Network administration tools

netconf

(as root) A very good menu-driven setup for your network.

ping machine_name

Check if you can contact another machine (give the machine's name or IP), press <Ctrl>C when done (without <Ctrl>c, the command keeps going). As all Linux commands, ping has options, including the "ping of death" attack, when it seems you can ping some servers so they die--try the the opitons -f and -s.

route -n

Show the kernel routing table.

host host_to_find

nslookup host_to_find

dig ip_to_find

(Three commands, use any.) Query your default domain name server (DNS) for an Internet name (or IP number) host_to_find. This way you can check if your DNS works. You can also find out the name of the host of which you only know the IP number.

traceroute host_to_trace

Have a look how your messages trace to host_to_trace (which is either a host name or IP number).

mtr host_to_trace

(as root) A powerful and nice tool that combines the functionality of the older ping and traceroute (RH7.0)

nmblookup -A ip_address

Status of a networked MS Windows machine (with an NetBIOS name). This command is an equivalent of Windows nbtstat command.

ipfwadm -F -p m

(for RH5.2, see the next command for RH6.0) Set up the firewall IP forwarding policy to masquerading. (Not very secure but simple.) Purpose: all computers from your home network will appear to the outside world as one very busy machine and, for example, you will be allowed to browse the Internet from all computers at once.

echo 1 > /proc/sys/net/ipv4/ip_forward

ipfwadm-wrapper -F -p deny

ipfwadm-wrapper -F -a m -S xxx.xxx.xxx.0/24 -D 0.0.0.0/0

(three commands, RH6.0). Does the same as the previous command. Substitute the "x"s with digits of your class "C" IP address that you assigned to your home network. See here(FAQ.htm#masquerading) for more details.

ipchains -P forward DENY

ipchains -A forward -s xxx.xxx.xxx.0/24 -d 0.0.0.0/0 -j MASQ

(two commands, RH7.0). Same as previous commands, but works under RH7.0.

ipchains -L

List all firewall rules. Use to check if your firewalling setup works.

iptables -L

Linux kernel 2.4.x uses new firewalling "iptables". The above example lists the firewall rules.

firewall-config

(as root, in Xterm). A GUI for building your custom firewall.

ifconfig

(as root) Display info on the network interfaces currently active (ethernet, ppp, etc). Your first ethernet should show up as eth0, second as eth1, etc, first ppp over modem as ppp0, second as ppp1, etc. The "lo" is the "loopback only" interface which should be always active. Use the options (see ifconfig --help) to configure the interfaces.

ifup interface_name

(/sbin/ifup to run as a user) Startup a network interface. E.g.:

ifup eth0

ifup ppp0

ifup ppp1

Users can start up or shutdown the ppp interface only when the permission is given in the ppp setup (using netconf ). To start a ppp interface (dial-up connection), I normally use kppp available under the KDE "K" menu (or by typing kppp in an X-terminal).

/etc/rc.d/init.d/network restart

Restart the network using its normal initialization script (the same which is used during bootup). Useful if you just have manually made changes to your network configuration. Any other service listed in init.d can be stopped, started, or restarted in a similar way (call the script with an options stop, start or restart).

ifdown interface_name

(/sbin/ifdown to run it as a user). Shut down the network interface. E.g.: ifdown ppp0 Also, see the previous command.

netstat | more

Displays a lot (too much?) information on the status of your network.

/usr/sbin/mtr --gtk

(as root, in X windows if you wish the nice gtk-based interface). Network diagnostic tool combining the capabilities of traceroute and ping. Comes with RH7.0.

nmap ip_number

Map the ports on the machine with ip_number. REALLY useful to establish the security of your network configuration as you can see the opened ports. nmap is included on the RH7.0 "Linux PowerTools" CD, as is a convenient GUI front end, "nmapfe". nmap can also do operating system "fingerprinting". Normally, people (and their ISPs) don't like their computer ports being scanned (they view it as possibly probing before an attack) so they may complain if they find out--learn how to use nmap on your own computers else you will soon hear from your ISP (the complaints will go to them). How do I know this?

ethereal

(as root, in Xterminal) Network analyzer--view the network trafic going through your computer. Included on the RH7.0 "Linux PowerTools" CD. Using ethereal may be unethical in some situations, and unauthorized use in the workplace could be a fireable offence.

tcpdump -i ppp0 -a -x

(as root) Print all the network traffic going through the first over-the-phone interface (ppp0) as ascii and hexadecimal. Probably too much printout. tcpdump is a rather raw tool and it can be useful for building more "customized" tools for listening to/log what you need.