Networking CLI commands Here’s an extensive list of advanced and detailed networking CLI commands, categorized by the systems they are used on: Unix-like systems (including Linux, macOS, and BSD), Windows, and others.
-
Display network interfaces:
ifconfig
(Linux, macOS, BSD)
-
Display network interfaces (modern replacement):
ip a
(Linux)
-
Display routing table:
netstat -r
(Linux, macOS, BSD)
-
Display routing table (modern replacement):
ip route
(Linux)
-
Display ARP table:
arp -a
(Linux, macOS, BSD)
-
Assign multiple IP addresses to an interface:
ip addr add IP_ADDRESS1/NETMASK dev INTERFACE ip addr add IP_ADDRESS2/NETMASK dev INTERFACE
(Linux)
-
Configure interface with VLAN tagging:
ip link add link INTERFACE name INTERFACE.VLAN_ID type vlan id VLAN_ID ip addr add IP_ADDRESS/NETMASK dev INTERFACE.VLAN_ID(Linux)
-
Set up static routes with metrics:
ip route add DESTINATION_NETWORK/MASK via GATEWAY_IP dev INTERFACE metric METRIC
(Linux)
-
Configure IP aliases for dynamic IPs:
ip addr add IP_ADDRESS/NETMASK broadcast BROADCAST dev INTERFACE
(Linux)
-
Add a custom DNS resolver:
echo "nameserver DNS_IP" | sudo tee -a /etc/resolv.conf
(Linux, macOS)
-
Perform a traceroute with TCP packets:
tcptraceroute HOSTNAME PORT
(Linux)
-
Check for packet loss and jitter:
mtr HOSTNAME
(Linux, macOS)
-
Perform a bandwidth test:
iperf3 -c SERVER_IP -t TIME
(Linux, macOS)
-
Display detailed network statistics with extended info:
netstat -st
(Linux, macOS, BSD)
-
Monitor network traffic in real-time with filters:
tcpdump -i INTERFACE -nn -vvv -s0 'tcp port PORT'(Linux, macOS)
-
Analyze network traffic and create statistics report:
wireshark
(Linux, macOS)
-
Configure a firewall with complex rules using
iptables:iptables -A INPUT -p tcp --dport PORT -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -p udp --dport PORT -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -j DROP
(Linux)
-
Set up IP filtering rules with
nftables:nft add table ip filter nft add chain ip filter input { type filter hook input priority 0; } nft add rule ip filter input ip saddr SOURCE_IP tcp dport PORT accept nft add rule ip filter input drop(Linux)
-
Secure an SSH connection with key-based authentication and specific options:
ssh -i PRIVATE_KEY_FILE -o "StrictHostKeyChecking=yes" -o "UserKnownHostsFile=/path/to/known_hosts" USER@HOSTNAME
(Linux, macOS, BSD)
-
Configure and manage network security policies with
firewalld:firewall-cmd --zone=public --add-port=PORT/tcp --permanent firewall-cmd --reload
(Linux)
-
Implement IPsec VPN tunnels with strongSwan:
ipsec up CONNECTION_NAME ipsec down CONNECTION_NAME
(Linux)
-
Set up network traffic shaping with
tc:tc qdisc add dev INTERFACE root handle 1: htb default 12 tc class add dev INTERFACE parent 1: classid 1:1 htb rate 1mbit tc qdisc add dev INTERFACE parent 1:1 handle 10: pfifo limit 100
(Linux)
-
Monitor bandwidth usage per interface:
vnstat -i INTERFACE
(Linux)
-
Set up network interface bonding for redundancy:
ip link add bond0 type bond ip link set bond0 up ip link set INTERFACE1 master bond0 ip link set INTERFACE2 master bond0
(Linux)
-
Perform network diagnostics with
nmap:nmap -sS -p PORTS HOSTNAME nmap -O HOSTNAME
(Linux, macOS)
-
Analyze network paths and identify latency issues with
mtr:mtr -r -c 100 HOSTNAME
(Linux, macOS)
-
Configure advanced routing with
ip route:ip route add DESTINATION_NETWORK/MASK via GATEWAY_IP dev INTERFACE table 100 ip route add default via GATEWAY_IP table 100
(Linux)
-
Use
traceroutewith different protocols and settings:traceroute -T HOSTNAME traceroute -U HOSTNAME
(Linux, macOS)
-
Display detailed interface statistics and errors:
ethtool -S INTERFACE
(Linux)
-
Check for packet drops and errors on interfaces:
ifstat INTERFACE
(Linux)
-
Monitor network traffic with detailed
tcpdumpfilters:tcpdump -i INTERFACE -nn 'tcp[tcpflags] & (tcp-syn|tcp-ack) != 0'(Linux, macOS)
-
Perform network scans and vulnerability assessments:
nmap -A HOSTNAME nmap --script vuln HOSTNAME
(Linux, macOS)
-
Use
netcatfor network exploration and diagnostics:nc -l -p PORT nc -v HOSTNAME PORT
(Linux, macOS)
-
Configure and monitor SNMP with
snmpwalk:snmpwalk -v 2c -c COMMUNITY_STRING HOSTNAME
(Linux, macOS)
-
Use
tcpflowto capture and analyze network traffic flows:tcpflow -i INTERFACE
(Linux, macOS)
-
Display network interfaces:
ipconfig /all -
Display ARP table:
arp -a -
Display routing table:
route print
-
Add a static route:
route add DESTINATION_NETWORK MASK NETMASK GATEWAY_IP -
Delete a static route:
route delete DESTINATION_NETWORK -
Configure DNS settings:
netsh interface ip set dns name="INTERFACE_NAME" static DNS_IP
-
Perform a traceroute:
tracert HOSTNAME
-
Ping with a specific packet size:
ping HOSTNAME -l SIZE
-
Check network performance:
pathping HOSTNAME
-
Configure Windows Firewall rules:
netsh advfirewall firewall add rule name="RuleName" protocol=TCP dir=in localport=PORT action=allow
-
List all active connections and listening ports:
netstat -ano -
Kill a process by PID:
taskkill /PID PID_NUMBER /F
-
View network statistics:
netsh interface ipv4 show stats -
Monitor network usage:
perfmon -
Configure VPN settings:
rasdial CONNECTION -
Configure VPN settings:
rasdial CONNECTION_NAME USERNAME PASSWORD -
Check current network connections and their state:
netstat -b -
List all network adapters and their configuration:
getmac /v /fo list -
Display detailed TCP connections and listening ports:
netstat -anob -
Monitor network usage over time with Performance Monitor:
perfmon /report -
Display IP configuration for all adapters:
ipconfig /all -
Release and renew DHCP leases:
ipconfig /release ipconfig /renew
-
Perform network scan and discover services using
nmap:nmap -A -T4 HOSTNAME -
Use
netcatfor port scanning and connections:nc -zv HOSTNAME PORT -
Test network ports and connectivity with
telnet:telnet HOSTNAME PORT
-
Perform vulnerability scans with
nmapscripts:nmap --script vuln HOSTNAME
-
List all EC2 instances:
aws ec2 describe-instances
-
Describe a specific instance:
aws ec2 describe-instances --instance-ids INSTANCE_ID
-
Describe security groups:
aws ec2 describe-security-groups
-
List all VPCs:
aws ec2 describe-vpcs
-
Get VPC peering connections:
aws ec2 describe-vpc-peering-connections
-
View CloudWatch metrics:
aws cloudwatch list-metrics
-
Monitor RDS instances:
aws rds describe-db-instances
-
List all virtual machines:
az vm list --output table
-
Show details of a specific VM:
az vm show --name VM_NAME --resource-group RESOURCE_GROUP
-
List all network interfaces:
az network nic list --output table
-
Show details of a specific network interface:
az network nic show --name NIC_NAME --resource-group RESOURCE_GROUP
-
List all virtual networks:
az network vnet list --output table
-
Show details of a specific virtual network:
az network vnet show --name VNET_NAME --resource-group RESOURCE_GROUP
-
View network security groups:
az network nsg list --output table
-
List all Compute Engine instances:
gcloud compute instances list
-
Describe a specific Compute Engine instance:
gcloud compute instances describe INSTANCE_NAME
-
List all network interfaces:
gcloud compute network-interfaces list
-
Describe a specific network interface:
gcloud compute network-interfaces describe INTERFACE_NAME
-
List all VPC networks:
gcloud compute networks list
-
Describe a specific VPC network:
gcloud compute networks describe NETWORK_NAME
-
View firewall rules:
gcloud compute firewall-rules list
-
Display network interfaces:
ifconfig
-
Show detailed IP address information:
ip -f inet addr
-
Test network connectivity with
ping:ping HOSTNAME
-
Check for open ports with
netcat:nc -zv HOSTNAME PORT
-
Display routing table:
route -n
-
Perform a traceroute:
traceroute HOSTNAME
-
View network statistics:
netstat -s
-
List all network services:
networksetup -listallnetworkservices
-
Get details for a specific network service:
networksetup -getinfo SERVICE_NAME
-
Change DNS settings:
networksetup -setdnsservers SERVICE_NAME DNS_IP
-
List all wireless networks:
/System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport -s
-
Connect to a wireless network:
networksetup -setairportnetwork INTERFACE SSID PASSWORD
-
List all network interfaces:
ifconfig -a
-
Show detailed interface configuration:
netstat -in
-
Display routing table:
netstat -rn
-
Check ARP cache:
arp -a
-
Set a static route:
route add net DESTINATION_NETWORK netmask NETMASK gateway GATEWAY_IP
-
Configure network interface:
ifconfig INTERFACE IP_ADDRESS netmask NETMASK
-
Display network interfaces:
ifconfig
-
Show detailed network configuration:
netstat -r
-
Display ARP table:
arp -a
-
Add a static route:
route add -net DESTINATION_NETWORK netmask NETMASK gateway GATEWAY_IP
-
Configure network interface:
ifconfig INTERFACE inet IP_ADDRESS netmask NETMASK
-
List network interfaces:
ifconfig
-
Display routing table:
netstat -rn
-
Show ARP table:
arp -a
-
Add a static route:
route add DESTINATION_NETWORK/NETMASK GATEWAY_IP
-
Configure network interface:
ifconfig INTERFACE inet IP_ADDRESS netmask NETMASK
This comprehensive list covers advanced networking commands across various systems, providing extensive options for network configuration, diagnostics, security, and management.