Linux Networking
Network interface configuration, socket inspection, NetworkManager control, and DNS diagnostics.
IP Address Management
Show all interfaces with addresses
ip addr showShow only IPv4 addresses — cut the noise
ip -4 addr showShow a specific interface
ip addr show dev eth0Add an IP address temporarily — lost on reboot
sudo ip addr add 10.50.1.100/24 dev eth0Remove an IP address
sudo ip addr del 10.50.1.100/24 dev eth0Link Layer
Show link status for all interfaces — UP/DOWN, MTU, MAC
ip link showBring an interface up or down
sudo ip link set eth0 up
sudo ip link set eth0 downSet MTU — jumbo frames for storage networks
sudo ip link set eth0 mtu 9000Routing
Show routing table
ip route showShow the route a packet would take to a destination
ip route get 8.8.8.8Add a static route
sudo ip route add 192.168.100.0/24 via 10.50.1.1 dev eth0Add a default gateway
sudo ip route add default via 10.50.1.1Delete a route
sudo ip route del 192.168.100.0/24Socket Statistics — ss
ss replaced netstat. Faster, more information, same muscle memory.
Show all listening TCP ports with process names
sudo ss -tlnpFlags: -t TCP, -l listening, -n numeric (no DNS), -p process.
Show all established connections
ss -tn state establishedShow listening UDP sockets
sudo ss -ulnpFilter by port — what’s listening on 443?
sudo ss -tlnp sport = :443Show socket memory usage and timer info
ss -tmiNetworkManager — nmcli
Show all connections
nmcli connection showShow active connections only
nmcli connection show --activeShow device status
nmcli device statusCreate a static IP connection
sudo nmcli connection add type ethernet con-name "static-eth0" ifname eth0 \
ipv4.addresses 10.50.1.100/24 \
ipv4.gateway 10.50.1.1 \
ipv4.dns "10.50.1.50" \
ipv4.method manualModify an existing connection — change DNS
sudo nmcli connection modify "static-eth0" ipv4.dns "10.50.1.50 8.8.8.8"Activate a connection profile
sudo nmcli connection up "static-eth0"Deactivate a connection
sudo nmcli connection down "static-eth0"Switch from DHCP to static
sudo nmcli connection modify "eth0" ipv4.method manual ipv4.addresses 10.50.1.100/24 ipv4.gateway 10.50.1.1
sudo nmcli connection up "eth0"Reload connection files from disk
sudo nmcli connection reloadHostname
Show current hostname
hostnamectlSet hostname persistently
sudo hostnamectl set-hostname server01.example.comDNS Tools
Query a DNS record — dig is the standard tool
dig example.com AShort answer only
dig +short example.comQuery a specific DNS server
dig @10.50.1.50 example.comReverse DNS lookup
dig -x 10.50.1.50nslookup — simpler but less powerful
nslookup example.com 10.50.1.50/etc/hosts — local name resolution, checked before DNS
10.50.1.50 dc01.inside.domusdigitalis.dev dc01 10.50.1.20 ise-01.inside.domusdigitalis.dev ise-01
/etc/resolv.conf — DNS client configuration
search inside.domusdigitalis.dev nameserver 10.50.1.50 nameserver 8.8.8.8
On systems with NetworkManager, edit DNS via nmcli, not by editing resolv.conf directly.
Firewall — firewalld
Check firewall status
sudo firewall-cmd --stateList all rules in the default zone
sudo firewall-cmd --list-allAdd a service permanently
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reloadAdd a port permanently
sudo firewall-cmd --permanent --add-port=8443/tcp
sudo firewall-cmd --reloadRemove a service
sudo firewall-cmd --permanent --remove-service=http
sudo firewall-cmd --reloadList available services
sudo firewall-cmd --get-servicesAdd a rich rule — source-based access control
sudo firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="10.50.1.0/24" service name="ssh" accept'
sudo firewall-cmd --reloadDiagnostics
Ping — basic connectivity test
ping -c 4 10.50.1.1Traceroute — show path to destination
tracepath 10.50.1.1curl — test HTTP endpoints, follow redirects, show headers
curl -ILs https://example.com | head -20tcpdump — capture packets on an interface (requires root)
sudo tcpdump -i eth0 -nn port 53 -c 20Flags: -nn no name/port resolution, -c 20 capture 20 packets then stop.
tcpdump write to file for Wireshark analysis
sudo tcpdump -i eth0 -w /tmp/capture.pcap -c 1000