Home Blog Certs Knowledge Base About
maks.top / kb / Linux Networking

Linux Networking

14/04/2026
Linuxipsstcpdumpiptablesnmcli
Quick reference for Linux networking tools. Covers the modern stack: iproute2 (ip, ss), traffic capture (tcpdump), connection management (nmcli), and firewall (iptables).

ip addr

Address management
CommandDescription
ip addrShow all interfaces with addresses
ip a show dev eth0Single interface only
ip a add 192.168.1.10/24 dev eth0Add an IP address
ip a del 192.168.1.10/24 dev eth0Remove an IP address
ip a flush dev eth0Remove all addresses from an interface
ip -6 aIPv6 addresses only
ip -br aBrief output
Interface management
CommandDescription
ip link showList all interfaces
ip -br linkBrief output with statuses
ip link set eth0 upBring interface up
ip link set eth0 downBring interface down
ip link set eth0 mtu 9000Set MTU (jumbo frames)
ip link set eth0 promisc onEnable promiscuous mode
ip link set eth0 name lan0Rename an interface
ip link add veth0 type veth peer name veth1Create a veth pair
ip link add br0 type bridgeCreate a bridge
ip link set eth0 master br0Add interface to bridge
ip link del veth0Delete an interface

ip route

Routing table
CommandDescription
ip routeShow routing table
ip r show table allAll routing tables
ip r add default via 192.168.1.1Set default gateway
ip r add 10.0.0.0/8 via 10.1.0.1 dev eth0Add a static route
ip r del 10.0.0.0/8Delete a route
ip r replace 10.0.0.0/8 via 10.2.0.1Replace / upsert a route
ip r get 8.8.8.8Route to a specific host
ip r add blackhole 10.10.0.0/16Blackhole (silent drop)
ip r add prohibit 10.10.0.0/16Reject with ICMP admin-prohibited
ip r flush cacheFlush route cache

ip neigh

ARP / NDP table
CommandDescription
ip neigh showShow ARP/NDP table
ip n show dev eth0ARP for a specific interface
ip n add 192.168.1.1 lladdr aa:bb:cc:dd:ee:ff dev eth0 nud permanentAdd a static ARP entry
ip n del 192.168.1.1 dev eth0Delete an ARP entry
ip n flush dev eth0Flush ARP for an interface
ip n flush allFlush the entire ARP cache

ss

Socket statistics (netstat replacement)
CommandDescription
ss -tulnListening TCP/UDP ports
ss -tulnpSame + process names (root)
ss -taAll TCP connections
ss -uaAll UDP sockets
ss -xaUnix domain sockets
ss -sSocket summary statistics
ss -4 state establishedEstablished IPv4 connections
ss -tnp dst 10.0.0.1Connections to a specific host
ss -tnp dport = :443Connections to port 443
ss -tnp sport = :22Connections from port 22
ss -tnp state time-waitConnections in TIME-WAIT state

ss flags: -t TCP · -u UDP · -l listening · -a all · -n no resolve · -p processes · -4/-6 IPv4/IPv6

tcpdump

Packet capture
CommandDescription
tcpdump -i eth0Capture on an interface
tcpdump -i anyCapture on all interfaces
tcpdump -i eth0 -nNo DNS resolution
tcpdump -i eth0 -nnNo DNS and no port name resolution
tcpdump -i eth0 -c 100Capture 100 packets then exit
tcpdump -i eth0 -w file.pcapSave to file (open in Wireshark)
tcpdump -r file.pcapRead from file
tcpdump -i eth0 -vVerbose output
tcpdump -i eth0 port 80Filter by port
tcpdump -i eth0 host 10.0.0.1Filter by host
tcpdump -i eth0 net 10.0.0.0/24Filter by subnet
tcpdump -i eth0 src host 10.0.0.1From source host only
tcpdump -i eth0 tcp and not port 22TCP excluding SSH
tcpdump 'tcp[tcpflags] & tcp-syn != 0'SYN packets only
tcpdump 'tcp[tcpflags] == tcp-syn|tcp-ack'SYN-ACK only (handshake)
tcpdump -i eth0 icmpICMP (ping) only
tcpdump -i eth0 udp port 53DNS queries

nmcli

NetworkManager CLI
CommandDescription
nmcli device statusStatus of all devices
nmcli device show eth0Detailed interface information
nmcli connection showList all connections
nmcli connection show --activeActive connections only
nmcli con up "name"Activate a connection
nmcli con down "name"Deactivate a connection
nmcli con reloadReload configuration files
nmcli con add type ethernet ifname eth0 con-name myconnCreate an Ethernet connection
nmcli con mod "name" ipv4.addresses "192.168.1.10/24"Set a static IP
nmcli con mod "name" ipv4.gateway "192.168.1.1"Set the gateway
nmcli con mod "name" ipv4.dns "8.8.8.8 1.1.1.1"Set DNS servers
nmcli con mod "name" ipv4.method manualSwitch to static addressing
nmcli con mod "name" ipv4.method autoSwitch to DHCP
nmcli con del "name"Delete a connection
nmcli general hostname myhostSet the hostname
nmcli networking off / onDisable / enable networking

iptables

Listing & flushing rules
CommandDescription
iptables -L -n -vAll rules with counters
iptables -L INPUT --line-numbersRules with line numbers
iptables -t nat -L -n -vNAT table
iptables -FFlush all rules (filter table)
iptables -F INPUTFlush INPUT chain only
iptables -XDelete user-defined chains
iptables -ZZero counters
iptables -D INPUT 3Delete rule #3 in INPUT
Common rules
CommandDescription
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPTAllow established / related traffic
iptables -A INPUT -p tcp --dport 22 -j ACCEPTAllow SSH
iptables -A INPUT -p tcp --dport 80,443 -j ACCEPTAllow HTTP/HTTPS
iptables -A INPUT -i lo -j ACCEPTAllow loopback
iptables -A INPUT -j DROPDrop everything else
iptables -I INPUT 1 -s 10.0.0.0/8 -j ACCEPTInsert rule at the top
iptables -A INPUT -p icmp -j ACCEPTAllow ping
iptables -A INPUT -m limit --limit 3/min -j LOG --log-prefix "DROP: "Log with rate limiting
NAT & Forwarding
CommandDescription
iptables -A FORWARD -i eth0 -o eth1 -j ACCEPTAllow forwarding
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADENAT / masquerade (PAT)
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j SNAT --to-source 1.2.3.4SNAT with a fixed IP
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 192.168.1.10:80Port forwarding (DNAT)
iptables-save > /etc/iptables/rules.v4Save rules
iptables-restore < /etc/iptables/rules.v4Restore rules

Chains: INPUT (inbound to host) · OUTPUT (outbound from host) · FORWARD (transit) · PREROUTING · POSTROUTING
Tables: filter (default) · nat · mangle · raw

← Back to kb