PING

The ping command is a Command Prompt command used to test the ability of the
source computer to reach a specified destination computer. The ping command is
usually used as a simple way to verify that a computer can communicate over
the network with another computer or network device.

The ping command operates by sending Internet Control Message Protocol (ICMP)
Echo Request messages to the destination computer and waiting for a response.
How many of those responses are returned, and how long it takes for them to return,
are the two major pieces of information that the ping command provides.

For example, you might find that there are no responses when pinging a network
printer, only to find out that the printer is offline and its cable needs replaced. Or
maybe you need to ping a router to verify that your computer can connect to it, to
eliminate it as a possible cause for a networking issue.

The word "ping" is also used online to refer to a brief message, usually over text
message or email. For example, you can "ping your boss," or send her a message,
when you're done with a specific project, but it has nothing to do with the ping
command.

Ping Command Availability

The ping command is available from within the Command Prompt in Windows
10, Windows 8, Windows 7, Windows Vista, and Windows XP operating systems.
The ping command is also available in older versions of Windows like Windows 98
and 95.

The ping command can also be found in Command Prompt in the Advanced Startup
Options and System Recovery Options repair/recovery menus.

The availability of certain ping command switches and other ping command syntax might
differ from operating system to operating system.

Ping Command Syntax

ping [-t] [-a] [-n count] [-l size] [-f] [-i TTL] [-v TOS] [-r count] [-s count] [-w timeout] [-
R] [-S srcaddr] [-p] [-4] [-6] target [/?]

See How to Read Command Syntax if you're not sure how to interpret the ping command
syntax as it's described above or in the table below.

Ping Command Options

Item Explanation
-t Using this option will ping the target until you force it to stop by using Ctrl-C.
-a This ping command option will resolve, if possible, the hostname of an IP
 Ping Command Options
address target.
-ncount This option sets the number of ICMP Echo Requests to send, from 1 to
4294967295. The ping command will send 4 by default if -n isn't used.
-l size Use this option to set the size, in bytes, of the echo request packet from 32 to
65,527. The ping command will send a 32-byte echo request if you don't use the -
l option.
-f Use this ping command option to prevent ICMP Echo Requests from being
fragmented by routers between you and the target. The -f option is most often used
to troubleshoot Path Maximum Transmission Unit (PMTU) issues.
-i TTL This option sets the Time to Live (TTL) value, the maximum of which is 255.
-v TOS This option allows you to set a Type of Service (TOS) value. Beginning in
Windows 7, this option no longer functions but still exists for compatibility reasons.
-rcount Use this ping command option to specify the number of hops between your
computer and the target computer or device that you'd like to be recorded and
displayed. The maximum value for count is 9, so use the tracert command instead if
you're interested in viewing all the hops between two devices.
-scount Use this option to report the time, in Internet Timestamp format, that each echo
request is received and echo reply is sent. The maximum value for count is 4,
meaning that only the first four hops can be time stamped.
- Specifying a timeout value when executing the ping command adjusts the amount
wtimeout of time, in milliseconds, that ping waits for each reply. If you don't use the -
w option, the default timeout value of 4000 is used, which is 4 seconds.
-R This option tells the ping command to trace the round trip path.
- Use this option to specify the source address.
Ssrcaddr
-p Use this switch to ping a Hyper-V Network Virtualization provider address.
-4 This forces the ping command to use IPv4 only but is only necessary if target is a
hostname and not an IP address.
-6 This forces the ping command to use IPv6 only but as with the -4option, is only
necessary when pinging a hostname.
target This is the destination you wish to ping, either an IP address or a hostname.
/? Use the help switch with the ping command to show detailed help about the
command's several options.

The -f, -v, -r, -s, -j, and -k options work when pinging IPv4 addresses only. The -R and -
S options only work with IPv6.

Other less commonly used switches for the ping command exist including [-j host-
list], [-k host-list], and [-c compartment]. Execute ping /? from the Command Prompt
for more information on these options.

You can save the ping command output to a file using a redirection operator. See How to
Redirect Command Output to a File for instructions or see our Command Prompt
Tricks list for more tips.

Ping Command Examples

ping -n 5 -l 1500 www.google.com
In this example, the ping command is used to ping the hostname www.google.com.
The -n option tells the ping command to send 5 ICMP Echo Requests instead of the
default of 4, and the -l option sets the packet size for each request to 1500 bytes
instead of the default of 32 bytes.

The result displayed in the Command Prompt window will look something like this:

Reply from 172.217.1.142: bytes=1500 time=30ms TTL=54

Reply from 172.217.1.142: bytes=1500 time=30ms TTL=54
Reply from 172.217.1.142: bytes=1500 time=29ms TTL=54
Reply from 172.217.1.142: bytes=1500 time=30ms TTL=54
Reply from 172.217.1.142: bytes=1500 time=31ms TTL=54
Ping statistics for 172.217.1.142: Packets: Sent = 5, Received = 5, Lost =
0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 29ms, Maximum = 31ms, Average = 30ms

The 0% loss reported under Ping statistics for 74.217.1.142 explains that each ICMP
Echo Request message sent to www.google.com was returned. This means that, as
far as this network connection goes, it can communicate with Google's website just
fine.

ping 127.0.0.1

In the above example, we're pinging 127.0.0.1, also called the IPv4 localhost IP
address or IPv4 loopback IP address, without options.

Using the ping command to ping 127.0.0.1 is an excellent way to test that Windows'
network features are working properly but it says nothing about your own
network hardware or your connection to any other computer or device. The IPv6
version of this test would be ping ::1.

ping -a 192.168.1.22

In this example, we're asking the ping command to find the hostname assigned to
the 192.168.1.22 IP address, but to otherwise ping it as normal.

The command might resolve the IP address, 192.168.1.22, as the

hostname J3RTY22, for example, and then execute the remainder of the ping with
default settings.

ping 192.168.2.1

Similar to the ping command examples above, this one is used to see if your
computer can reach your router. The only difference here is that instead of using a
ping command switch or pinging the localhost, we're checking the connection
between the computer and the router (192.168.2.1 in this case).

If you're having troubles logging in to your router or accessing the internet at all, see
if your router is accessible with this ping command, of course,
replacing 192.168.2.1 with your router's IP address.
 ping -t -6 SERVER

In this example, we force the ping command to use IPv6 with the -6 option and
continue to ping SERVER indefinitely with the -t option. You can interrupt the ping
manually with Ctrl+C.

tracert

The tracert command is a Command Prompt command that's used to show several
details about the path that a packet takes from the computer or device you're on to
whatever destination you specify.

You might also sometimes see the tracert command referred to as the trace route
command or traceroute command.

Tracert, as it's explained below, applies to Windows only, but the traceroute command is
available for Linux, too.

Tracert Command Availability

The tracert command is available from within the Command Prompt in all
Windows operating systems including Windows 10, Windows 8, Windows
7, Windows Vista, Windows XP, and older versions of Windows as well.

The availability of certain tracert command switches and other tracert

command syntax may differ from operating system to operating system.

Tracert Command Syntax

tracert [-d] [-h MaxHops] [-w TimeOut] [-4] [-6] target [/?]

See How to Read Command Syntax if you're having a hard time understanding the tracert
syntax as it's shown above or explained in the table below.

Tracert Command Options

Item Description
-d This option prevents tracert from resolving IP addresses to hostnames, often
resulting in much faster results.
- This tracert option specifies the maximum number of hops in the search for
hMaxHops the target. If you do not specify MaxHops, and a target has not been found by 30
hops, tracert will stop looking.
-wTimeOut You can specify the time, in milliseconds, to allow each reply before timeout
using this tracert option.
-4 This option forces tracert to use IPv4 only.
-6 This option forces tracert to use IPv6 only.
target This is the destination, either an IP address or hostname.
/? Use the help switch with the tracert command to show detailed help about the
 Tracert Command Options
command's several options.

Other less commonly used options for the tracert command also exist, including [-
jHostList], [-R], and [-S SourceAddress]. Use the help switch with the tracert
command for more information on these options.

Save the lengthy results of a tracert command to a file with a redirection operator. Take a
look at How to Redirect Command Output to a File for help or see Command Prompt
Tricks for this and other helpful tips.

Tracert Command Examples

tracert 192.168.1.1

In the above example, the tracert command is used to show the path from the
networked computer on which the tracert command is being executed by
a networkdevice, in this case, a router on a local network, that's assigned
the 192.168.1.1 IP address.

The result displayed on the screen will look something like this:

Tracing route to 192.168.1.1 over a maximum of 30 hops

1 <1 ms <1 ms <1 ms 192.168.1.254
2 <1 ms <1 ms <1 ms 192.168.1.1
Trace complete.

In this example, you can see that tracert found a network device using the IP
address of 192.168.1.254, let's say a network switch, followed by the
destination, 192.168.1.1, the router.

tracert www.google.com

With the tracert command shown above, we're asking tracert to show us the path
from the local computer all the way to the network device with the
hostname www.google.com.

Tracing route to www.l.google.com [209.85.225.104]

over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms 10.1.0.1
2 35 ms 19 ms 29 ms 98.245.140.1
3 11 ms 27 ms 9 ms te-0-3.dnv.comcast.net [68.85.105.201]
...
13 81 ms 76 ms 75 ms 209.85.241.37
14 84 ms 91 ms 87 ms 209.85.248.102
15 76 ms 112 ms 76 ms iy-f104.1e100.net [209.85.225.104]
Trace complete.

In this example, we can see that tracert identified fifteen network devices including
our router at 10.1.0.1 and all the way through to the target of www.google.com,
which we now know uses the public IP address of 209.85.225.104, one of Google's
many IP addresses.
Hops 4 through 12 were excluded above just to keep the example simple. If you were
executing a real tracert, those results would all show up on screen.

tracert -d www.yahoo.com

With this tracert command example, we're again requesting the path to a website,
this time www.yahoo.com, but now we're preventing tracert from resolving
hostnames by using the -d option.

Tracing route to any-fp.wa1.b.yahoo.com [209.191.122.70]

over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms 10.1.0.1
2 29 ms 23 ms 20 ms 98.245.140.1
3 9 ms 16 ms 14 ms 68.85.105.201
...
13 98 ms 77 ms 79 ms 209.191.78.131
14 80 ms 88 ms 89 ms 68.142.193.11
15 77 ms 79 ms 78 ms 209.191.122.70
Trace complete.

We can see that tracert again identified fifteen network devices including our router
at 10.1.0.1 and all the way through to the target of www.yahoo.com, which we can
assume uses the public IP address of 209.191.122.70.

As you can see, tracert didn't resolve any hostnames this time, which significantly
sped up the process.

tracert -h 3 lifewire.com > z:\tracertresults.txt

In this last example of the tracert command in Windows, we're using -h to limit the
hop count to 3, but instead of displaying the results in Command Prompt, we'll use
the > redirection operator to send it all to a TXT file located on Z:, an external hard
drive.

Here are some example results of this last command:

Tracing route to lifewire.com [151.101.66.114]

over a maximum of 3 hops:
1 <1 ms <1 ms <1 ms testwifi.here [192.168.86.1]
2 1 ms 1 ms <1 ms 192.168.1.1
3 17 ms 16 ms 17 ms giantwls-64-71-222-1.giantcomm.net [64.71.222.1]
Trace complete.

Ipconfig

In Windows, ipconfig is a console application designed to run from the Windows

command prompt. This utility allows you to get the IP address information of a
Windows computer. It also allows some control over active TCP/IP connections.
Ipconfig replaced the older winipcfg utility.

Using ipconfig
From the command prompt, type ipconfig to run the utility with default options. The
output of the default command contains the IP address, network mask, and gateway
for all physical and virtual network adapters.

The ipconfig command supports several command line options. The command

ipconfig /?

displays the set of available options.

Ipconfig /all

This option displays the same IP addressing information for each adapter as the
default option. Additionally, it displays DNS and WINS settings for each adapter.

nThe nslookup (which stands for name server lookup) command is a network utility
program used to obtain information about internet servers. It finds name server
information for domains by querying the Domain Name System.

Most computer operating systems include a built-in command line program with the
same name. Some network providers also host web-based services of this same
utility (like Network-Tools.com). These programs are all designed to perform name
server lookups against specified domains.

How to Use nslookup in Windows

To use the Windows version of nslookup, open Command Prompt and

type nslookup to get a result similar to this one but with entries for the DNS
server and IP addressthat your computer is using:

C:\> nslookup
Server: resolver1.opendns.com
Address: 208.67.222.222
>

This command identifies which DNS server the computer is currently configured to
use for its DNS lookups. As the example shows, this computer is using
an OpenDNSDNS server.

Take note of the small > at the bottom of the command's output. nslookup remains
running in the background after the command is issued. The prompt at the end of the
output lets you enter additional parameters. When you execute nslookupwithout
specifying a domain name, the program enters interactive mode.

Either type the domain name you want the nslookup details for or quit nslookup with
the exit command (or the Ctrl+C keyboard shortcut). You could instead use nslookup
by typing the command before the domain, all on the same line:
nslookup lifewire.com.

Here's an example output:

> nslookup lifewire.com

Non-authoritative answer:
Name: lifewire.com
Addresses: 151.101.193.121
151.101.65.121
151.101.1.121
151.101.129.121

pathping
Provides information about network latency and network loss at intermediate hops
between a source and destination. pathping sends multiple echo Request messages
to each router between a source and destination over a period of time and then
computes results based on the packets returned from each router.
Because pathping displays the degree of packet loss at any given router or link, you
can determine which routers or subnets might be having network problems.

pathping performs the equivalent of the tracert command by identifying which

routers are on the path. It then sends pings periodically to all of the routers over a
specified time period and computes statistics based on the number returned from
each. Used without parameters, pathping displays help.

Syntax
Copy
pathping [/n] [/h] [/g <Hostlist>] [/p <Period>] [/q <NumQueries> [/w <timeout>]
[/i <IPaddress>] [/4 <IPv4>] [/6 <IPv6>][<TargetName>]
Parameters
Parameter Description

/n Prevents pathping from attempting to resolve the IP addresses of intermediate

routers to their names. This might expedite the display of pathping results.

/h Specifies the maximum number of hops in the path to search for the target
<MaximumHops> (destination). The default is 30 hops.

/g <Hostlist> Specifies that the echo Request messages use the Loose Source Route option in
the IP header with the set of intermediate destinations specified in Hostlist. With
loose source routing, successive intermediate destinations can be separated by
one or multiple routers. The maximum number of addresses or names in the host
list is 9. The Hostlist is a series of IP addresses (in dotted decimal notation)
separated by spaces.
Parameter Description

/p <Period> Specifies the number of milliseconds to wait between consecutive pings. The
default is 250 milliseconds (1/4 second).

/q <NumQueries> Specifies the number of echo Request messages sent to each router in the path.
The default is 100 queries.

/w <timeout> Specifies the number of milliseconds to wait for each reply. The default is 3000
milliseconds (3 seconds).

/i <IPaddress> Specifies the source address.

/4 <IPv4> Specifies that pathping uses IPv4 only.

/6 <IPv6> Specifies that pathping uses IPv6 only.

<TargetName> Specifies the destination, which is identified either by IP address or host name.

/? Displays help at the command prompt.

Remarks
 pathping parameters are case-sensitive.
 To avoid network congestion, pings should be sent at a sufficiently slow pace.
 To minimize the effects of burst losses, do not send pings too frequently.
 When using the /p parameter, pings are sent individually to each intermediate
hop. Because of this, the interval between two pings sent to the same hop
is period multiplied by the number of hops.
 When using the /w parameter, multiple pings can be sent in parallel. Because of
this, the amount of time specified in the timeout parameter is not bounded by
the amount of time specified in the Period parameter for waiting between
pings.
 This command is available only if the Internet Protocol (TCP/IP) protocol is
installed as a component in the properties of a network adapter in Network
Connections.
Examples
The following example shows pathping command output:

Copy
D:\>pathping /n corp1
Tracing route to corp1 [10.54.1.196]
over a maximum of 30 hops:
 0 172.16.87.35
1 172.16.87.218
2 192.168.52.1
3 192.168.80.1
4 10.54.247.14
5 10.54.1.196
computing statistics for 125 seconds...
Source to Here This Node/Link
Hop RTT Lost/Sent = Pct Lost/Sent = Pct address
0 172.16.87.35
0/ 100 = 0% |
1 41ms 0/ 100 = 0% 0/ 100 = 0% 172.16.87.218
13/ 100 = 13% |
2 22ms 16/ 100 = 16% 3/ 100 = 3% 192.168.52.1
0/ 100 = 0% |
3 24ms 13/ 100 = 13% 0/ 100 = 0% 192.168.80.1
0/ 100 = 0% |
4 21ms 14/ 100 = 14% 1/ 100 = 1% 10.54.247.14
0/ 100 = 0% |
5 24ms 13/ 100 = 13% 0/ 100 = 0% 10.54.1.196
Trace complete.

When pathping is run, the first results list the path. This is the same path that is
shown using the tracert command. Next, a busy message is displayed for
approximately 90 seconds (the time varies by hop count). During this time,
information is gathered from all routers previously listed and from the links between
them. at the end of this period, the test results are displayed.

In the sample report above, the This Node/Link, Lost/Sent =

Pct and address columns show that the link between 172.16.87.218 and 192.168.52.1
is dropping 13 percent of the packets. The routers at hops 2 and 4 also are dropping
packets addressed to them, but this loss does not affect their ability to forward traffic
that is not addressed to them.

The loss rates displayed for the links, identified as a vertical bar (|) in
the address column, indicate link congestion that is causing the loss of packets that
are being forwarded on the path. The loss rates displayed for routers (identified by
their IP addresses) indicate that these routers might be overloaded

Hostname

A hostname command is used to view a computer’s hostname and domain

name (DNS) (Domain Name Service), and to display or set a computer’s
hostname or domain name.
A hostname is a name that is given to a computer that attached to the
network that uniquely identifies over a network and thus allows it to be
accessed without using its IP address.
The basic syntax for the hostname command is:

# hostname [options] [new_host_name]

If you run hostname command without any options, it will displays the
current host name and domain name of your Linux system.

$ hostname

tecmint
Formatted: Font: (Default) Arial, 13.5 pt, Font color: Custom
Color(RGB(59,141,189)), Border: : (No border)

Show Linux Hostname

If the host name can be resolved, you can display the network address(es)
(IP address) of the host name with the -i flag and the -I option
establishes all configured network interfaces and shows all network
addresses of the host.

$ hostname -i

$ hostname -I

Formatted: Font: (Default) Arial, 13.5 pt, Font color: Custom

Color(RGB(59,141,189)), Border: : (No border)

Show Hostname IP Addresses

To view the name of the DNS domain and FQDN (Fully Qualified Domain
Name) of your machine, use the -f and -d switches respectively. And
the -A enables you to see all the FQDNs of the machine.
$ hostname -d

$ hostname -f

$ hostname -A

Formatted: Font: (Default) Arial, 13.5 pt, Font color: Custom

Color(RGB(59,141,189)), Border: : (No border)

Show Host DNS Names

Route

Using the route Command

Using the route command displays or modifies the computer's routing
table. For a typical computer that has a single network interface and is
connected to a local area network (LAN) that has a router, the routing
table is pretty simple and isn't often the source of network problems. Still,
if you're having trouble accessing other computers or other networks, you
can use the route command to make sure that a bad entry in the
computer's routing table isn't the culprit.

For a computer with more than one interface and that's configured to
work as a router, the routing table is often a major source of trouble.
Setting up the routing table properly is a key part of configuring a router
to work.

Displaying the routing table

To display the routing table (both IPv4 and IPv6) in Windows, use the
route print command. In Unix/Linux, you can just use route without any
command line switches. The output displayed by the Windows and
Unix/Linux commands are similar. Here's an example from a typical
Windows client computer:
C:\>route print
==================================================================
Interface List
8 ...00 12 3f a7 17 ba ...... Intel(R) PRO/100 VE Network Connection
1 ........................... Software Loopback Interface 1
9 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
10 ...00 00 00 00 00 00 00 e0 isatap.{D0F85930-01E2-402F-B0FC-
31DFF887F06F}
==================================================================
IPv4 Route Table
==================================================================
Active Routes:
Network Netmask Gateway Interface Metric
Destination
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.110 276
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.110 276
192.168.1.110 255.255.255.255 On-link 192.168.1.110 276
192.168.1.255 255.255.255.255 On-link 192.168.1.110 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.110 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.110 276
=================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 192.168.1.1 Default
=================================================================
IPv6 Route Table
=================================================================
Active Routes:
If Metric Network Destination Gateway
9 18 ::/0 On-link
1 306 ::1/128 On-link
9 18 2001::/32 On-link
9 266 2001:0:4136:e38c:2c6c:670:3f57:fe91/128
On-link
8 276 fe80::/64 On-link
9 266 fe80::/64 On-link
10 281 fe80::5efe:192.168.1.110/128
On-link
8 276 fe80::cca:9067:9427:a911/128
On-link
9 266 fe80::2c6c:670:3f57:fe91/128
On-link
1 306 ff00::/8 On-link
9 266 ff00::/8 On-link
8 276 ff00::/8 On-link
=================================================================
Persistent Routes:
None
C:\>

For each entry in the routing table, five items of information are listed:
  The destination IP address Actually, this is the address of the
destination subnet, and must be interpreted in the context of the
subnet mask.
 The subnet mask that must be applied to the destination
address to determine the destination subnet
 The IP address of the gateway to which traffic intended for
the destination subnet will be sent
 The IP address of the interface through which the traffic will
be sent to the destination subnet
 The metric, which indicates the number of hops required to
reach destinations via the gateway

Each packet that's processed by the computer is evaluated against the

rules in the routing table. If the packet's destination address matches the
destination subnet for the rule, the packet is sent to the specified gateway
via the specified network interface. If not, the next rule is applied.

The computer on which I ran the route command in this example is on a

private 192.168.1.0 subnet. The computer's IP address is 192.168.1.100,
and the default gateway is a router at 192.168.1.1.

Here's how the rules shown in this example are used. Notice that you
have to read the entries from the bottom up:

 The first rule is for packets sent to 255.255.255.255, with subnet

mask 255.255.255.255. This special IP address is for broadcast
packets. The rule specifies that these broadcast packets should be
delivered to the local network interface (192.168.1.100).
 The next rule is for packets sent to 192.168.1.255, again with
subnet mask 255.255.255.255. These are also broadcast packets
and are sent to the local network interface.
 The next rule is for packets sent to 192.168.1.100, again with
subnet mask 255.255.255.255. This is for packets that the
computer is sending to itself via its own IP address. This rule
specifies that these packets will be sent to the local loopback
interface on 127.0.0.1.
 The next rule is for packets sent to 192.168.1.0, with subnet mask
255.255.255.0. These are packets intended for the local subnet.
They're sent to the subnet via the local interface at 192.169.1.100.
 The next rule is for packets sent to the loopback address
(127.0.0.1, subnet mask 255.0.0.0). These packets are sent
straight through to the loopback interface, 127.0.0.1.
 The last rule is for everything else. All IP addresses will match the
destination IP address 0.0.0.0 with subnet mask 0.0.0.0 and will be
sent to the default gateway router at 192.168.1.1 via the
computer's network interface at 192.168.1.100.
Tip: One major difference between the Windows version of route and the
Unix/ Linux version is the order in which they list the routing table. The
Windows route command lists the table starting with the most general
entry and works toward the most specific. The Unix/Linux version is the
other way around: It starts with the most specific and works toward the
more general. The Unix/Linux order makes more sense - the Windows
route command displays the routing list upside down.

Modifying the routing table

Besides displaying the routing table, the route command also lets you
modify it by adding, deleting, or changing entries.

Warning You shouldn't do this unless you know what you're doing. If you
mess up the routing table, your computer may not be able to
communicate with anyone.

The syntax for the route command for adding, deleting, or changing a
route entry is

route [-p] command dest [mask subnet] gateway [-if interface]

The following list describes each of the route command's parameters:

 -p: Makes the entry persistent. If you omit -p, the entry will be
deleted the next time you reboot. (Use this only with add
commands.)
 command: Add, delete, or change.
 dest: The IP address of the destination subnet.
 mask subnet: The subnet mask. If you omit the subnet mask, the
default is 255.255.255.255, meaning that the entry will apply only
to a single host rather than a subnet. You usually want to include
the mask.
 gateway: The IP address of the gateway to which packets will be
sent.
 -if interface: The IP address of the interface through which packets
will be sent. If your computer has only one network interface, you
can omit this.

Suppose that your network has a second router that serves as a link to
another private subnet, 192.168.2.0 (subnet mask 255.255.255.0). The
interface on the local side of this router is at 192.168.1.200. To add a
static route entry that sends packets intended for the 192.168.2.0 subnet
to this router, use a command like this:

C:\>route -p add 192.168.2.0 mask 255.255.255.0 192.168.1.200

 Now, suppose that you later change the IP address of the router to
192.168.1.222. You can update this route with the following command:

C:\>route change 192.168.2.0 mask 255.255.255.0 192.168.1.222

If you omit the mask from a route change command, the command
changes the mask to 255.255.255.255!

Finally, suppose that you realize that setting up a second router on this
network wasn't such a good idea after all, so you want to just delete the
entry. The following command will do the trick:

C:\>route delete 192.168.2.0

The netstat command, meaning network statistics, is a Command Prompt

commandused to display very detailed information about how your computer is
communicating with other computers or network devices.

Specifically, the netstat command can show details about individual network
connections, overall and protocol-specific networking statistics, and much more, all
of which could help troubleshoot certain kinds of networking issues.

Netstat Command Availability

The netstat command is available from within the Command Prompt in most versions
of Windows including Windows 10, Windows 8, Windows 7, Windows
Vista, Windows XP, Windows Server operating systems, and some older versions of
Windows, too.

netstat is a cross-platform command, which means it's also available in other operating
systems like macOS and Linux.

The availability of certain netstat command switches and other netstat

command syntax may differ from operating system to operating system.

Netstat Command Syntax

netstat [-a] [-b] [-e] [-f] [-n] [-o] [-p protocol] [-r] [-s] [-t] [-x] [-y] [time_interval] [/?]

How to Read Command Syntax

Netstat Command List
Option Explanation
netstat Execute the netstat command alone to show a relatively simple list of all
active TCP connections which, for each one, will show the local IP
address (your computer), the foreign IP address (the other computer or network
device), along with their respective port numbers, as well as the TCP state.
-a This switch displays active TCP connections, TCP connections with the
listening state, as well as UDP ports that are being listened to.
-b This netstat switch is very similar to the -o switch listed below, but instead of
 Netstat Command List
displaying the PID, will display the process's actual file name. Using -b over -
o might seem like it's saving you a step or two but using it can sometimes
greatly extend the time it takes netstat to fully execute.
-e Use this switch with the netstat command to show statistics about your network
connection. This data includes bytes, unicast packets, non-unicast packets,
discards, errors, and unknown protocols received and sent since the connection
was established.
-f The -f switch will force the netstat command to display the Fully Qualified
Domain Name (FQDN) for each foreign IP addresses when possible.
-n Use the -n switch to prevent netstat from attempting to determine host
names for foreign IP addresses. Depending on your current network
connections, using this switch could considerably reduce the time it takes for
netstat to fully execute.
-o A handy option for many troubleshooting tasks, the -o switch displays the
process identifier (PID) associated with each displayed connection. See the
example below for more about using netstat -o.
-p Use the -p switch to show connections or statistics only for a
particular protocol. You can not define more than one protocol at once, nor can
you execute netstat with -p without defining a protocol.
protocol When specifying a protocol with the -p option, you can use tcp, udp, tcpv6,
or udpv6. If you use -s with -p to view statistics by protocol, you can
use icmp, ip, icmpv6, or ipv6 in addition to the first four I mentioned.
-r Execute netstat with -r to show the IP routing table. This is the same as using
the route command to execute route print.
-s The -s option can be used with the netstat command to show detailed statistics
by protocol. You can limit the statistics shown to a particular protocol by using
the -soption and specifying that protocol, but be sure to use -s before -
p protocol when using the switches together.
-t Use the -t switch to show the current TCP chimney offload state in place of the
typically displayed TCP state.
-x Use the -x option to show all NetworkDirect listeners, connections, and shared
endpoints.
-y The -y switch can be used to show the TCP connection template for all
connection. You cannot use -y with any other netstat option.
time_interval This is the time, in seconds, that you'd like the netstat command to re-execute
automatically, stopping only when you use Ctrl-C to end the loop.
/? Use the help switch to show details about the netstat command's several options.

Make all that netstat information in the command line easier to work with by outputting
what you see on the screen to a text file using a redirection operator. See How to
Redirect Command Output to a File for complete instructions.

Netstat Command Examples

netstat -f
In this first example, we execute netstat to show all active TCP connections.
However, we do want to see the computers that we're connected to in FQDN format
[-f] instead of a simple IP address.

Here's an example of what you might see:

Active Connections
Proto Local Address Foreign Address State
TCP 127.0.0.1:5357 VM-Windows-7:49229 TIME_WAIT
TCP 127.0.0.1:49225 VM-Windows-7:12080 TIME_WAIT
TCP 192.168.1.14:49194 75.125.212.75:http CLOSE_WAIT
TCP 192.168.1.14:49196 a795sm.avast.com:http CLOSE_WAIT
TCP 192.168.1.14:49197 a795sm.avast.com:http CLOSE_WAIT
TCP 192.168.1.14:49230 TIM-PC:wsd TIME_WAIT
TCP 192.168.1.14:49231 TIM-PC:icslap ESTABLISHED
TCP 192.168.1.14:49232 TIM-PC:netbios-ssn TIME_WAIT
TCP 192.168.1.14:49233 TIM-PC:netbios-ssn TIME_WAIT
TCP [::1]:2869 VM-Windows-7:49226 ESTABLISHED
TCP [::1]:49226 VM-Windows-7:icslap ESTABLISHED

As you can see, there were 11 active TCP connections at the time netstat was
executed in this example. The only protocol (in the Proto column) listed is TCP,
which was expected because we didn't use -a.

You can also see three sets of IP addresses in the Local Address column — the
actual IP address of 192.168.1.14 and both IPv4 and IPv6 versions of the loopback
addresses, along with the port each connection is using. The Foreign
Address column lists the FQDN (75.125.212.75 didn't resolve for some reason)
along with that port as well.

Finally, the State column lists the TCP state of that particular connection.

netstat -o

In this example, netstat will be run normally so it only shows active TCP connections,
but we also want to see the corresponding process identifier [-o] for each connection
so that we can determine which program on the computer initiated each one.

Here's what the computer displayed:

Active Connections
Proto Local Address Foreign Address State PID
TCP 192.168.1.14:49194 75.125.212.75:http CLOSE_WAIT 2948
TCP 192.168.1.14:49196 a795sm:http CLOSE_WAIT 2948
TCP 192.168.1.14:49197 a795sm:http CLOSE_WAIT 2948

You probably noticed the new PID column. In this case, the PIDs are all the same,
meaning that the same program on the computer opened these connections.

To determine what program is represented by the PID of 2948 on the computer, all
you have to do is open Task Manager, select the Processes tab, and note
the Image Name listed next to the PID we're looking for in the PID column.1
 Using the netstat command with the -o option can be very helpful when tracking
down which program is using too big a share of your bandwidth. It can also help
locate the destination where some kind of malware, or even an otherwise legitimate
piece of software, might be sending information without your permission.

While this and the previous example were both run on the same computer, and within just
a minute of each other, you can see that the list of active TCP connections is
considerably different. This is because your computer is constantly connecting to,
and disconnecting from, various other devices on your network and over the internet.

netstat -0 | findstr 28604

The above example is similar to what we've already looked at, but instead of
displaying all connections, we're telling the netstat command to show only the
connections that are using a specific PID, 28604 in this example.

A similar command could be used to filter out the connections with

a CLOSE_WAITstate, by replacing the PID with ESTABLISHED.

netstat -s -p tcp -f

In this example, we want to see protocol specific statistics [-s] but not all of them, just
TCP stats [-p tcp]. We also want the foreign addresses displayed in FQDN format [-
f].

This is what the netstat command, as shown above, produced on the example
computer:

TCP Statistics for IPv4

Active Opens = 77
Passive Opens = 21
Failed Connection Attempts = 2
Reset Connections = 25
Current Connections = 5
Segments Received = 7313
Segments Sent = 4824
Segments Retransmitted = 5
Active Connections
Proto Local Address Foreign Address State
TCP 127.0.0.1:2869 VM-Windows-7:49235 TIME_WAIT
TCP 127.0.0.1:2869 VM-Windows-7:49238 ESTABLISHED
TCP 127.0.0.1:49238 VM-Windows-7:icslap ESTABLISHED
TCP 192.168.1.14:49194 75.125.212.75:http CLOSE_WAIT
TCP 192.168.1.14:49196 a795sm.avast.com:http CLOSE_WAIT
TCP 192.168.1.14:49197 a795sm.avast.com:http CLOSE_WAIT

As you can see, various statistics for the TCP protocol are displayed, as are all
active TCP connections at the time.

netstat -e -t 5
In this final example, netstat command is executed to show some basic network
interface statistics [-e] and so that these statistics continually updated in the
command window every five seconds [-t 5].

Here's what's produced on screen:

Interface Statistics
Received Sent
Bytes 22132338 1846834
Unicast packets 19113 9869
Non-unicast packets 0 0
Discards 0 0
Errors 0 0
Unknown protocols 0
Interface Statistics
Received Sent
Bytes 22134630 1846834
Unicast packets 19128 9869
Non-unicast packets 0 0
Discards 0 0
Errors 0 0
Unknown protocols 0
^C

Various pieces of information, which you can see here and that we listed in the -
esyntax above, are displayed.

UBUNTU Commands

Tcpdump
tcpdump is a most powerful and widely used command-line packets sniffer
or package analyzer tool which is used to capture or filter TCP/IP packets
that received or transferred over a network on a specific interface. It is
available under most of the Linux/Unix based operating systems. tcpdump
also gives us a option to save captured packets in a file for future analysis.
It saves the file in a pcap format, that can be viewed by tcpdump command
or a open source GUI based tool called Wireshark (Network Protocol
Analyzier) that reads tcpdump pcap format files.

How to Install tcpdump in Linux

Many of Linux distributions already shipped with tcpdump tool, if in case you
don’t have it on systems, you can install it using following Yum command.
# yum install tcpdump
Once tcpdump tool is installed on systems, you can continue to browse
following commands with their examples.
1. Capture Packets from Specific Interface
The command screen will scroll up until you interrupt and when we
execute tcpdump command it will captures from all the interfaces, however
with -i switch only capture from desire interface.
# tcpdump -i eth0

tcpdump: verbose output suppressed, use -v or -vv for

full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture
size 65535 bytes
11:33:31.976358 IP 172.16.25.126.ssh >
172.16.25.125.apwi-rxspooler: Flags [P.], seq
3500440357:3500440553, ack 3652628334, win 18760,
length 196
11:33:31.976603 IP 172.16.25.125.apwi-rxspooler >
172.16.25.126.ssh: Flags [.], ack 196, win 64487,
length 0
11:33:31.977243 ARP, Request who-has tecmint.com tell
172.16.25.126, length 28
11:33:31.977359 ARP, Reply tecmint.com is-at
00:14:5e:67:26:1d (oui Unknown), length 46
11:33:31.977367 IP 172.16.25.126.54807 > tecmint.com:
4240+ PTR? 125.25.16.172.in-addr.arpa. (44)
11:33:31.977599 IP tecmint.com > 172.16.25.126.54807:
4240 NXDomain 0/1/0 (121)
11:33:31.977742 IP 172.16.25.126.44519 > tecmint.com:
40988+ PTR? 126.25.16.172.in-addr.arpa. (44)
11:33:32.028747 IP 172.16.20.33.netbios-ns >
172.16.31.255.netbios-ns: NBT UDP PACKET(137): QUERY;
REQUEST; BROADCAST
11:33:32.112045 IP 172.16.21.153.netbios-ns >
172.16.31.255.netbios-ns: NBT UDP PACKET(137): QUERY;
REQUEST; BROADCAST
11:33:32.115606 IP 172.16.21.144.netbios-ns >
172.16.31.255.netbios-ns: NBT UDP PACKET(137): QUERY;
REQUEST; BROADCAST
11:33:32.156576 ARP, Request who-has 172.16.16.37 tell
old-oraclehp1.midcorp.mid-day.com, length 46
11:33:32.348738 IP tecmint.com > 172.16.25.126.44519:
40988 NXDomain 0/1/0 (121)

2. Capture Only N Number of Packets

When you run tcpdump command it will capture all the packets for specified
interface, until you Hit cancel button. But using -c option, you can capture
specified number of packets. The below example will only
capture 6packets.
# tcpdump -c 5 -i eth0

tcpdump: verbose output suppressed, use -v or -vv for

full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture
size 65535 bytes
11:40:20.281355 IP 172.16.25.126.ssh >
172.16.25.125.apwi-rxspooler: Flags [P.], seq
3500447285:3500447481, ack 3652629474, win 18760,
length 196
11:40:20.281586 IP 172.16.25.125.apwi-rxspooler >
172.16.25.126.ssh: Flags [.], ack 196, win 65235,
length 0
11:40:20.282244 ARP, Request who-has tecmint.com tell
172.16.25.126, length 28
11:40:20.282360 ARP, Reply tecmint.com is-at
00:14:5e:67:26:1d (oui Unknown), length 46
11:40:20.282369 IP 172.16.25.126.53216 >
tecmint.com.domain: 49504+ PTR? 125.25.16.172.in-
addr.arpa. (44)
11:40:20.332494 IP tecmint.com.netbios-ssn >
172.16.26.17.nimaux: Flags [P.], seq
3058424861:3058424914, ack 693912021, win 64190, length
53 NBT Session Packet: Session Message
6 packets captured
23 packets received by filter
0 packets dropped by kernel

4. Display Available Interfaces

To list number of available interfaces on the system, run the following
command with -D option.
# tcpdump -D

1.eth0
2.eth1
3.usbmon1 (USB bus number 1)
4.usbmon2 (USB bus number 2)
5.usbmon3 (USB bus number 3)
6.usbmon4 (USB bus number 4)
7.usbmon5 (USB bus number 5)
8.any (Pseudo-device that captures on all interfaces)
9.lo

6. Capture and Save Packets in a File

As we said, that tcpdump has a feature to capture and save the file in
a .pcap format, to do this just execute command with -w option.
# tcpdump -w 0001.pcap -i eth0

tcpdump: listening on eth0, link-type EN10MB

(Ethernet), capture size 65535 bytes
4 packets captured
4 packets received by filter
0 packets dropped by kernel

7. Read Captured Packets File

To read and analyze captured packet 0001.pcap file use the command with -
r option, as shown below.
# tcpdump -r 0001.pcap

reading from file 0001.pcap, link-type EN10MB

(Ethernet)
09:59:34.839117 IP 192.168.0.2.ssh > 192.168.0.1.nokia-
ann-ch1: Flags [P.], seq 3353041614:3353041746, ack
4193563273, win 18760, length 132
09:59:34.963022 IP 192.168.0.1.nokia-ann-ch1 >
192.168.0.2.ssh: Flags [.], ack 132, win 65351, length
0
09:59:36.935309 IP 192.168.0.1.netbios-dgm >
192.168.0.255.netbios-dgm: NBT UDP PACKET(138)
09:59:37.528731 IP 192.168.0.1.nokia-ann-ch1 >
192.168.0.2.ssh: Flags [P.], seq 1:53, ack 132, win
65351, length 5

8. Capture IP address Packets

To capture packets for a specific interface, run the following command with
option -n.
# tcpdump -n -i eth0
tcpdump: verbose output suppressed, use -v or -vv for
full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture
size 65535 bytes
12:07:03.952358 IP 172.16.25.126.ssh >
172.16.25.125.apwi-rxspooler: Flags [P.], seq
3509512873:3509513069, ack 3652639034, win 18760,
length 196
12:07:03.952602 IP 172.16.25.125.apwi-rxspooler >
172.16.25.126.ssh: Flags [.], ack 196, win 64171,
length 0
12:07:03.953311 IP 172.16.25.126.ssh >
172.16.25.125.apwi-rxspooler: Flags [P.], seq 196:504,
ack 1, win 18760, length 308
12:07:03.954288 IP 172.16.25.126.ssh >
172.16.25.125.apwi-rxspooler: Flags [P.], seq 504:668,
ack 1, win 18760, length 164
12:07:03.954502 IP 172.16.25.125.apwi-rxspooler >
172.16.25.126.ssh: Flags [.], ack 668, win 65535,
length 0
12:07:03.955298 IP 172.16.25.126.ssh >
172.16.25.125.apwi-rxspooler: Flags [P.], seq 668:944,
ack 1, win 18760, length 276
12:07:03.955425 IP 172.16.23.16.netbios-ns >
172.16.31.255.netbios-ns: NBT UDP PACKET(137):
REGISTRATION; REQUEST; BROADCAST
12:07:03.956299 IP 172.16.25.126.ssh >
172.16.25.125.apwi-rxspooler: Flags [P.], seq 944:1236,
ack 1, win 18760, length 292
12:07:03.956535 IP 172.16.25.125.apwi-rxspooler >
172.16.25.126.ssh: Flags [.], ack 1236, win 64967,
length 0

9. Capture only TCP Packets.

To capture packets based on TCP port, run the following command with
option tcp.
# tcpdump -i eth0 tcp

tcpdump: verbose output suppressed, use -v or -vv for

full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture
size 65535 bytes
12:10:36.216358 IP 172.16.25.126.ssh >
172.16.25.125.apwi-rxspooler: Flags [P.], seq
3509646029:3509646225, ack 3652640142, win 18760,
length 196
12:10:36.216592 IP 172.16.25.125.apwi-rxspooler >
172.16.25.126.ssh: Flags [.], ack 196, win 64687,
length 0
12:10:36.219069 IP 172.16.25.126.ssh >
172.16.25.125.apwi-rxspooler: Flags [P.], seq 196:504,
ack 1, win 18760, length 308
12:10:36.220039 IP 172.16.25.126.ssh >
172.16.25.125.apwi-rxspooler: Flags [P.], seq 504:668,
ack 1, win 18760, length 164
12:10:36.220260 IP 172.16.25.125.apwi-rxspooler >
172.16.25.126.ssh: Flags [.], ack 668, win 64215,
length 0
12:10:36.222045 IP 172.16.25.126.ssh >
172.16.25.125.apwi-rxspooler: Flags [P.], seq 668:944,
ack 1, win 18760, length 276
12:10:36.223036 IP 172.16.25.126.ssh >
172.16.25.125.apwi-rxspooler: Flags [P.], seq 944:1108,
ack 1, win 18760, length 164
12:10:36.223252 IP 172.16.25.125.apwi-rxspooler >
172.16.25.126.ssh: Flags [.], ack 1108, win 65535,
length 0
^C12:10:36.223461 IP mid-pay.midcorp.mid-
day.com.netbios-ssn > 172.16.22.183.recipe: Flags [.],
seq 283256512:283256513, ack 550465221, win 65531,
length 1[|SMB]

10. Capture Packet from Specific Port

Let’s say you want to capture packets for specific port 22, execute the
below command by specifying port number 22 as shown below.
# tcpdump -i eth0 port 22

tcpdump: verbose output suppressed, use -v or -vv for

full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture
size 65535 bytes
10:37:49.056927 IP 192.168.0.2.ssh > 192.168.0.1.nokia-
ann-ch1: Flags [P.], seq 3364204694:3364204890, ack
4193655445, win 20904, length 196
10:37:49.196436 IP 192.168.0.2.ssh > 192.168.0.1.nokia-
ann-ch1: Flags [P.], seq 4294967244:196, ack 1, win
20904, length 248
10:37:49.196615 IP 192.168.0.1.nokia-ann-ch1 >
192.168.0.2.ssh: Flags [.], ack 196, win 64491, length
0
10:37:49.379298 IP 192.168.0.2.ssh > 192.168.0.1.nokia-
ann-ch1: Flags [P.], seq 196:616, ack 1, win 20904,
length 420
10:37:49.381080 IP 192.168.0.2.ssh > 192.168.0.1.nokia-
ann-ch1: Flags [P.], seq 616:780, ack 1, win 20904,
length 164
10:37:49.381322 IP 192.168.0.1.nokia-ann-ch1 >
192.168.0.2.ssh: Flags [.], ack 780, win 65535, length
0

11. Capture Packets from source IP

To capture packets from source IP, say you want to capture packets
for 192.168.0.2, use the command as follows.
# tcpdump -i eth0 src 192.168.0.2

tcpdump: verbose output suppressed, use -v or -vv for

full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture
size 65535 bytes
10:49:15.746474 IP 192.168.0.2.ssh > 192.168.0.1.nokia-
ann-ch1: Flags [P.], seq 3364578842:3364579038, ack
4193668445, win 20904, length 196
10:49:15.748554 IP 192.168.0.2.56200 >
b.resolvers.Level3.net.domain: 11289+ PTR?
1.0.168.192.in-addr.arpa. (42)
10:49:15.912165 IP 192.168.0.2.56234 >
b.resolvers.Level3.net.domain: 53106+ PTR?
2.0.168.192.in-addr.arpa. (42)
10:49:16.074720 IP 192.168.0.2.33961 >
b.resolvers.Level3.net.domain: 38447+ PTR? 2.2.2.4.in-
addr.arpa. (38)

12. Capture Packets from destination IP

To capture packets from destination IP, say you want to capture packets
for 50.116.66.139, use the command as follows.
# tcpdump -i eth0 dst 50.116.66.139
tcpdump: verbose output suppressed, use -v or -vv for
full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture
size 65535 bytes
10:55:01.798591 IP 192.168.0.2.59896 >
50.116.66.139.http: Flags [.], ack 2480401451, win 318,
options [nop,nop,TS val 7955710 ecr 804759402], length
0
10:55:05.527476 IP 192.168.0.2.59894 >
50.116.66.139.http: Flags [F.], seq 2521556029, ack
2164168606, win 245, options [nop,nop,TS val 7959439
ecr 804759284], length 0
10:55:05.626027 IP 192.168.0.2.59894 >
50.116.66.139.http: Flags [.], ack 2,

Ifconfig

Description
ifconfig stands for "interface
configuration." It is used to view and
change the configuration of the network
interfaces on your system.

Running the ifconfig command with no

arguments, like this:

ifconfig

...displays information about all network

interfaces currently in operation. The
output will resemble the following:

eth0 Link encap:Ethernet HWaddr

09:00:12:90:e3:e5
 inet addr:192.168.1.29 Bcast:192.168.1.255
Mask:255.255.255.0

inet6 addr: fe80::a00:27ff:fe70:e3f5/64

Scope:Link

UP BROADCAST RUNNING MULTICAST MTU:1500

Metric:1

RX packets:54071 errors:1 dropped:0

overruns:0 frame:0

TX packets:48515 errors:0 dropped:0

overruns:0 carrier:0

collisions:0 txqueuelen:1000

RX bytes:22009423 (20.9 MiB) TX

bytes:25690847 (24.5 MiB)

Interrupt:10 Base address:0xd020

lo Link encap:Local Loopback

inet addr:127.0.0.1 Mask:255.0.0.0

inet6 addr: ::1/128 Scope:Host

UP LOOPBACK RUNNING MTU:16436 Metric:1

RX packets:83 errors:0 dropped:0 overruns:0

frame:0
 TX packets:83 errors:0 dropped:0 overruns:0
carrier:0

collisions:0 txqueuelen:0

RX bytes:7766 (7.5 KiB) TX bytes:7766 (7.5

KiB)

wlan0 Link encap:Ethernet HWaddr

58:a2:c2:93:27:36

inet addr:192.168.1.64 Bcast:192.168.2.255

Mask:255.255.255.0

inet6 addr: fe80::6aa3:c4ff:fe93:4746/64

Scope:Link

UP BROADCAST RUNNING MULTICAST MTU:1500

Metric:1

RX packets:436968 errors:0 dropped:0

overruns:0 frame:0

TX packets:364103 errors:0 dropped:0

overruns:0 carrier:0

collisions:0 txqueuelen:1000

RX bytes:115886055 (110.5 MiB) TX

bytes:83286188 (79.4 MiB)
Here, eth0, lo and wlan0 are the names
of the active network interfaces on the
system.

 eth0 is the first Ethernet interface. (Additional

Ethernet interfaces would be named eth1, eth2,

etc.) This type of interface is usually

a NICconnected to the network by a category

5 cable.

 lo is the loopback interface. This is a special

network interface that the system uses to

communicate with itself.

 wlan0 is the name of the first wireless

network interface on the system. Additional

wireless interfaces would be

named wlan1, wlan2, etc.

These are the traditional naming

conventions for network interfaces under
Linux; other operating systems may have
different names. For instance, under
many BSD operating systems, Ethernet
interfaces are named em0, em1, etc.
Check your configuration, or consult your
documentation, to determine the exact
names of your interfaces.

Viewing the configuration of all interfaces

If you'd like to view the configuration of all

network interfaces on the system (not just
the ones that are currently active), you
can specify the -a option, like this:

ifconfig -a

This will produce output similar to

running ifconfig, but if there are any
inactive interfaces on the system, their
configuration will also be displayed.

Viewing the configuration of a specific interface

To view the configuration of a specific

interface, specify its name as an option.
For instance,

ifconfig eth0

...displays the configuration of

device eth0 only.

Examples
ifconfig

Running ifconfig with no options displays

the configuration of all active interfaces.

ifconfig -a

Displays the configuration of all interfaces,

both active and inactive.
ifconfig eth0

View the network settings on the

interface eth0, which (under Linux) is the
first Ethernet adapter installed in the
system.

ifconfig eth1 up

Activate the network interface eth1.

ifconfig wlan0 down

Deactivate the network interface wlan0.

ifconfig wlan1 122.140.201.66

Configure the network interface wlan1 to

use the static IP
address 122.140.201.66.

Route

In computer networking, a router is a

device responsible for forwarding network
traffic. When datagrams arrive at a router,
the router must determine the best way
to route them to their destination.

On Linux, BSD, and other Unix-like

systems, the route command is used to
view and make changes to
the kernel routing table. The command
syntax is different on different systems;
here, when it comes to specific command
syntax, we'll be discussing the Linux
version.

Running route at the command line

without any options displays the routing
table entries:

route

Kernel IP routing table

Destination Gateway Genmask Flags

Metric Ref Use Iface

default 192.168.1.2 0.0.0.0 UG

1024 0 0 eth0

192.168.1.0 * 255.255.255.0 U
0 0 0 eth0

This shows us how the system is currently

configured. If a packet comes into the
system and has a destination in the
range 192.168.1.0 through 192.168.1.2
55, then it is forwarded to the gateway *,
which is 0.0.0.0— a special address which
represents an invalid or non-existant
destination. So, in this case, our system
will not route these packets.
If the destination is not in this IP address
range, it is forwarded to the default
gateway (in this case, 192.168.1.2, and
that system will determine how to forward
the traffic on to the next step towards its
destination.

Host

host command in Linux with examples

host command in Linux system is used for DNS (Domain Name System) lookup operations.
In simple words, this command is used to find the IP address of a particular domain name or
if you want to find out the domain name of a particular IP address the host command
becomes handy. You can also find more specific details of a domain by specifying the
corresponding option along with the domain name.
Syntax:
host [-aCdlriTWV] [-c class] [-N ndots] [-t type] [-W time]
[-R number] [-m flag] hostname [server]
host command without any option: It will print the general syntax of the command along
with the various options that can be used with the host command as well as gives a brief
description about each option.
Example:
Different options with the host command:
 host domain_name: This will print the IP address details of the specified domain.
Example:
host geeksforgeeks.org

 host IP_Address: This will display the domain details of the specified IP Address.
Example:
host 52.25.109.230

Tracepath
tracepath command in Linux with Examples
tracepath command in Linux is used to traces path to destination discovering MTU along
this path. It uses UDP port or some random port. It is similar to traceroute, but it does not
require superuser privileges and has no fancy options. tracepath6 is a good replacement
for traceroute6 and classic example of the application of Linux error queues. The situation
with IPv4 is worse because commercial IP routers do not return enough information in ICMP
error messages. Probably, it will change, when they will be updated. For now, it uses Van
Jacobson’s trick, sweeping a range of UDP ports to maintain trace history.
Syntax:
tracepath [-n] [-b] [-l pktlen] [-m max_hops] [-p port] destination
Example:
 tracepath command without any option: It will print the general syntax of the
command along with the various options that can be used with the tracepath command
as well as gives a brief description about each option.

 In the following example using tracepath command we are trying to trace path to
destination for google.com.
tracepath www.google.com
Options:
 tracepath -n: This option prints primarily IP addresses numerically.
Example:
tracepath -n www.google.com
 tracepath -b: This option print both of host names and IP addresses.
Example:
tracepath -b www.google.com