Linux is an open-source operating system that is widely used in DevOps environments. As a DevOps engineer, knowing the Linux command line is crucial for efficient system administration and management. In this blog, we have compiled a list of important Linux commands that every DevOps engineer should know.
File System Hierarchy
/: This is the top-level directory in Linux, also known as the root directory./root: This is the home directory for the root user./home: This is the home directory for other users./boot: This directory contains bootable files for Linux./etc: This directory contains all configuration files./usr: By default, software is installed in this directory./bin: This directory contains commands used by all users./sbin: This directory contains commands used only by the root user.
Example -
Here are some examples of navigating and using the file system hierarchy in Linux:
- / - Top level directory
Command:
cd /Output:
bin boot dev etc home lib lib64 lost+found media mnt opt proc root run sbin srv sys tmp usr var
This is the top level directory in Linux, also known as the root directory. It contains all the other directories and files on the system.
- /root - Home directory for root user
Command:
cd /rootOutput:
Desktop Documents Music Pictures Public Videos
This is the home directory for the root user. It contains the root user's personal files and directories.
- /home - Home directory for other users
Command:
cd /homeOutput:
user1 user2 user3
This directory contains the home directories for all users on the system, except for the root user.
- /boot - Bootable files for Linux
Command:
cd /bootOutput:
config-4.15.0-72-generic grub initrd.img-4.15.0-72-generic System.map-4.15.0-72-generic vmlinuz-4.15.0-72-generic
This directory contains the bootable files for Linux, including the kernel and initrd images.
- /etc - Configuration files
Command:
cd /etcOutput:
adduser.conf aliases apache2 apt bash.bashrc bind cron.d dbus-1 default dhcp fstab group hosts init inittab issue ldap logrotate.conf lsb-release mailcap mime.types modprobe.d modules mtab networks nsswitch.conf pam.conf passwd profile protocols resolv.conf rpc services shadow shells skel ssh ssl sysctl.conf systemd udev useradd.conf vim xdg
This directory contains all the configuration files for the system, including user and group information, network settings, and system services.
- /usr - Software installation directory
Command:
cd /usrOutput:
bin games include lib lib64 libexec local sbin share src
This directory is where software is installed by default. It contains subdirectories for different types of software, such as bin for executable files and lib for libraries.
- /bin - Commands used by all users
Command:
cd /binOutput:
bash cat chmod chown cp date dd df echo grep gzip hostname kill ln ls mkdir mknod more mount mv ping ps pwd rm rmdir sed sh sleep sort tail tar touch umount uname uniq wc which xargs
This directory contains essential commands that are used by all users on the system.
- /sbin - Commands used by root user
Command:
cd /sbinOutput:
acpid blkid depmod fdisk fsck grub-mkconfig ifconfig init insmod ip lsmod mke2fs mkfs mkswap modinfo modprobe mount poweroff reboot rmmod route runlevel shutdown swapoff swapon sysctl tune2fs umount
This directory contains system administration commands that are used by the root user.
Linux Basic Commands
cat (create & append file)
Command:
cat > file.txtOutput: Creates a new file called file.txt and opens it in the default editor.
Command:
cat >> file.txtOutput: Appends to the existing file called file.txt.
Example:
$ cat > file.txt
Hello World!
$ cat file.txt
Hello World!
$ cat >> file.txt
This is appended text.
$ cat file.txt
Hello World!
This is appended text.
- touch (create blank file)
Command:
touch file.txtOutput: Creates a new blank file called file.txt.
Example:
$ touch file.txt
$ ls
file.txt
- nano (create & edit file)
Command:
nano file.txtOutput: Opens the file called file.txt in the nano editor.
Example:
$ nano file.txt
This will open the nano editor where you can create and edit the file.
- vi/vim (create & edit file)
Command:
vi file.txtOutput: Opens the file called file.txt in the vi editor.
Example:
$ vi file.txt
This will open the vi editor where you can create and edit the file.
- ls (list)
Command:
lsOutput: Lists the files and directories in the current directory.
Example:
$ ls
file1.txt file2.txt dir1 dir2
Command:
ls -aOutput: Lists all files and directories, including hidden ones.
Example:
$ ls -a
. .. file1.txt file2.txt dir1 dir2 .hidden_file
Command:
ls -laOutput: Lists all files and directories in a detailed format.
Example:
$ ls -la
total 12
drwxr-xr-x 3 user user 4096 Aug 17 14:23 .
drwxr-xr-x 10 user user 4096 Aug 17 14:23 ..
-rw-r--r-- 1 user user 12 Aug 17 14:23 file1.txt
-rw-r--r-- 1 user user 12 Aug 17 14:23 file2.txt
drwxr-xr-x 2 user user 4096 Aug 17 14:23 dir1
drwxr-xr-x 2 user user 4096 Aug 17 14:23 dir2
-rw-r--r-- 1 user user 12 Aug 17 14:23 .hidden_file
- cd (change directory)
Command:
cd dir1Output: Changes the current directory to dir1.
Example:
$ cd dir1
$ pwd
/home/user/dir1
- pwd (print working directory)
Command:
pwdOutput: Prints the current working directory.
Example:
$ pwd
/home/user
- mkdir (create directory, multiple)
Command:
mkdir dir1 dir2Output: Creates two new directories called dir1 and dir2.
Example:
$ mkdir dir1 dir2
$ ls
dir1 dir2
- cp (copy)
Command:
cp file1.txt file2.txtOutput: Copies the contents of file1.txt to file2.txt.
Example:
$ cp file1.txt file2.txt
$ cat file2.txt
Hello World!
- mv (move)
Command:
mv file1.txt dir1Output: Moves the file file1.txt to the directory dir1.
Example:
$ mv file1.txt dir1
$ ls dir1
file1.txt
- mv (rename)
Command:
mv file1.txt file2.txtOutput: Renames the file file1.txt to file2.txt.
Example:
$ mv file1.txt file2.txt
$ ls
file2.txt
- rm (remove file)
Command:
rm file1.txtOutput: Removes the file file1.txt.
Example:
$ rm file1.txt
$ ls
- tree (see in tree structure)
Command:
treeOutput: Displays the directory structure in a tree-like format.
Example:
$ tree
.
|-- dir1
| |-- file1.txt
| |-- file2.txt
|-- dir2
| |-- file3.txt
| |-- file4.txt
|-- file5.txt
- rm -rf (remove directory & recursive)
Command:
rm -rf dir1Output: Removes the directory dir1 and all its contents recursively.
Example:
$ rm -rf dir1
$ ls
- grep (pick & print)
Command:
grep "Hello" file1.txtOutput: Prints
Here are the Linux commands with examples:
- less (see output)
Command:
less file.txtOutput: Displays the contents of file.txt one screen at a time.
Example:
$ less file.txt
Hello World!
This is a test file.
...
You can scroll through the file using the arrow keys or page up/down keys.
- head (see top 10 lines)
Command:
head file.txtOutput: Displays the first 10 lines of file.txt.
Example:
$ head file.txt
Hello World!
This is a test file.
Line 3
Line 4
Line 5
Line 6
Line 7
Line 8
Line 9
Line 10
- tail (see last 10 lines)
Command:
tail file.txtOutput: Displays the last 10 lines of file.txt.
Example:
$ tail file.txt
Line 91
Line 92
Line 93
Line 94
Line 95
Line 96
Line 97
Line 98
Line 99
Line 100
- sort (display in Alphabetic/Numeric order)
Command:
sort file.txtOutput: Displays the contents of file.txt in alphabetical order.
Example:
$ sort file.txt
Apple
Banana
Cat
Dog
Elephant
...
You can also use the -n option to sort in numeric order:
$ sort -n file.txt
1
2
3
4
5
...
- User
Command:
useradd usernameOutput: Creates a new user account with the specified username.
Example:
$ useradd john
- Group
Command:
groupadd groupnameOutput: Creates a new group with the specified groupname.
Example:
$ groupadd admins
- Soft Link (shortcut)
Command:
ln -s file.txt link.txtOutput: Creates a soft link (shortcut) to file.txt called link.txt.
Example:
$ ln -s file.txt link.txt
$ ls -l
lrwxr-xr-x 1 user user 9 Aug 17 14:23 link.txt -> file.txt
- Hard Link (backup)
Command:
ln file.txt backup.txtOutput: Creates a hard link (backup) to file.txt called backup.txt.
Example:
$ ln file.txt backup.txt
$ ls -l
-rw-r--r-- 2 user user 12 Aug 17 14:23 backup.txt
-rw-r--r-- 2 user user 12 Aug 17 14:23 file.txt
- /tar (to pack)
Command:
tar -cvf archive.tar file.txtOutput: Creates a tar archive of file.txt called archive.tar.
Example:
$ tar -cvf archive.tar file.txt
file.txt
$ ls
archive.tar
- gz (to compress)
Command:
gzip file.txtOutput: Compresses file.txt using gzip.
Example:
$ gzip file.txt
$ ls
file.txt.gz
You can also use the -d option to decompress the file:
$ gzip -d file.txt.gz
$ ls
file.txt
- yum (to install)
Command:
yum install package_nameOutput: Installs the specified package using the yum package manager.
Example:
$ yum install firefox
Loaded plugins: fastestmirror, langpacks
Resolving Dependencies
--> Running transaction check
---> Package firefox.x86_64 0:68.0.1-1.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================================
Package Arch Version Repository Size
================================================================================================
Installing:
firefox x86_64 68.0.1-1.el7 updates 80 M
Transaction Summary
================================================================================================
Install 1 Package
Total download size: 80 M
Installed size: 170 M
Is this ok [y/N]: y
Downloading packages:
firefox-68.0.1-1.el7.x86_64.rpm | 80 MB 00:01
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : firefox-68.0.1-1.el7.x86_64 1/1
Verifying : firefox-68.0.1-1.el7.x86_64 1/1
Installed:
firefox.x86_64 0:68.0.1-1.el7
Complete!
- wget (to download)
Command:
wget urlOutput: Downloads the file from the specified URL using wget.
Example:
$ wget https://www.example.com/file.txt
--2023-03-01 14:23:45-- https://www.example.com/file.txt
Resolving www.example.com (www.example.com)... 93.184.216.34
Connecting to www.example.com (www.example.com)|93.184.216.34|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 12 [text/plain]
Saving to: ‘file.txt’
100%[======================================>] 12 --.-K/s in 0s
2023-03-01 14:23:45 (1.23 MB/s) - ‘file.txt’ saved [12/12]
- File/Directory Permissions
Command:
ls -lOutput: Displays the permissions of files and directories in the current directory.
Example:
$ ls -l
total 0
-rw-r--r-- 1 user user 12 Aug 17 14:23 file.txt
drwxr-xr-x 2 user user 4096 Aug 17 14:23 dir1
- chmod (permissions)
Command:
chmod permissions file.txtOutput: Changes the permissions of file.txt to the specified permissions.
Example:
$ chmod 755 file.txt
$ ls -l
total 0
-rwxr-xr-x 1 user user 12 Aug 17 14:23 file.txt
- chown (owner)
Command:
chown user:group file.txtOutput: Changes the owner and group of file.txt to the specified user and group.
Example:
$ chown user:group file.txt
$ ls -l
total 0
-rwxr-xr-x 1 user group 12 Aug 17 14:23 file.txt
- chgrp (group)
Command:
chgrp group file.txtOutput: Changes the group of file.txt to the specified group.
Example:
$ chgrp group file.txt
$ ls -l
total 0
-rwxr-xr-x 1 user group 12 Aug 17 14:23 file.txt
- hostname (to see hostname)
Command:
hostnameOutput: Displays the hostname of the system.
Example:
$ hostname
localhost
- ifconfig (to get ip address)
Command:
ifconfigOutput: Displays the network interface configuration, including the IP address.
Example:
$ ifconfig
eth0 Link encap:Ethernet HWaddr 00:11:22:33:44:55
inet addr:192.168.1.100 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1000 errors:0 dropped:0 overruns:0 frame:0
TX packets:500 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:64000 (62.5 KiB) TX bytes:32000 (31.2 KiB)
- cat /etc/rele (to get os version)
Command:
cat /etc/*release*Output: Displays the OS version information.
Example:
$ cat /etc/*release*
NAME="CentOS Linux
- apt get install httpd (to install package)
Command:
apt-get install httpdOutput: Installs the Apache HTTP server package using apt-get.
Example:
$ apt-get install httpd
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
httpd
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 1,342 kB of archives.
After this operation, 3,942 kB of additional disk space will be used.
Get:1 http://archive.ubuntu.com/ubuntu xenial/main amd64 httpd amd64 2.4.18-2ubuntu3 [1,342 kB]
Fetched 1,342 kB in 1s (1,342 kB/s)
Selecting previously unselected package httpd.
(Reading database ... 186,255 files and directories currently installed.)
Preparing to unpack .../httpd_2.4.18-2ubuntu3_amd64.deb ...
Unpacking httpd (2.4.18-2ubuntu3) ...
Processing triggers for ureadahead (0.100.0-19) ...
Processing triggers for systemd (229-4ubuntu21) ...
Setting up httpd (2.4.18-2ubuntu3) ...
- yum update httpd (to upgrade package)
Command:
yum update httpdOutput: Upgrades the Apache HTTP server package using yum.
Example:
$ yum update httpd
Loaded plugins: fastestmirror, langpacks
Resolving Dependencies
--> Running transaction check
---> Package httpd.x86_64 0:2.4.6-40.el7 will be updated
---> Package httpd.x86_64 0:2.4.6-45.el7 will be an update
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================================
Package Arch Version Repository Size
================================================================================================
Updating:
httpd x86_64 2.4.6-45.el7 updates 1.2 M
Transaction Summary
================================================================================================
Upgrade 1 Package
Total download size: 1.2 M
Is this ok [y/N]: y
Downloading packages:
httpd-2.4.6-45.el7.x86_64.rpm | 1.2 MB 00:01
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Updating : httpd-2.4.6-45.el7.x86_64 1/2
Cleanup : httpd-2.4.6-40.el7.x86_64 2/2
Updated:
httpd.x86_64 0:2.4.6-45.el7
Complete!
- yum remove httpd (to uninstall package)
Command:
yum remove httpdOutput: Uninstalls the Apache HTTP server package using yum.
Example:
$ yum remove httpd
Loaded plugins: fastestmirror, langpacks
Resolving Dependencies
--> Running transaction check
---> Package httpd.x86_64 0:2.4.6-45.el7 will be erased
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================================
Package Arch Version Repository Size
================================================================================================
Removing:
httpd x86_64 2.4.6-45.el7 @updates 3.9 M
Transaction Summary
================================================================================================
Remove 1 Package
Installed size: 3.9 M
Is this ok [y/N]: y
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Erasing : httpd-2.4.6-45.el7.x86_64 1/1
Removed:
httpd.x86_64 0:2.4.6-45.el7
Complete!
- yum list installed (to see installed packages)
Command:
yum list installedOutput: Lists all installed packages using yum.
Example:
$ yum list installed
Loaded plugins: fastestmirror, langpacks
Installed Packages
GConf2.x86_64 3.2.6-8.el7 @anaconda
GeoIP.x86_64 1.5.0-11.el7 @anaconda
ModemManager.x86_64 1.6.0-2.el7 @anaconda
NetworkManager.x86_64 1:1.10.2-14.el7 @anaconda
...
- service httpd status (to see status)
Command:
service httpd statusOutput: Displays the status of the Apache HTTP server service.
Example:
$ service httpd status
Redirecting to /bin/systemctl status httpd.service
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: active (running) since Thu
- service httpd status (to see status)
Command:
service httpd statusOutput: Displays the status of the Apache HTTP server service.
Example:
$ service httpd status
Redirecting to /bin/systemctl status httpd.service
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: active (running) since Thu 2023-02-16 14:30:12 EST; 1h 15min ago
Process: 1234 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=0/SUCCESS)
Main PID: 1235 (httpd)
Status: "Total requests: 100; Current requests/sec: 0; Current traffic: 0 B/sec"
CGroup: /system.slice/httpd.service
└─1235 /usr/sbin/httpd -DFOREGROUND
Explanation: The output shows that the Apache HTTP server service is currently running and has been active for 1 hour and 15 minutes.
- service httpd start (to start service)
Command:
service httpd startOutput: Starts the Apache HTTP server service.
Example:
$ service httpd start
Redirecting to /bin/systemctl start httpd.service
Explanation: The command starts the Apache HTTP server service.
- service httpd reload (to restart service)
Command:
service httpd reloadOutput: Reloads the Apache HTTP server service.
Example:
$ service httpd reload
Redirecting to /bin/systemctl reload httpd.service
Explanation: The command reloads the Apache HTTP server service, which reloads the configuration files without restarting the service.
- service httpd restart (to restart service)
Command:
service httpd restartOutput: Restarts the Apache HTTP server service.
Example:
$ service httpd restart
Redirecting to /bin/systemctl restart httpd.service
Explanation: The command restarts the Apache HTTP server service, which stops and starts the service again.
- chkconfig httpd on (to start service permanently)
Command:
chkconfig httpd onOutput: Enables the Apache HTTP server service to start automatically on boot.
Example:
$ chkconfig httpd on
Explanation: The command enables the Apache HTTP server service to start automatically on boot.
- chkconfig httpd off (to stop service permanently)
Command:
chkconfig httpd offOutput: Disables the Apache HTTP server service from starting automatically on boot.
Example:
$ chkconfig httpd off
Explanation: The command disables the Apache HTTP server service from starting automatically on boot.
Redirection (redirecting output)
Redirection is a feature in Linux that allows you to redirect the output of a command to a file or another command.
>: Redirects the output to a file, overwriting the file if it already exists.>>: Redirects the output to a file, appending to the file if it already exists.2>: Redirects the error output to a file.2>>: Redirects the error output to a file, appending to the file if it already exists.&>: Redirects both the output and error output to a file.|: Pipes the output to another command.
Examples:
ls > file.txt: Redirects the output of thelscommand to a file calledfile.txt.ls >> file.txt: Appends the output of thelscommand to a file calledfile.txt.ls 2> error.txt: Redirects the error output of thelscommand to a file callederror.txt.ls 2>> error.txt: Appends the error output of thelscommand to a file callederror.txt.ls &> output.txt: Redirects both the output and error output of thelscommand to a file calledoutput.txt.ls | grep keyword: Pipes the output of thelscommand to thegrepcommand, which searches for the keyword in the output.
- Redirection (redirecting output)
Redirection is a feature in Linux that allows you to redirect the output of a command to a file or another command.
>: Redirects the output to a file, overwriting the file if it already exists.>>: Redirects the output to a file, appending to the file if it already exists.2>: Redirects the error output to a file.2>>: Redirects the error output to a file, appending to the file if it already exists.&>: Redirects both the output and error output to a file.|: Pipes the output to another command.
Examples:
ls > file.txt: Redirects the output of thelscommand to a file calledfile.txt.- Output: The output of the
lscommand is written tofile.txt.
- Output: The output of the
ls >> file.txt: Appends the output of thelscommand to a file calledfile.txt.- Output: The output of the
lscommand is appended tofile.txt.
- Output: The output of the
ls 2> error.txt: Redirects the error output of thelscommand to a file callederror.txt.- Output: The error output of the
lscommand is written toerror.txt.
- Output: The error output of the
ls 2>> error.txt: Appends the error output of thelscommand to a file callederror.txt.- Output: The error output of the
lscommand is appended toerror.txt.
- Output: The error output of the
ls &> output.txt: Redirects both the output and error output of thelscommand to a file calledoutput.txt.- Output: Both the output and error output of the
lscommand are written tooutput.txt.
- Output: Both the output and error output of the
ls | grep keyword: Pipes the output of thelscommand to thegrepcommand, which searches for the keyword in the output.- Output: The output of the
lscommand is piped to thegrepcommand, which searches for the keyword.
- Output: The output of the
which (to see package installed or not)
- Command:
which package_name
Output: Displays the path to the executable file of the package if it is installed.
Example:
$ which python /usr/bin/pythonExplanation: The output shows that the
pythonpackage is installed and the executable file is located at/usr/bin/python.sudo (to get root privileges)
- Command:
Command:
sudo commandOutput: Executes the command with root privileges.
Example:
$ sudo apt-get install firefox
Explanation: The command installs the firefox package using the apt-get command with root privileges.
- whoami (to see user)
Command:
whoamiOutput: Displays the username of the current user.
Example:
$ whoami
user123
Explanation: The output shows that the current user is user123.
Note: The whoami command is similar to the id command, but it only displays the username, whereas id displays more information about the user, including the user ID, group ID, and group membership.
Here are the Linux find commands with examples and outputs:
- find -type f (to see all files in current directory)
Command:
find . -type fOutput: Displays all files in the current directory and its subdirectories.
Example:
$ find . -type f
./file1.txt
./file2.txt
./dir1/file3.txt
./dir1/file4.txt
Explanation: The output shows all files in the current directory (file1.txt and file2.txt) and its subdirectory (dir1) with files (file3.txt and file4.txt).
- find -type d (to see all directories in current directory)
Command:
find . -type dOutput: Displays all directories in the current directory and its subdirectories.
Example:
$ find . -type d
.
./dir1
./dir1/dir2
Explanation: The output shows all directories in the current directory (.) and its subdirectories (dir1 and dir1/dir2).
- find / -type f (to see all files under top level root directory)
Command:
find / -type fOutput: Displays all files under the top-level root directory (
/).
Example:
$ find / -type f
/bin/bash
/bin/cat
/bin/ls
/etc/passwd
/etc/group
...
Explanation: The output shows all files under the top-level root directory (/), including system files and configuration files.
- find / -type d (to see all directories under top level root directory)
Command:
find / -type dOutput: Displays all directories under the top-level root directory (
/).
Example:
$ find / -type d
/
/bin
/etc
/etc/init.d
/usr
/usr/bin
...
Explanation: The output shows all directories under the top-level root directory (/), including system directories and subdirectories.
- find / -type f -name <file_name> (to search specific file under top level root directory)
Command:
find / -type f -name file_nameOutput: Displays the path to the specific file under the top-level root directory (
/).
Example:
$ find / -type f -name passwd
/etc/passwd
Explanation: The output shows the path to the passwd file under the top-level root directory (/etc/passwd).
- find / -type d -name <dir_name> (to search specific dir under top level root directory)
Command:
find / -type d -name dir_nameOutput: Displays the path to the specific directory under the top-level root directory (
/).
Example:
$ find / -type d -name etc
/etc
Explanation: The output shows the path to the etc directory under the top-level root directory (/etc).
Here are the commands in a single block:
$ find . -type f
./file1.txt
./file2.txt
./dir1/file3.txt
./dir1/file4.txt
$ find . -type d
.
./dir1
./dir1/dir2
$ find / -type f
/bin/bash
/bin/cat
/bin/ls
/etc/passwd
/etc/group
...
$ find / -type d
/
/bin
/etc
/etc/init.d
/usr
/usr/bin
...
$ find / -type f -name passwd
/etc/passwd
$ find / -type d -name etc
/etc
Note: The find command is a powerful tool for searching files and directories in Linux. The -type option specifies the type of file or directory to search for, and the -name option specifies the name of the file or directory to search for.
Here are some examples of using AWK and GREP with the netstat -a command:
AWK Examples
awkis a powerful text-processing language used for pattern scanning and processing. It is often used for tasks such as extracting fields from text files, performing calculations, and formattingPrint the protocol, local address, and foreign address for all listening sockets:
netstat -a | awk '{print $1, $4, $5}'
This will output something like:
Proto Local Address Foreign Address
tcp 127.0.0.1:3306 0.0.0.0:*
udp 127.0.0.1:123 0.0.0.0:*
- Print the number of connections in each state (e.g. LISTEN, ESTABLISHED, etc.):
netstat -a | awk '{print $6}' | sort | uniq -c
This will output something like:
5 ESTABLISHED
2 LISTEN
1 SYN_SENT
- Print the local address and port number for all TCP connections:
netstat -a | awk '$1 == "tcp" {print $4}'
This will output something like:
127.0.0.1:3306
192.168.1.100:80
- GREP Examples
grep is used for searching text using patterns. It prints lines that match a specified pattern.
- Find all listening sockets:
netstat -a | grep LISTEN
This will output something like:
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN
udp 0 0 127.0.0.1:123 0.0.0.0:*
- Find all established connections:
netstat -a | grep ESTABLISHED
This will output something like:
tcp 0 0 192.168.1.100:80 192.168.1.1:1234 ESTABLISHED
tcp 0 0 127.0.0.1:3306 127.0.0.1:12345 ESTABLISHED
- Find all connections to a specific port (e.g. port 80):
netstat -a | grep :80
This will output something like:
tcp 0 0 192.168.1.100:80 192.168.1.1:1234 ESTABLISHED
netstat -a Command
netstat -adisplays all active network connections and listening ports. This includes both TCP and UDP connections.The netstat command is used to display network connections, routing tables, interface statistics, masquerade connections, and multicast memberships. The -a option specifically shows all connections and listening ports.
Basic Syntax
netstat -aExamples
View All Active Connections and Listening Ports
Command:
netstat -aDescription: Displays all network connections and listening ports, including information about the protocol, local address, foreign address, and connection state.
Example Output:
Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp6 0 0 :::80 :::* LISTEN udp 0 0 0.0.0.0:68 0.0.0.0:* udp6 0 0 :::546 :::*Explanation:
Proto: Protocol used (TCP/UDP).
Recv-Q / Send-Q: Receive and send queue sizes.
Local Address: IP address and port on the local machine.
Foreign Address: IP address and port on the remote machine.
State: The state of the connection (e.g., LISTEN, ESTABLISHED).
Find Specific Ports and Connections
Command:
netstat -a | grep ':80'Description: Filters the output to show only lines containing port
80, commonly used for HTTP connections.Example Output:
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN tcp6 0 0 :::80 :::* LISTENExplanation: Displays lines where port
80is being used, indicating that HTTP service is listening on this port.
Monitor Changes in Real Time
Command:
watch netstat -aDescription: Continuously monitors and displays the output of
netstat -aat regular intervals, allowing you to see changes in real time.Example Output:
Every 2.0s: netstat -a Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp6 0 0 :::80 :::* LISTEN udp 0 0 0.0.0.0:68 0.0.0.0:* udp6 0 0 :::546 :::*Explanation: Updates the display every 2 seconds, showing current network connections and listening ports.
Common Use Cases
Troubleshooting Network Issues: Identifying open ports and listening services can help diagnose network connectivity problems.
Security Monitoring: Checking for unexpected open ports or connections can reveal potential security issues.
Network Configuration: Verifying that services are listening on the correct ports and addresses.
The netstat -a command provides a comprehensive view of all network activity, making it a valuable tool for network management and troubleshooting.
Here are ten essential Linux networking commands along with their usage and examples:
Networking top Commands
1. ifconfig
Description: Displays or configures network interfaces. It shows details about the network interfaces like IP addresses, MAC addresses, and interface status.
Example:
ifconfig
Output:
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.10 netmask 255.255.255.0 broadcast 192.168.1.255
...
2. ip
Description: A modern replacement for ifconfig and route. It is used for network configuration and management.
Example:
ip addr show
Output:
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:1a:2b:3c:4d:5e brd ff:ff:ff:ff:ff:ff
inet 192.168.1.10/24 brd 192.168.1.255 scope global eth0
...
3. ping
Description: Tests network connectivity to a specified host by sending ICMP echo requests and measuring response time.
Example:
ping google.com
Output:
PING google.com (142.250.74.14) 56(84) bytes of data.
64 bytes from lax17s13-in-f14.1e100.net (142.250.74.14): icmp_seq=1 ttl=115 time=12.3 ms
...
4. traceroute
Description: Traces the route packets take to a network host. Useful for diagnosing network path issues.
Example:
traceroute google.com
Output:
traceroute to google.com (142.250.74.14), 30 hops max, 60 byte packets
1 192.168.1.1 (192.168.1.1) 1.020 ms 0.941 ms 0.919 ms
2 10.0.0.1 (10.0.0.1) 2.208 ms 2.025 ms 1.978 ms
...
5. netstat
Description: Displays network connections, routing tables, interface statistics, masquerade connections, and multicast memberships.
Example:
netstat -a
Output:
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
...
6. ss
Description: Utility to investigate sockets. It provides more detailed information and faster output compared to netstat.
Example:
ss -tuln
Output:
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
tcp LISTEN 0 128 *:22 *:*
...
7. curl
Description: Transfers data from or to a server using various protocols (HTTP, HTTPS, FTP, etc.). Commonly used for interacting with APIs.
Example:
curl -I https://www.example.com
Output:
HTTP/1.1 200 OK
Date: Fri, 17 Aug 2024 08:00:00 GMT
Server: Apache/2.4.41 (Ubuntu)
...
8. wget
Description: Downloads files from the web. It supports HTTP, HTTPS, and FTP protocols.
Example:
wget https://www.example.com/file.zip
Output:
--2024-08-17 08:01:00-- https://www.example.com/file.zip
Resolving www.example.com (www.example.com)... 93.184.216.34
Connecting to www.example.com (www.example.com)|93.184.216.34|:443... connected.
...
9. hostname
Description: Displays or sets the system's hostname. The hostname identifies the machine on the network.
Example:
hostname
Output:
myserver
10. nslookup
Description: Queries the DNS to obtain domain name or IP address mapping. Useful for troubleshooting DNS issues.
Example:
nslookup google.com
Output:
Server: 8.8.8.8
Address: 8.8.8.8#53
Non-authoritative answer:
Name: google.com
Address: 142.250.74.14
...
These commands are essential for network troubleshooting, configuration, and monitoring on Linux systems.
Pratik Lahamge
LinkedIn | Portfolio | GitHub | Email