If you are thinking of becoming a system administrator, or you are already a system admin, then this article is for you.
As a system admin, your daily routine will include configuring, maintaining, troubleshooting, monitoring, securing networks, and managing servers within data centers. Network configuration and troubleshooting are some important tasks that system admin know to perform.
Sometimes networked systems fail and you as a system admin have to diagnose and resolve the problems. So when it comes to Linux, you as a system admin would get access to numerous tools and utilities in Linux, designed for administrative purposes that we are going to discuss 13 of them today in this article.
Network Configuration, Troubleshooting and Debugging Tools
1. ifconfig Command:
Ifconfig is a system administration utility for network interface configuration in Linux that is used to initialize interfaces at system boot time. Features like configuring, controlling, and querying TCP/IP network interface parameters are available in ifconfig. Setting up the IP address and netmask of any network interface and disabling or enabling any interface are some usages of ifconfig .
The status of IP Address, Hardware / MAC address and MTU (Maximum Transmission Unit) size of the currently active interfaces can be viewed
The status of all active network interfaces can be seen using the following command:-
For listing all interfaces currently available, whether up or down, use the -a flag. like this:
$ ifconfig -a
For assigning an IP address to an interface, run the following command:
$ sudo ifconfig eth0 184.108.40.206 netmask 255.255.255.0
For activating a network interface, use the following command:
$ sudo ifconfig up eth0
For deactivating or shutting down a network interface, run the following command:
$ sudo ifconfig down eth0
2. Ethtool Command:
Ethtool is another command-line utility for displaying and modifying network interface controllers (NICs) parameters & device driver software. This tool is also useful for identifying & diagnosing Ethernet devices, upgrading firmware in flash memory, etc.
For displaying the current parameters for the network interface, use the following command:-
ethtool [network interface]
3. IP Command :
IP command is kind of a replacement of ifconfig command. This command is used to perform different network administration tasks. This command is used to display or manipulate routing, devices, network devices, and tunnels. Although it is similar to ifconfig command but way too powerful including more functions and facilities in it.
To display the IP address and other information about a network interface using the following command:-
$ ip addr show
For temporarily assigning IP Address to a specific network interface (eth0), use the following command:-
$ sudo ip addr add 220.127.116.11 dev eth0
For removing an assigned IP address from a network interface (eth0), use the following command:-
$ sudo ip addr del 18.104.22.168/24 dev eth0
Display the current neighbor table in the kernel, use the following command:-
$ ip neigh
Ifup command, in general, brings the network interface up, which allows the user to transmit and receive data by using the following command:
$ sudo ifup eth0
Ifup command, in general, brings the network interface down, which doesn’t allow the user to transmit and receive data by using the following command:
$ sudo ifdown eth0
To display information about a network interface’s configuration we use ifquery command by using the following command:
sudo ifquery eth0
5. Ping Command:
Ping(Packet INternet Groper) command is a computer network administration software utility to test the reachability between two systems on Local Area Network (LAN) or Wide Area Network (WAN).
For communicating to nodes on a network ping sends Internet Control Message Protocol (ICMP) echo request packets to the targeted host and waits for an ICMP echo reply showing the ping is successful.
For testing connectivity to another node, we have to provide the Ip address /hostname, Syntax look like this:
IPv4: ping <ip address> / <host name> IPv6: ping6 <ip address> / <host name>
By using the -c flag you can also tell ping to exit after a specified number of ECHO_REQUEST packets as follows:
6. Netstat Command:
netstat is a command-line utility used for getting useful information regarding network connections, routing tables, interface statistics. It is also very useful for finding problems in the network and troubleshooting them and also determines the amount of traffic on the network.
As netstat is a network service debugging tool, it is used to check which programs are listening on what ports. To check which program is listening on what port by displaying all TCP ports in listening mode, use the following command:
$ sudo netstat -tnlp
For viewing the kernel routing table, we have to use the -r flag ( equivalent to the running route command that we discussed).
For displaying all ports; (for specifying only TCP use -at, for UDP use -au) use the following command:
$ netstat -a
For displaying transmission/receive (TX/RX) packet statistics for each interface using the -i flag
7. NC Command:
NC (NetCat) is a great security tool or network monitoring tool utility which is often referred to as a Swiss army knife of networking tools.
It is used for reading from and writing to network connections using TCP or UDP. It has some remarkable features that include port scanning, transferring files, and port listening, and it can be used as a backdoor by hackers.
Netcat (nc) implied with Pv command together can be used to transfer files between two computers.
For performing Port Scanning. Run the following command:-
$netcat -z -v 127.0.0.1 1234 (Scanning a single port) $nc -z -v 127.0.0.1 1234 1235 (Scanning multiple ports) $nc -z -v 127.0.0.1 1233-1240 (Scanning a range of ports)
To send an HHTP on any website, suppose here I am sending it on GeeksforGeeks, then use the following command:-
printf “GET /nc.1 HTTPs/1.1\r\nHost: www.geeksforgeeks.org\r\n\r\n” | nc www.geeksforgeeks.org 80
8. Nmap Command:
Nmap (Network Mapper) is a powerful free and open-source network scanner for Linux system/network administrators. To discover hosts and services on a computer network, Nmap is used by sending packets. Nmap features include Port scanning, detects MAC addresses, Version detection, OS detection, Network inventory, network mapping, etc.
We can scan a host using its hostname or IP address, by using the following command:-
nmap google.com nmap <ip adress>
9. NSLookup Command:
Nslookup ( “Name Server Lookup”) is a network administration command-line tool to query DNS servers both interactively and non-interactively to obtain domain name or IP address mapping, and DNS resource records (RR).
IP Address of the domain will be displayed after writing the following command:-
$ nslookup [domain name]
We can also perform a reverse domain-lookup by using the following command:-
$ nslookup [ip adress]
16. dig Command:
dig (domain information groper) command-line tool for querying the Domain Name System. NS-related information such as A Record, CNAME, MX Record, etc is retrieved using this command. NsLookup and host command are replaced by dig command.
10. Tcpdump Command
Tcpdump is a powerful data-network packet analyzer It is used for capturing network traffic in packets that are transmitted or received. System Administrators use this command to troubleshoot connectivity issues in Linux. Tcpdump listens to the network traffic and prints packet information that is based on the different criteria given by us about specific ports, protocols, etc. Captured information is saved in a pcap file, that can be then opened through Wireshark or through the tcpdump command itself.
Syntax: tcpdump -i <interface-name> [ live packets from the specified interface wil be displayed.] tcpdump -i <interface> src <source-ip>[ packets are captured from a particular source IP.] tcpdump -i <interface> dst <destination-ip> [packets are captured from a particular destination IP.] tcpdump -c 5 -i <interface name> [ capture a specific number of packets] tcpdump -w captured.pacs -i <interface name> [ capture and save packets to a file ]
11. Wireshark Utility:
Wireshark is a great utility to capture and analyzing packets in GUI mode in real-time. Wireshark is considered very important as a networking-related professional. The captured data can be saved for later inspection.
12. Iptables Firewall:
iptables is a firewall-like packet-filtering utility used by the system administrator for configuring, maintaining, and inspecting the IP packet filter rules of the Linux kernel firewall. Linux firewall (Netfilter) is set up and managed by iptables. Iptables allow you to add or delete or modify packet filter rules in the existing packet filter rules.
Syntax: iptables -L (lists of all the existing iptables rules.) iptables -A INPUT -i <interface> -p tcp –dport <port-number> -m state –state NEW,ESTABLISHED -j ACCEPT ( it will allow traffic from the specified port number to the specified interface) iptables -A INPUT -i lo -j ACCEPT (allow loopback access to the system)
note: Firewalld and iptables can’t be used at the same time on same server — you must choose one.
Uncomplicated Firewall (UFW) that manages a Netfilter firewall and is a well-known program and default firewall configuration tool on Debian and Ubuntu Linux distributions. It uses iptables for configuration.
Check UFW firewall status, type the following command:
$ sudo ufw status
Active and disable the UFW firewall using the following command:
$ sudo ufw enable $ sudo ufw disable
You can get the Gui version, by typing the following command:
For finding more information about a particular program see the manual page:
$ man programs_name