s390-options: -- 802-3-ethernet.wake-on-lan: default 802-3-ethernet.wake-on-lan-password: -- ipv4.method: auto #### this sould be static. ipv4.dns: -- ipv4.dns-search: -- ipv4.dns-options: -- ipv4.dns-priority: 0 ipv4.addresses: -- ipv4.gateway: -- ipv4.routes: -- ipv4.route-metric: -1
So trying to set it to static like so:
nmcli connection mod ipv4.method static dev ens3
but I got this error:
Error: unknown connection 'ipv4.method'
.
The follwing did NOT give me an error but ipv4.method was still 'auto'
nmcli connection mod ens3 ipv4.method manual
21.2 Trying ifconfig command to force the issue
Well, actually I man ifconfig
states that this is obsolete, and I should use
ip link
and ip addr
.
ip -4 address change 192.168.111.15/24 dev ens3
followed by
ip -4 address del 192.168.111.159/24 dev ens3
Ths worked in the current session
. I suspect this is still temporary
though.
So, I tried:
ip address save permanent
Got a funky error:
"Not sending a binary stream to stdout"
Rebooted and …. NOT JOY. Still reverted to the dhcp address .159
ip -4 address change 192.168.111.15/24 dev ens3
ip -4 address del 192.168.111.159/24 dev ens3
It is possible that the reason it is failing is because the ifcfg file has a hardware address that does NOT match the new (cloned) vm.
Ok, so I fixed that, still NO JOY!!!
Where do I rename the nmcli dev connection
? Well, I do not rename it , but
I deleted it.
nmcli connection delete "Wired connection 1" Connection 'Wired connection 1' (4058c455-ff34-3ec2-80fc-e19ca95567b7) successfully deleted. root@vm5/etc/sysconfig/network-scripts[1019]$ nmcli dev DEVICE TYPE STATE CONNECTION ens3 ethernet connected ens3 lo loopback unmanaged -- root@vm5/etc/sysconfig/network-scripts[1020]$ nmcli conn show NAME UUID TYPE DEVICE ens3 81b2122e-ec36-3d00-960c-14a0becea150 ethernet ens3 root@vm5/etc/sysconfig/network-scripts[1021]$
That did the trick!
I also found this bash script for something very similar:
#!/bin/bash # customize as necessary OLD="Wired connection 1" NEW="eth1" DEVICE="ens3" GATEWAY="192.168.111.1" ADDRESS="192.168.111.15/24 ${GATEWAY}" nmcli con delete "$OLD" nmcli connection add type ethernet con-name "$NEW" ifname "$DEVICE" nmcli connection modify "$NEW" ipv4.addresses "$ADDRESS" nmcli connection modify "$NEW" ipv4.method manual nmcli connection down "$NEW"; nmcli connection up "$NEW" exit 0
Read more: blog.fpmurphy.com
From another discussion
If you don't like the new interface naming convention it is possible to name interfaces whatever you like. In /etc/sysconfig/network-scripts/ create a file ifcfg-[desired-name] Add: DEVICE=[desired-name] HWADDR=[mac address of the interface] You can add all the usual settings to this file as well. This will name the interface whatever you like and pairs it up based on the MAC address of your device. Centimane's method works also with centos 7 (redhat based).. Big thanks ! I also have in /etc/NetworkManager/NetworkManager.conf for plugings just plugins=ifcfg-rh , not keyfile. this is/was the simplest way to change the interface name.. and I googled a lot! of course NetworkManager will make a new interface so you have to configure it again... like disable dhcp from it.. so don't block your self out. if you put just mac and new name to the ifcfg file NetworkManager will fill the rest.
22 ip network namespaces, ip netns
Ip network namespaces allow you to create virtual networks on linux hosts. Much like vrf on a cisco router.
22.1 ip netns on c8host
Here is a history of the commands I ran on my centos host to create a vrf from the global namespace using veth0 to my tikls1 namespace using veth1:
ip address
ip link set ens33 up
nmcli networking on
nmcli link show ens33
nmcli connection
nmcli general status ens33
- edit
/etc/sysconfig/network-scripts/ifcfg-ens33
nmcli networking off
nmcli networking on
- edit
/etc/resolv.conf
to add a nameserver like 8.8.8.8
23 ip network namespaces, ip netns
Ip network namespaces allow you to create virtual networks on linux hosts. Much like vrf. They are used heavily in OpenStack among others.
ip netns # shows nothing if you have only the global namespace. # create a network namespace ip netns add tikls1 # all commands that you want to run in the tilks vrf/netns are # prefixed with "ip netns exec" - probably worth of an alias # loopback will automatically be set on any new network namespace: ip netns exec tikls1 ip link ip netns exec tikls1 ip link set dev lo up ip netns exec tikls1 ip link ip netns exec tikls1 ip addr ip netns exec tikls1 ping -c 3 127.0.0.1 # global namespace does NOT show the new loopback. ip link # network namespace interfaces are ALWAYS added in pairs. # create two new virtual interfaces, veth0 and 1 and a tunnel between them ip link add veth0 type veth peer name veth1 ip link add veth0 type veth peer name veth1 netns tilks1 # all in 1 step # optionally display what you have with "ip link" here # add veth1 to the "tikls1" network name space ip link set veth1 netns tikls1 ##### not need if done all in 1 step ip link # only shows global name space (i.e. NOT veth1) # so show the tilks1 network namespace links: ip netns exec tikls1 ip link # bring up the two veth interfaces: ip netns exec tikls1 ip link set dev veth1 up ip link set dev veth0 up # add ip addresses to both ip netns exec tikls1 ip addr add 10.0.0.27/24 dev veth1 ip addr add 10.0.0.99/24 dev veth0 # and now you can ping from one to the other. pings 10.0.0.27 # display both: ip link ip netns exec tikls1 ip link ip addr ip netns exec tikls1 ip addr
A good blog about this is on scottlowe.org
24 Ways to see all active connections.
There are many already listed in this document. This is a convenient summary of the all, with links to the sections above, and any others that are not yet listed:
- netstat
for example
netstat -tnpa | grep 'ESTABLISHED.*sshd'
or even better:netstat -tan | awk '{print $6}' | sort | uniq -c | sort -n
netstat -tan | cut -d " " -f 6}' | sort | uniq -c | sort -n
- just list the sixth field, (space delimited)
- sort the output
- count the # of repeated uniq lines
- sort the result numerically.
- ss (socket statistics) specifically
ss -tue
for established tcp/udp connections, as well asss -tues
to include statistics. last -a | grep -i still
who
w
ps auxwww | grep sshd: | grep -v grep
grep ssh /var/log/sshd
25 whois
I had to dnf install whois
first, after which I could run a command like
whois 222.187.232.10
In fact I created this simple bash script on my CentOS host to see who was attacking me:
25.1 fields in whois
Of the most useful fields returned from a whois query are:
- NetRange:
- CIDR:
- OrgName:
- Country:
For networks from China:
- inetnum:
- netname:
- descr:
- country:
- address:
- e-mail:
25.2 Home
26 Debian based distros use /etc/network/interfaces
Debian distros edit
the interface settings are in /etc/network/interfaces
file. This file is read by the network scripts ifup
and ifdown
Kali Linux
seems to also use ifconfig (old-school ;)). A great starting place is
man interfaces
sudo ifconfig eth0 172.17.17.77 netmask 255.255.255.0
sudo route add default gw 172.17.17.1 eth0
sudo echo "nameserver 208.67.220.220" > /etc/resolv.conf
ip r
# to display the ip route.ip a
# to display the ip addrip -6 r
# display the ipv6 route
You can of course use the kxfe GUI and Edit Connections
when clicking on the
ethernet port icon on the top line of kxfe.
If /etc/network/interfaces
does not exist, you can create it. Kali linux
will read it if it is there.
27 eth0, eth1, …
Debian linuxes name their interfaces eth0
for the first one, eth1
for th
second one and so on.
Here is my /etc/network/interfaces
file, manually edited:
# This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). source /etc/network/interfaces.d/* # The loopback network interface auto lo iface lo inet loopback auto eth0 iface eth0 inet static address 172.28.105.55/24 # /24 means you do NOT need netmask line # netmask 255.255.255.0 # if the /mask notation is NOT used gateway 172.28.105.1
- auto eth0
Lines that have
auto <interface name>
are to be brought up whenifup
is run with the-a
option. soifup -a
This also means they will be brought up on a reboot, much likesystemctl enable httpd
- allow-
Lines beginning with
allow-
identify interfaces that should be automatically "no shutdown" by various subsystems. For example--allow=hotplug eth0 eth3
would only bring up eth0 and eth3 if it is listed in an "allow-hotplug" line.allow-auto
andauto
are the same thing. - no-auto-down
interfaces marked with
no-auto-down
will stay up when you issue the commandifdown -a
Other interfaces would be brought down. - no-scripts
intefaces marked with
no-scripts
identify which interfaces wont run any scritps in/etc/network/if-*.d/
- dns-nameservers line
Some Debian based distros let you add a
dns-nameserver
line to your/etc/network/interfaces
file like this:# This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). source /etc/network/interfaces.d/* # The loopback network interface auto lo iface lo inet loopback auto eth0 iface eth0 inet static address 172.28.105.55/24 gateway 172.28.105.1 dns-nameservers 208.67.220.220 208.67.222.222
- adding domain
# This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). source /etc/network/interfaces.d/* # The loopback network interface auto lo iface lo inet loopback auto eth0 iface eth0 inet static address 172.28.105.55/24 gateway 172.28.105.1 dns-nameservers 208.67.220.220 208.67.222.222 dns-domain zintis.net
- dhcp
If you are using dhcp, and not a static ip address config:
auto eth0 allow-hotplug eth0 iface eth0 inet dhcp # for ipv4 iface eth0 inet6 dhcp # for ipv6
- appending ipv6 static address
Just append this: ifact eth0 inet6 static address fe80::aede:48ff:fe00:1122/64
27.1 DNS config in /etc/resolv.conf
And here is my /etc/resolv.conf
file, again, manually edited:
# Generated by NetworkManager nameserver 172.28.105.2 nameserver 172.28.105.3 # nameserver 208.67.222.222 # nameserver 208.67.220.220 # note: 105.2 and 105.3 are my primary and secondary dns servers for my # local kvm network. They do recursive dns lookups to upstream dns # servers from my dhcp setup on my production network.
In Kali linux /etc/resolv.conf should be written permanently and survive
a reboot. If not, the command sudo chattr +i /etc/resolv.conf
should fix it.
27.2 pre-up, post-up, pre-down, post-down commands
each interface defined in /etc/netowrk/interfaces
can have these options
as well, that specify commands that will execute at certain stages of an
interfaces state.
These commands will execute either before or after and ifup
command is
run. Same for if-down
etc.
27.3 up down script directories
These four directories
contain the scripts
run in an ifup
and ifdown
event.
/etc/networks/if-pre-up.d
/etc/networks/if-up.d
/etc/networks/if-down.d
/etc/networks/if-post-down.d
See man interfaces
for more details.
28 Restarting network on Kali/Debian
you use systemctl, but with networking.service
. So:
sudo systemctl start networking.service
sudo systemctl stop networking.service
sudo systemctl status networking.service
.service is assumed, so the above can be shortened to:
sudo systemctl start networking
sudo systemctl stop networking
sudo systemctl status networking
29 network card hardware
To list the network cards you have you can try these commands:
sudo lshw -class network -short # not on a kvm machine man lspci lspci # isn't too long so you may just run this without grep lspci | egrep -i --color 'network|ethernet|wireless|wi-fi' ip -brief -c link show ip -br -c link show ip -br addr show ip -br addr # same thing as line above ip -c addr show enp0s5