Networking Commands for Linux/UNIX, Android, Apple OS X, Windows, and Cisco IOS
TCP/IP Commands and Example Output
The following commands will report the TCP/IP configuration — IPv4/IPv6 addresses and netmasks, routing table, and more — on Linux, Android, Apple OS X, Windows, and Cisco operating systems, plus the rest of the entire Unix family of operating systems. "Unix" includes anything vaguely Unix-like — Linux, Android, BSD, Tru64, Solaris, HP-UX, AIX, IRIX, etc., plus macOS. Many of these commands help you troubleshoot network problems.
Note that the Cisco IOS allows for command abbreviation. That is, instead of:
router> show interfaces
you could simply type:
router> sh in
However, I prefer to use the entire command,
using the tab key for command completion.
You type just sh and then press
<tab>:
router> sh<tab>
and the system finishes the command itself:
router> show
At that point you could press ? to see
what alternatives are available (in the case of the
show command, quite a few!),
and then type enough of the parameter to be
unambiguous:
router> show in<tab>
and it finishes the parameter for you:
router> show interfaces
Just two more key presses gives you a clear explanation of what it's doing. More importantly, your typing errors become much more obvious!
The GNU implementations of command shells including Bash, Tcsh, and others also support command and filename completion. These are what you have in Linux, Android, and OS X environments, and what you can have in commercial Unix environments once you add the appropriate GNU package.
Be aware that the networking commands on
Linux have gone through a major redesign!
The traditional tools including ifconfig,
netstat,
route,
and others may still be available and some
of them may work as expected,
but you may have only the Iproute2 project tools installed.
With Android, for example, you get only the new Iproute2
versions.
Both the traditional and the Iproute2 versions
are explained here.
Learn the new commands using ip.
Linux Interface Names
Also be aware that the move to
systemd along with other updates on Linux
have changed the network interface names.
You no longer have the traditional
eth0,
eth1,
wlan0, and so on.
On-board Ethernet devices will be named
eno1,
eno2, and so on,
or em1,
em2, and so on.
On VMware, a
bug
leads to the nonsensical numbered name
eno16777736.
One workaround is to edit the *.vmx
line and change the number found here:
ethernet0.pciSlotNumber="33"
from 33 to a smaller unused number such as 20.
In base 16, 20 is 0x14.
That virtual Ethernet device will appear at
PCI bus address 00:14.0,
and it will be enp0s20.
Experiment: not all numbers will work, many will
result in 16777736.
PCI Express hotplug devices will be
ens1,
ens2, ...
PCI bus addresses may be used, an Ethernet device
at PCI bus address 02:00.0 will be
enp2s0.
The Bus:Device.Function specification is in
hexadecimal, PCI address 00:14.0 leads to
enp0s20.
Alternatively, as per
this Fedora page,
"... ports on PCI cards will be named
p<slot_number>p<port_number>,
corresponding to the chassis labels,"
so p3p1 or similar.
How do you figure out which wired Ethernet port is which?
Try using the ethtool command.
Its -p or --identify
option tells the port to identify itself,
usually by blinking its LED.
You can add a number to tell it how many seconds to
continue the blinking.
Let's blink p3p1 for 20 seconds:
# ethtool -p p3p1 20
If that fails, and it does in many situations,
connect just one Ethernet interface to a switch.
Then use ip link as shown below
to see which one shows state UP.
USB-connected devices will have names containing
the PCI bus address of the USB controller, and the
USB bus and device number.
If the USB controller is at PCI bus address 00:03.0
(PCI bus 00, slot 03, function 0),
and a wireless network interface is plugged into
USB bus 1 as device 4, it will be
wlp0s3f1u4.
Finally, MAC addresses may be used:
enx0011951E8EB6.
AlphaServer DS10 and AlphaStation 200 4/233 running Linux and OpenBSD Unix.
Extra-Short Version
Here is an extra-short version with no explanations and no example output. Maybe all you need is a reminder!
| LAN Information | |
| Unix | netstat -i |
| Linux/Android | ip -s link |
| Windows | netstat -e |
| Cisco | show interfaces |
| Interface media settings | |
| Linux | ethtool interfacename |
| BSD / OS X | ifconfig -m |
| Cisco | show interfaces |
| ARP cache, IPv4—MAC | |
| Unix, Windows | arp -a |
| Linux, Android | ip neigh |
| Cisco | show arp |
| NDP cache, IPv6—MAC | |
| Linux / Android | ip -6 neigh show |
| BSD / OS X | ndp -a |
| Windows | netsh interface ipv6 show neighbors |
| IP address / netmask | |
| Unix, OS X | ifconfig -a |
| Linux, Android | ip addr |
| Windows | ipconfig /all |
| Cisco | show ip config |
| IPv4 / IPv6 routing table | |
| Unix, OS X | netstat -nr |
| Linux, Android | ip route |
| Windows | netstat -nr |
| Cisco | show ip route |
| UDP/TCP services | |
| Unix, Android, OS X, Windows | netstat -a |
| Linux | ss -a |
| Cisco | show tcp [ brief ] |
| UDP/TCP/IP counters (statistics) | |
| Unix, Android, OS X, Windows | netstat -s |
| Cisco | show interfaces |
LAN Information (OSI Layer 1 and 2)
Display the interface statistics (packets received and sent, errors, collisions, maybe the rate of packets or bytes per second, maybe the MAC addresses)
Traditional Linux, Unix and OS X
netstat -i
Add -a for "all" to also see interfaces
that are present but not in use.
Here is a Linux example, where the wireless connection has
only been used a little, and the on-board Ethernet has not
yet been brought up with an IP address.
Linux$ netstat -i Kernel Interface table Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg em1 1500 0 0 0 0 0 0 0 0 0 BMU p3p1 1500 0 46249635 0 0 0 46076591 0 0 0 BMRU p7p1 1500 0 2780201 0 0 0 3774526 0 0 0 BMRU lo 16436 0 755482 0 0 0 755482 0 0 0 LRU wlp10s0u 1500 0 288241 0 0 0 416797 0 0 0 BMRU
On Linux, also try ethtool -S eth0
In this BSD and OS X example, I'm adding -n
to leave addresses numeric.
The following example is from an OpenBSD laptop where:
lo0 = Loopback pseudo-device
sis0 = Ethernet
enc0 = Encapsulation pseudo-device
BSD/macOS$ netstat -i -n Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Colls lo0 33208 <Link> 12 0 12 0 0 lo0 33208 127/8 127.0.0.1 12 0 12 0 0 lo0 33208 ::1/128 ::1 12 0 12 0 0 lo0 33208 fe80::%lo0/ fe80::1%lo0 12 0 12 0 0 sis0 1500 <Link> 00:11:43:44:8a:9b 4964964 0 8775155 0 0 sis0 1500 fe80::%sis0 fe80::211:43ff:fe 1522 0 899 0 0 sis0 1500 10.1.1/24 10.1.1.230 1522 0 899 0 0 enc0* 1536 <Link> 0 0 0 0 0
Solaris 10 / SunOS 5.10 example:
Solaris$ netstat -in Name Mtu Net/Dest Address Ipkts Ierrs Opkts Oerrs Collis Queue lo0 8232 127.0.0.0 127.0.0.1 1679079 0 1679079 0 0 0 ce0 1500 10.1.2.0 10.1.2.72 351818291 0 229839621 0 0 0 Name Mtu Net/Dest Address Ipkts Ierrs Opkts Oerrs Collis lo0 8252 ::1 ::1 1679079 0 1679079 0 0 ce0 1500 fe80::203:baff:fe09:3d51/10 fe80::203:baff:fe09:3d51 351818291 0 229839621 0 0
Iproute2 on Linux and Android
The commands:
ip -s link ifstat
An example from Linux with two Ethernet interfaces and one wireless LAN interface:
Linux$ ip -s link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
RX: bytes packets errors dropped overrun mcast
80889401 246161 0 0 0 0
TX: bytes packets errors dropped carrier collsns
80889401 246161 0 0 0 0
2: p3p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 576 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
link/ether 00:11:95:1e:8e:b6 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
1412616000 3298189 0 0 0 0
TX: bytes packets errors dropped carrier collsns
206636541 1651129 0 0 0 0
3: p7p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
link/ether 6c:62:6d:b2:f8:41 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
882299653 2376329 0 0 0 0
TX: bytes packets errors dropped carrier collsns
2428621918 2630472 0 0 0 0
4: wlp0s3f1u4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DORMANT group default qlen 1000
link/ether c8:3a:35:cf:3b:b9 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
1811540993 1214909 0 0 0 0
TX: bytes packets errors dropped carrier collsns
57537735 653205 0 0 0 0
Linux$ ifstat
#kernel
Interface RX Pkts/Rate TX Pkts/Rate RX Data/Rate TX Data/Rate
RX Errs/Drop TX Errs/Drop RX Over/Rate TX Coll/Rate
lo 245948 0 245948 0 153125K 0 153125K 0
0 0 0 0 0 0 0 0
p3p1 3446K 0 1721K 0 1173M 0 231962K 0
0 0 0 0 0 0 0 0
p7p1 1134K 0 1003K 0 589056K 0 365903K 0
0 0 0 0 0 0 0 0
wlp0s3f1u4 37235 0 14930 0 42507K 0 1380K 0
0 0 0 0 0 0 0 0
Use iw for link-layer work on wireless interfaces.
Linux$ iw list [... long list of all wireless devices and their capabilities ...] Linux$ iw wlp10s0u2 info Interface wlp10s0u2 ifindex 5 wdev 0x1 addr c8:3a:35:cf:3b:b9 ssid FBI_van4 type managed wiphy 0 channel 6 (2437 MHz), width: 20 MHz (no HT), center1: 2437 MHz Linux$ iw wlp10s0u2 link Connected to 00:1d:7e:2e:97:86 (on wlp10s0u2) SSID: FBI_van4 freq: 2437 RX: 153205798 bytes (2710536 packets) TX: 64445 bytes (2383 packets) signal: -35 dBm tx bitrate: 1.0 MBit/s bss flags: short-slot-time dtim period: 1 beacon int: 100 Linux$ iw wlp10s0u2 station dump Station 00:1d:7e:2e:97:86 (on wlp10s0u2) inactive time: 11525 ms rx bytes: 153494941 rx packets: 2715595 tx bytes: 64565 tx packets: 2388 tx retries: 0 tx failed: 0 signal: -35 dBm signal avg: -35 dBm tx bitrate: 1.0 MBit/s rx bitrate: 1.0 MBit/s expected throughput: 17.852Mbps authorized: yes authenticated: yes preamble: long WMM/WME: no MFP: no TDLS peer: no Linux$ iw wlp10s0u2 survey dump Survey data from wlp10s0u2 frequency: 2437 MHz [in use] channel active time: 608445 ms channel busy time: 23745 ms extension channel busy time: 0 ms Linux$ iw wlp10s0u2 scan dump BSS 00:1d:7e:2e:97:86(on wlp10s0u2) -- associated TSF: 275850025534 usec (3d, 04:37:30) freq: 2437 beacon interval: 100 TUs capability: ESS Privacy ShortSlotTime (0x0411) signal: -39.00 dBm last seen: 139198295 ms ago Information elements from Probe Response frame: SSID: FBI_van4 Supported rates: 1.0* 2.0* 5.5* 11.0* 18.0 24.0 36.0 54.0 DS Parameter set: channel 6 ERP: Barker_Preamble_Mode ERP D4.0: Barker_Preamble_Mode RSN: * Version: 1 * Group cipher: CCMP * Pairwise ciphers: CCMP * Authentication suites: PSK * Capabilities: 1-PTKSA-RC 1-GTKSA-RC (0x0000) Extended supported rates: 6.0 9.0 12.0 48.0
Android on a Samsung Galaxy smart phone with the 802.11 wireless enabled. What a large number of interfaces!
Android$ ip -s link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
RX: bytes packets errors dropped overrun mcast
8897040 10038 0 0 0 0
TX: bytes packets errors dropped carrier collsns
8897040 10038 0 0 0 0
2: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN
link/ether 8e:ec:ea:56:b7:41 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
0 0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
0 0 0 0 0 0
3: rmnet0: <BROADCAST,MULTICAST> mtu 2000 qdisc noop state DOWN qlen 1000
link/ether 7a:ac:20:6b:aa:ce brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
0 0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
0 0 0 0 0 0
4: rmnet1: <BROADCAST,MULTICAST> mtu 2000 qdisc noop state DOWN qlen 1000
link/ether 7e:47:97:18:e5:29 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
0 0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
0 0 0 0 0 0
5: rmnet2: <BROADCAST,MULTICAST> mtu 2000 qdisc noop state DOWN qlen 1000
link/ether 5a:2c:99:7d:29:e8 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
0 0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
0 0 0 0 0 0
6: rmnet3: <BROADCAST,MULTICAST> mtu 2000 qdisc noop state DOWN qlen 1000
link/ether 22:00:f5:c2:f5:d5 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
0 0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
0 0 0 0 0 0
7: rmnet4: <BROADCAST,MULTICAST> mtu 2000 qdisc noop state DOWN qlen 1000
link/ether 3a:bd:5b:f2:ed:9f brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
0 0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
0 0 0 0 0 0
8: rmnet5: <BROADCAST,MULTICAST> mtu 2000 qdisc noop state DOWN qlen 1000
link/ether da:ee:98:aa:0b:b7 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
0 0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
0 0 0 0 0 0
9: rmnet6: <BROADCAST,MULTICAST> mtu 2000 qdisc noop state DOWN qlen 1000
link/ether 8a:68:0b:1b:fd:f0 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
0 0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
0 0 0 0 0 0
10: rmnet7: <BROADCAST,MULTICAST> mtu 2000 qdisc noop state DOWN qlen 1000
link/ether 4a:16:9a:22:9c:59 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
0 0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
0 0 0 0 0 0
11: rmnet_sdio0: <> mtu 1500 qdisc pfifo_fast state DOWN qlen 1000
link/[530]
RX: bytes packets errors dropped overrun mcast
130307791 158972 0 0 0 0
TX: bytes packets errors dropped carrier collsns
20301720 148283 0 0 0 0
12: rmnet_sdio1: <> mtu 2000 qdisc noop state DOWN qlen 1000
link/[530]
RX: bytes packets errors dropped overrun mcast
0 0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
0 0 0 0 0 0
13: rmnet_sdio2: <> mtu 2000 qdisc noop state DOWN qlen 1000
link/[530]
RX: bytes packets errors dropped overrun mcast
0 0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
0 0 0 0 0 0
14: rmnet_sdio3: <> mtu 2000 qdisc noop state DOWN qlen 1000
link/[530]
RX: bytes packets errors dropped overrun mcast
0 0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
0 0 0 0 0 0
15: rmnet_sdio4: <> mtu 2000 qdisc noop state DOWN qlen 1000
link/[530]
RX: bytes packets errors dropped overrun mcast
0 0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
0 0 0 0 0 0
16: rmnet_sdio5: <> mtu 2000 qdisc noop state DOWN qlen 1000
link/[530]
RX: bytes packets errors dropped overrun mcast
0 0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
0 0 0 0 0 0
17: rmnet_sdio6: <> mtu 2000 qdisc noop state DOWN qlen 1000
link/[530]
RX: bytes packets errors dropped overrun mcast
0 0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
0 0 0 0 0 0
18: rmnet_sdio7: <> mtu 2000 qdisc noop state DOWN qlen 1000
link/[530]
RX: bytes packets errors dropped overrun mcast
0 0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
0 0 0 0 0 0
19: sit0: <NOARP> mtu 1480 qdisc noop state DOWN
link/sit 0.0.0.0 brd 0.0.0.0
RX: bytes packets errors dropped overrun mcast
0 0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
0 0 0 0 0 0
20: ip6tnl0: <NOARP> mtu 1452 qdisc noop state DOWN
link/tunnel6 :: brd ::
RX: bytes packets errors dropped overrun mcast
0 0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
0 0 0 0 0 0
21: p2p0: <NO-CARRIER,BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state DORMANT qlen 1000
link/ether 02:37:6d:a9:b9:35 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
0 0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
0 0 0 0 0 0
22: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:37:6d:a9:b9:35 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
50971645 663955 0 902 0 394
TX: bytes packets errors dropped carrier collsns
1814368098 1215089 0 3349 0 0
Windows
C:\>netstat -e
Interface Statistics
Received Sent
Bytes 1160647 105766
Unicast packets 858 200
Non-unicast packets 70 45
Discards 0 0
Errors 0 0
Unknown protocols 0
Cisco
router> show interfaces ethernet 0
Ethernet0 is up, line protocol is up
Hardware is Lance, address is 0000.0c8e.b534 (bia 0000.0c8e.b534)
Internet address is 10.1.1.254/24
MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec, rely 255/255, load 2/255
Encapsulation ARPA, loopback not set, keepalive set (10 sec)
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Queueing strategy: fifo
Output queue 0/40, 0 drops; input queue 1/75, 0 drops
5 minute input rate 108000 bits/sec, 18 packets/sec
5 minute output rate 107000 bits/sec, 18 packets/sec
6080 packets input, 4156592 bytes, 0 no buffer
Received 869 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 input packets with dribble condition detected
5858 packets output, 4036087 bytes, 0 underruns
0 output errors, 0 collisions, 10 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
Display the interface media settings and options (RJ-45 vs AUI interface, media speed and duplex settings, MTU, etc)
Linux
ethtool interface
Linux has ethtool,
I don't know of an equivalent
in Android.
Linux# ethtool p7p1 Settings for p7p1: Supported ports: [ TP MII ] Supported link modes: 10baseT/Half 10baseT/Full 100baseT/Half 100baseT/Full 1000baseT/Half 1000baseT/Full Supported pause frame use: No Supports auto-negotiation: Yes Advertised link modes: 10baseT/Half 10baseT/Full 100baseT/Half 100baseT/Full 1000baseT/Half 1000baseT/Full Advertised pause frame use: Symmetric Receive-only Advertised auto-negotiation: Yes Link partner advertised link modes: 10baseT/Half 10baseT/Full 100baseT/Half 100baseT/Full 1000baseT/Full Link partner advertised pause frame use: No Link partner advertised auto-negotiation: Yes Speed: 1000Mb/s Duplex: Full Port: MII PHYAD: 0 Transceiver: internal Auto-negotiation: on Current message level: 0x0000ffff (65535) drv probe link timer ifdown ifup rx_err tx_err tx_queued intr tx_done rx_status pktdata hw wol 0x8000 Link detected: yes
BSD and OS X
ifconfig -m
or, depending on version
ifconfig interface media
The first example is for a virtual machine running on the
Google Cloud Platform, so a virtualized Ethernet interface
vtnet* and a nice 10Gbps LAN.
FreeBSD$ ifconfig -m vtnet0
vtnet0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1460
options=6c07bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,VLAN_HWTSO,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
capabilities=7c07bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,VLAN_HWTSO,LINKSTATE,NETMAP,RXCSUM_IPV6,TXCSUM_IPV6>
ether 42:01:0a:8a:00:03
hwaddr 42:01:0a:8a:00:03
inet6 fe80::4001:aff:fe8a:3%vtnet0 prefixlen 64 scopeid 0x1
inet 10.138.0.3 netmask 0xffffffff broadcast 10.138.0.3
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: Ethernet 10Gbase-T <full-duplex>
status: active
supported media:
media 10Gbase-T mediaopt full-duplex
OpenBSD/macOS$ ifconfig sis0 media
sis0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:11:43:44:8a:9b
groups: egress
media: Ethernet autoselect (100baseTX full-duplex)
status: active
supported media:
media 10baseT
media 10baseT mediaopt full-duplex
media 100baseTX
media 100baseTX mediaopt full-duplex
media autoselect
inet6 fe80::211:43ff:fe44:8a9b%sis0 prefixlen 64 scopeid 0x1
inet 10.1.1.230 netmask 0xffffff00 broadcast 10.1.1.255
Cisco
show interfaces
See the example in the above section.
Display the ARP and NDP cache
ARP maps between IPv4 and MAC or hardware address.
Linux, Android
ip neigh
Linux:
$ ip neigh 192.168.12.230 dev enp0s18 lladdr 00:11:43:44:8A:9B REACHABLE 192.168.12.230 dev enp0s18 lladdr 00:11:43:37:C2:21 REACHABLE 192.168.12.1 dev enp0s18 lladdr 00:01:5C:24:85:02 REACHABLE 192.168.1.1 dev enp0s18 lladdr 00:1d:7e:2e:97:84 DELAY
Android:
$ ip neigh 192.168.1.100 dev wlan0 lladdr c8:3a:35:cf:3b:b9 REACHABLE 192.168.1.1 dev wlan0 lladdr 00:1d:7e:2e:97:84 REACHABLE
Unix, OS X, Windows
arp -a
BSD:
$ arp -a somehost.example.com (192.168.12.230) at 00:11:43:44:8A:9B [ether] on eth0 otherhost.example.com (192.168.12.230) at 00:11:43:37:C2:21 [ether] on eth0 router.example.com (192.168.12.1) at 00:01:5C:24:85:02 [ether] on eth0 anotherhost.example.com (192.168.1.1) at 00:1d:7e:2e:97:84 [ether] on wlp0s3f1u4 router-s1.isp.net (98.223.96.1) at 00:01:5c:24:9c:01 [ether] on eth1
Solaris:
$ arp -a Net to Media Table: IPv4 Device IP Address Mask Flags Phys Addr ------ -------------------- --------------- -------- --------------- bge0 224.101.101.101 255.255.255.255 01:00:5e:65:65:65 bge0 otherhost1 255.255.255.255 o 00:03:ba:55:94:91 bge0 otherhost2 255.255.255.255 o 00:14:4f:48:85:30 bge0 myself 255.255.255.255 SPLA 00:14:4f:62:87:1a bge0 otherhost3 255.255.255.255 o 00:14:38:8e:c6:d0 bge0 otherhost4 255.255.255.255 o 00:01:e6:98:c8:ee bge0 base-address.mcast.net 240.0.0.0 SM 01:00:5e:00:00:00
Windows:
C:\>arp -a Interface: 10.1.1.50 --- 0xc Internet Address Physical Address Type 10.1.1.100 6c-62-6d-b2-f8-f1 dynamic 10.1.1.230 2c-27-d7-c5-d3-7b dynamic 10.1.1.232 b8-27-eb-69-be-bb dynamic 10.1.1.233 b8-27-eb-01-d3-20 dynamic 10.1.1.252 00-1d-7e-2e-97-85 dynamic 10.1.1.255 ff-ff-ff-ff-ff-ff static 224.0.22 01-00-5e-00-00-16 static 224.0.251 01-00-5e-00-00-fb static 224.0.252 01-00-5e-00-00-fc static 239.255.255.250 01-00-5e-7f-ff-fa static 255.255.255.255 ff-ff-ff-ff-ff-ff static
Cisco
router#show arp Protocol Address Age (min) Hardware Addr Type Interface Internet 10.1.1.100 0 6c62.6db2.f841 ARPA Ethernet0 Internet 192.168.1.254 - 0000.0c8e.b535 ARPA Ethernet1 Internet 10.1.1.230 0 2c27.d7c5.d37b ARPA Ethernet0 Internet 10.1.1.254 - 0000.0c8e.b534 ARPA Ethernet0
NDP maps between IPv6 and MAC or hardware address. It is based on a subset of the ICMPv6 protocol.
Linux, Android
$ ip -6 neigh show fe80::237:6dff:fea9:b935 dev wlp10s0u1 lladdr 00:37:6d:a9:b9:35 STALE fc00::a8b6:ed6a:fee7:7dcf dev p3p1 lladdr 2c:27:d7:c5:d3:7b STALE fc00::2e27:d7ff:fec5:d37b dev p3p1 lladdr 2c:27:d7:c5:d3:7b STALE fc00::283d:474b:71ad:54a3 dev p3p1 lladdr 2c:27:d7:c5:d3:7b STALE fe80::213:3bff:fe12:6fa9 dev p3p1 lladdr 00:13:3b:12:6f:a9 router STALE fc00::581e:f5e2:6a5f:cbc9 dev p3p1 lladdr 2c:27:d7:c5:d3:7b STALE 2001:558:600d:16::1 dev p7p1 lladdr 00:01:5c:79:14:46 router STALE fc00::b44d:b937:7453:fed7 dev p3p1 lladdr 2c:27:d7:c5:d3:7b STALE fe80::201:5cff:fe79:1446 dev p7p1 lladdr 00:01:5c:79:14:46 router REACHABLE fc00::2c1e:bc76:af0c:43ee dev p3p1 lladdr 2c:27:d7:c5:d3:7b STALE fe80::2e27:d7ff:fec5:d37b dev p3p1 lladdr 2c:27:d7:c5:d3:7b STALE
BSD
$ ndp -a Neighbor Linklayer Address Netif Expire S Flags fe80::211:43ff:fe44:8a9b%sis0 0:11:43:44:8a:9b sis0 permanent R fe80::6e62:6dff:feb2:f841%sis0 6c:62:6d:b2:f8:41 sis0 23h58m40s S R fe80::1%lo0 (incomplete) lo0 permanent R
In the above output, sis0 is
the Ethernet interface.
The first entry listed is for this host's
Ethernet interface, the last is for
this host's software lookback address.
Windows
netsh interface ipv6 show neighbors
LAN Activity Monitoring
The ethstats command displays traffic in
bits/second and packets per second on all interfaces.
By default, every 10 seconds indefinitely.
$ ethstats
total: 0.06 Mb/s In 1.02 Mb/s Out - 68.8 p/s In 108.5 p/s Out
eno1: 0.03 Mb/s In 0.47 Mb/s Out - 36.4 p/s In 54.4 p/s Out
enp4s0: 0.03 Mb/s In 0.55 Mb/s Out - 32.4 p/s In 54.1 p/s Out
enp5s0: 0.00 Mb/s In 0.00 Mb/s Out - 0.0 p/s In 0.0 p/s Out
total: 2.39 Mb/s In 81.52 Mb/s Out - 3425.7 p/s In 6760.3 p/s Out
eno1: 0.00 Mb/s In 0.00 Mb/s Out - 1.5 p/s In 4.2 p/s Out
enp4s0: 2.38 Mb/s In 81.52 Mb/s Out - 3424.2 p/s In 6756.1 p/s Out
enp5s0: 0.00 Mb/s In 0.00 Mb/s Out - 0.0 p/s In 0.0 p/s Out
total: 0.30 Mb/s In 8.47 Mb/s Out - 397.1 p/s In 744.9 p/s Out
eno1: 0.06 Mb/s In 0.19 Mb/s Out - 48.5 p/s In 57.0 p/s Out
enp4s0: 0.24 Mb/s In 8.28 Mb/s Out - 348.6 p/s In 687.9 p/s Out
enp5s0: 0.00 Mb/s In 0.00 Mb/s Out - 0.0 p/s In 0.0 p/s Out
^C
Rack of Ethernet switches.
LAN Troubleshooting and Configuration
There should be no collisions on a switched LAN. If you do see collisions, suspect problems with the negotiation of speed and duplex mode. Some kernel modules (device drivers) may auto-negotiate by default, but then have an option to force auto-negotiation that causes slightly different behavior and results. Experiment!
If there are significant numbers of errors other than collisions, suspect problems with the Ethernet cables (most likely) or possibly the system's Ethernet card or the switch port.
To set the speed and duplex mode, you could run the
appropriate ethtool or ifconfig media
command immediately after booting, perhaps through
/etc/rc.local.
The problem is that the interface would have already come up
in an inappropriate mode and networking would have to be
restarted, especially if you are using DHCP.
A better solution would be to load the kernel module with the appropriate optional parameter. On Linux, start by reading the kernel documentation for the driver-specific options.
The kernel documentation is in
/usr/src/linux/Documentation
if you have installed the
kernel source,
or in
/usr/sharc/doc/kernel-doc
if you installed the kernel-doc package.
Within whichever one is relevant, find the subdirectory
networking,
and within that, a file with the same name as the driver.
If that doesn't provide the needed information, you
will need to look at the source code.
Start at /usr/src/linux,
go down to drivers/net/ethernet,
to the appropriate manufacturer-specific subdirectory,
and look for the appropriate file.
Once you find the appropriate parameters, you can
specify them
as option lines in
/etc/modprobe.d/ethernet.conf.
An option is the modify the boot script configuration
file used to start the network service.
On BSD and Linux, add the appropriate fields to the interface configuration file. The options will be applied when the kernel first brings up the interface. Here are some examples, but you need to figure out the precise syntax for the chipset-specific driver for your hardware and kernel:
BSD$ cat /etc/hostname.sis0 10.1.1.230 netmask 255.255.255.0 media 100baseT mediaopt full-duplex
Linux$ cat /etc/sysconfig/network-scripts/ifcfg-enp0s18 NAME="enp0s18" ONBOOT="yes" BOOTPROTO=none IPADDR=10.1.1.30 PREFIX=24 ETHTOOL_OPTS="speed 1000 duplex full"
Cisco Catalyst 2900 XL switch.
Encryption: Wireless and IPsec
Linux
Use nmcli to see what's available,
and use wpa_cli to see the
wireless encryption details.
Beware: iwconfig can show you many wireless
settings, but it cannot handle the WPA/WPA2 information
and it will claim that the encryption key is off,
meaning no encryption.
You can use iwlist scan to get a list of
available 802.11 access points and their supported encryption.
Note the need for root privileges for
wpa_cli and for full functionality,
such as it is, with iwconfig.
Morocco
The need to add this section occured to me while I was on a trip to Morocco, so this is what it looks like from the Hotel Atlas in the medina of Marrakech.
cromwell@linux:~$ nmcli device wifi list
==========================
Wi-Fi scan list (wlo1)
==========================
IN-USE BSSID SSID MODE CHAN RATE SIGNAL BARS SECURITY
--------------------------------------------------------------------------------------------------------------------
* 9C:50:EE:12:9E:9D Hotel Atlas Infra 1 130 Mbit/s 64 *** WPA2
00:31:92:A9:29:C8 Hotel Atlas Infra 2 195 Mbit/s 49 ** WPA2
00:31:92:A9:29:C7 HOTEL Atlas Infra 36 270 Mbit/s 49 ** WPA2
00:31:92:A9:37:1D HOTEL Atlas Infra 40 270 Mbit/s 37 ** WPA2
00:31:92:A9:37:1E Hotel Atlas Infra 6 405 Mbit/s 32 ** WPA2
A8:F7:E0:55:5A:87 Riad chami Infra 6 54 Mbit/s 25 * WPA1 WPA2
cromwell@linux:~$ wpa_cli status
Failed to connect to non-global ctrl_ifname: (nil) error: Permission denied
cromwell@linux:~$ sudo wpa_cli status
Selected interface 'wlo1'
bssid=9c:50:ee:12:9e:9d
freq=2412
ssid=Hotel Atlas
id=0
mode=station
wifi_generation=4
pairwise_cipher=CCMP
group_cipher=CCMP
key_mgmt=WPA2-PSK
wpa_state=COMPLETED
ip_address=192.168.1.74
address=ec:5c:68:a2:43:fb
uuid=931a67c6-9a69-536a-a243-3d6ae3974543
cromwell@linux:~$ iwconfig
wlo1 IEEE 802.11 ESSID:"Hotel Atlas"
Mode:Managed Frequency:2.412 GHz Access Point: 9C:50:EE:12:9E:9D
Bit Rate=144.4 Mb/s Tx-Power=30 dBm
Retry short limit:7 RTS thr:off Fragment thr:off
Power Management:on
Link Quality=49/70 Signal level=-61 dBm
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:0 Invalid misc:138 Missed beacon:0
cromwell@linux:~$ sudo iwconfig
wlo1 IEEE 802.11 ESSID:"Hotel Atlas"
Mode:Managed Frequency:2.412 GHz Access Point: 9C:50:EE:12:9E:9D
Bit Rate=144.4 Mb/s Tx-Power=30 dBm
Retry short limit:7 RTS thr:off Fragment thr:off
Encryption Key:off
Power Management:on
Link Quality=49/70 Signal level=-61 dBm
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:0 Invalid misc:138 Missed beacon:0
I don't know the details, but apparently with
the elevated privileges through sudo,
the iwconfig command is able to
read some encryption related information that
it then has problems presenting.
For IPsec, use ipsec trafficstatus
for a quick overview that should show your SAs
(or Security Associations) established, and non-zero
numbers of bytes and packets they have handled.
For a great deal of information, better suited to
debugging, use ipsec status.
IP Information (OSI Layer 3)
Display the current IP configuration (IP address, netmask) for the interfaces
Traditional Linux, Unix and OS X
ifconfig -a
Here is an example from an OpenBSD system with one Ethernet interface, re0:
$ ifconfig lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 32768 index 3 priority 0 llprio 3 groups: lo inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 inet 127.0.0.1 netmask 0xff000000 re0: flags=208843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,AUTOCONF6> mtu 1500 lladdr 2c:27:d7:c5:d3:7b index 1 priority 0 llprio 3 groups: egress media: Ethernet autoselect (100baseTX full-duplex) status: active inet 10.1.1.230 netmask 0xffffff00 broadcast 10.1.1.255 inet6 fe80::2e27:d7ff:fec5:d37b%re0 prefixlen 64 scopeid 0x1 inet6 fc00::2e27:d7ff:fec5:d37b prefixlen 64 autoconf pltime 14357 vltime 86357 inet6 fc00::283d:474b:71ad:54a3 prefixlen 64 deprecated autoconf autoconfprivacy pltime 0 vltime 69137 inet6 fc00::3ca5:5b5a:4177:530c prefixlen 64 autoconf autoconfprivacy pltime 11597 vltime 83597 enc0: flags=0<> index 2 priority 0 llprio 3 groups: enc status: active pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33144 index 4 priority 0 llprio 3 groups: pflog
And, an example from a FreeBSD system with one Ethernet interface, ue0:
$ ifconfig lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6> inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1 inet 127.0.0.1 netmask 0xff000000 groups: lo nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> ue0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=80009<RXCSUM,VLAN_MTU,LINKSTATE> ether b8:27:eb:41:b9:ae inet 10.1.1.235 netmask 0xffffff00 broadcast 10.1.1.255 inet6 fe80::ba27:ebff:fe41:b9ae%ue0 prefixlen 64 scopeid 0x2 inet6 fc00::ba27:ebff:fe41:b9ae prefixlen 64 media: Ethernet autoselect (100baseTX <full-duplex>) status: active nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
Iproute2 on Linux and Android
ip addr
Linux with two wired Ethernet interfaces and one wireless LAN interface.
Linux$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: p3p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 576 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:11:95:1e:8e:b6 brd ff:ff:ff:ff:ff:ff
inet 24.1.80.103/23 brd 255.255.255.255 scope global p3p1
valid_lft forever preferred_lft forever
inet6 2001:558:600d:16:6554:eb20:449d:eeeb/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::213:3bff:fe12:6faa/64 scope link
valid_lft forever preferred_lft forever
3: p7p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 6c:62:6d:b2:f8:41 brd ff:ff:ff:ff:ff:ff
inet 10.1.1.100/24 brd 10.1.1.255 scope global p7p1
valid_lft forever preferred_lft forever
inet6 fe80::6e62:6dff:feb2:f841/64 scope link
valid_lft forever preferred_lft forever
4: wlp0s3f1u4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether c8:3a:35:cf:3b:b9 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.102/24 brd 192.168.1.255 scope global wlp0s3f1u4
valid_lft forever preferred_lft forever
inet6 fe80::ca3a:35ff:fecf:3bb9/64 scope link
valid_lft forever preferred_lft forever
Android on a Samsung Galaxy smart phone with the 802.11 wireless enabled. Notice that only interfaces #1, #11, #21, and #22 have IP adddresses assigned.
Android$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN
link/ether 8e:ec:ea:56:b7:41 brd ff:ff:ff:ff:ff:ff
3: rmnet0: <BROADCAST,MULTICAST> mtu 2000 qdisc noop state DOWN qlen 1000
link/ether 7a:ac:20:6b:aa:ce brd ff:ff:ff:ff:ff:ff
4: rmnet1: <BROADCAST,MULTICAST> mtu 2000 qdisc noop state DOWN qlen 1000
link/ether 7e:47:97:18:e5:29 brd ff:ff:ff:ff:ff:ff
5: rmnet2: <BROADCAST,MULTICAST> mtu 2000 qdisc noop state DOWN qlen 1000
link/ether 5a:2c:99:7d:29:e8 brd ff:ff:ff:ff:ff:ff
6: rmnet3: <BROADCAST,MULTICAST> mtu 2000 qdisc noop state DOWN qlen 1000
link/ether 22:00:f5:c2:f5:d5 brd ff:ff:ff:ff:ff:ff
7: rmnet4: <BROADCAST,MULTICAST> mtu 2000 qdisc noop state DOWN qlen 1000
link/ether 3a:bd:5b:f2:ed:9f brd ff:ff:ff:ff:ff:ff
8: rmnet5: <BROADCAST,MULTICAST> mtu 2000 qdisc noop state DOWN qlen 1000
link/ether da:ee:98:aa:0b:b7 brd ff:ff:ff:ff:ff:ff
9: rmnet6: <BROADCAST,MULTICAST> mtu 2000 qdisc noop state DOWN qlen 1000
link/ether 8a:68:0b:1b:fd:f0 brd ff:ff:ff:ff:ff:ff
10: rmnet7: <BROADCAST,MULTICAST> mtu 2000 qdisc noop state DOWN qlen 1000
link/ether 4a:16:9a:22:9c:59 brd ff:ff:ff:ff:ff:ff
11: rmnet_sdio0: <> mtu 1500 qdisc pfifo_fast state DOWN qlen 1000
link/[530]
inet 22.106.60.243/29 scope global rmnet_sdio0
12: rmnet_sdio1: <> mtu 2000 qdisc noop state DOWN qlen 1000
link/[530]
13: rmnet_sdio2: <> mtu 2000 qdisc noop state DOWN qlen 1000
link/[530]
14: rmnet_sdio3: <> mtu 2000 qdisc noop state DOWN qlen 1000
link/[530]
15: rmnet_sdio4: <> mtu 2000 qdisc noop state DOWN qlen 1000
link/[530]
16: rmnet_sdio5: <> mtu 2000 qdisc noop state DOWN qlen 1000
link/[530]
17: rmnet_sdio6: <> mtu 2000 qdisc noop state DOWN qlen 1000
link/[530]
18: rmnet_sdio7: <> mtu 2000 qdisc noop state DOWN qlen 1000
link/[530]
19: sit0: <NOARP> mtu 1480 qdisc noop state DOWN
link/sit 0.0.0.0 brd 0.0.0.0
20: ip6tnl0: <NOARP> mtu 1452 qdisc noop state DOWN
link/tunnel6 :: brd ::
21: p2p0: <NO-CARRIER,BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state DORMANT qlen 1000
link/ether 02:37:6d:a9:b9:35 brd ff:ff:ff:ff:ff:ff
inet6 fe80::37:6dff:fea9:b935/64 scope link
valid_lft forever preferred_lft forever
22: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:37:6d:a9:b9:35 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.100/24 brd 192.168.1.255 scope global wlan0
inet6 fe80::237:6dff:fea9:b935/64 scope link
valid_lft forever preferred_lft forever
Windows
ipconfig /all
C:\>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : WINXP
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : example.com
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Accelerated AMD PCNet Adapter
Physical Address. . . . . . . . . : 00-0C-29-A4-AE-C9
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.1.1.222
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.1.1.100
DNS Servers . . . . . . . . . . . : 10.1.1.100
Cisco
show ip config or show running-config or show protocols or show interfaces
router> show protocols Global values: Internet Protocol routing is enabled Ethernet0 is up, line protocol is up Internet address is 10.1.1.254/24 Ethernet1 is up, line protocol is up Internet address is 192.168.1.254/24 Serial0 is administratively down, line protocol is down Serial1 is administratively down, line protocol is down
Display traffic activity
The iftop command shows current traffic activity.
Here's what it looked like as I was downloading two Debian
ISO image files.
Each download is a TCP connection, with two lines in the
output.
This is on a Linux system, which prefers IPv6.
The only addresses resolving in this example are
my desktop and the web server at the Academic Computer Club,
Umeå University, in Sweden.
$ iftop
19.1Mb 38.1Mb 57.2Mb 76.3Mb 95.4Mb
└───────────────┴───────────────┴───────────────┴───────────────┴───────────────
desktop.kc9rg.org => chuangtzu.ftp.acc.umu.se 672Kb 672Kb 672Kb
<= 30.1Mb 30.1Mb 30.1Mb
desktop.kc9rg.org => chuangtzu.ftp.acc.umu.se 552Kb 552Kb 552Kb
<= 25.8Mb 25.8Mb 25.8Mb
desktop.kc9rg.org => 2a05:d018:2d6:c000:25f2:d 3.26Kb 3.26Kb 3.26Kb
<= 0b 0b 0b
desktop.kc9rg.org => desktop.kc9rg.org 896b 896b 896b
<= 0.98Kb 0.98Kb 0.98Kb
desktop.kc9rg.org => 2a05:d018:2d6:c000:25f2:d 1.63Kb 1.63Kb 1.63Kb
<= 0b 0b 0b
desktop.kc9rg.org => 2600:1f18:60f1:fe02:ed5a: 1.09Kb 1.09Kb 1.09Kb
<= 0b 0b 0b
desktop.kc9rg.org => 2a05:d018:2d6:c000:25f2:d 1.09Kb 1.09Kb 1.09Kb
<= 0b 0b 0b
desktop.kc9rg.org => 2a05:d014:bba:800:dfea:3d 556b 556b 556b
<= 0b 0b 0b
desktop.kc9rg.org => 2406:da14:18d:ae00:d1f9:c 556b 556b 556b
<= 0b 0b 0b
────────────────────────────────────────────────────────────────────────────────
TX: cum: 561KB peak: 1.21Mb rates: 1.21Mb 1.21Mb 1.21Mb
RX: 27.5MB 55.9Mb 55.9Mb 55.9Mb 55.9Mb
TOTAL: 28.0MB 57.1Mb 57.1Mb 57.1Mb 57.1Mb
Add the -P option to also get port numbers or service names.
Display the current routing table
Traditional Linux, Unix, OS X, and Windows
netstat -nr
Output from the same Linux machine with the specified IP addresses:
eth0 24.1.80.103/23
2001:1800:1234:90::1/64 Scope:Global
fe80::6e62:6dff:feb2:f841/64 Scope:Link
eth1 10.1.1.100/24
eth1:0 10.1.0.100/24
eth1:1 10.1.0.254/24
wlp0s3f1u4 192.168.1.102/24
Linux$ netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 24.1.80.1 0.0.0.0 UG 0 0 0 eth0
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
10.1.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
10.1.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
24.1.80.0 0.0.0.0 255.255.254.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 wlp0s3f1u4
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 wlp0s3f1u4
Linux$ netstat -nr -A inet6
Kernel IPv6 routing table
Destination Next Hop Flags Metric Ref Use Iface
fe80::/64 :: U 256 0 0 eth0
2001:1800:1234:90::/64 :: U 256 0 0 eth1
fe80::/64 :: U 256 0 0 eth1
::1/128 :: U 0 76 1 lo
2001:1800:1234:90::/128 :: U 0 0 1 lo
2001:1800:1234:90::1/128 :: U 0 0 1 lo
fe80::/128 :: U 0 0 1 lo
fe80::/128 :: U 0 0 1 lo
fe80::211:95ff:fe1e:8eb6/128 :: U 0 0 1 lo
fe80::6e62:6dff:feb2:f841/128 :: U 0 0 1 lo
ff00::/8 :: U 256 0 0 eth0
ff00::/8 :: U 256 0 0 eth1
Flags:
U = Up
G = Gateway
The IPv6 routing table prints much wider, as there is enough room in the "Destination" and "Next Hop" columns for a full IPv6 address. One line is listed for each IPv6 neighbor on the network, the neighbor's IPv6 address/128 as the destination and its IPv6 address as the next hop.
Add -f inet to see IPv4 only on BSD and OS X,
otherwise you see voluminous IPv6 routing information:
BSD/macOS$ netstat -nr Routing tables Internet: Destination Gateway Flags Refs Use Mtu Prio Iface default 10.1.1.100 UGS 4 170 - 8 re0 224/4 127.0.0.1 URS 0 0 32768 8 lo0 10.1.1/24 10.1.1.230 UC 1 8 - 4 re0 10.1.1.100 00:13:3b:12:6f:a9 UHLc 3 350 - 4 re0 10.1.1.230 2c:27:d7:c5:d3:7b UHLl 0 404 - 1 re0 10.1.1.255 10.1.1.230 UHb 0 0 - 1 re0 127/8 127.0.0.1 UGRS 0 0 32768 8 lo0 127.0.0.1 127.0.0.1 UHl 9 252210 32768 1 lo0 Internet6: Destination Gateway Flags Refs Use Mtu Prio Iface default fe80::213:3bff:fe12:6fa9%re0 UG 0 3 - 56 re0 ::/96 ::1 UGRS 0 0 32768 8 lo0 ::/104 ::1 UGRS 0 0 32768 8 lo0 ::1 ::1 UHl 14 20 32768 1 lo0 ::127.0.0.0/104 ::1 UGRS 0 0 32768 8 lo0 ::224.0.0.0/100 ::1 UGRS 0 0 32768 8 lo0 ::255.0.0.0/104 ::1 UGRS 0 0 32768 8 lo0 ::ffff:0.0.0.0/96 ::1 UGRS 0 0 32768 8 lo0 2002::/24 ::1 UGRS 0 0 32768 8 lo0 2002:7f00::/24 ::1 UGRS 0 0 32768 8 lo0 2002:e000::/20 ::1 UGRS 0 0 32768 8 lo0 2002:ff00::/24 ::1 UGRS 0 0 32768 8 lo0 fc00::/64 fc00::2e27:d7ff:fec5:d37b UC 0 1 - 4 re0 fc00::283d:474b:71ad:54a3 2c:27:d7:c5:d3:7b UHLl 0 0 - 1 re0 fc00::2e27:d7ff:fec5:d37b 2c:27:d7:c5:d3:7b UHLl 0 0 - 1 re0 fc00::3ca5:5b5a:4177:530c 2c:27:d7:c5:d3:7b UHLl 0 0 - 1 re0 fe80::/10 ::1 UGRS 0 1 32768 8 lo0 fec0::/10 ::1 UGRS 0 0 32768 8 lo0 fe80::%re0/64 fe80::2e27:d7ff:fec5:d37b%re0 UC 1 1 - 4 re0 fe80::213:3bff:fe12:6fa9%re0 00:13:3b:12:6f:a9 UHLc 1 1833 - 4 re0 fe80::2e27:d7ff:fec5:d37b%re0 2c:27:d7:c5:d3:7b UHLl 0 2 - 1 re0 fe80::1%lo0 fe80::1%lo0 UHl 0 0 32768 1 lo0 ff01::/16 ::1 UGRS 0 1 32768 8 lo0 ff01::%re0/32 fe80::2e27:d7ff:fec5:d37b%re0 Um 0 3 - 4 re0 ff01::%lo0/32 ::1 Um 0 1 32768 4 lo0 ff02::/16 ::1 UGRS 0 1 32768 8 lo0 ff02::%re0/32 fe80::2e27:d7ff:fec5:d37b%re0 Um 0 3 - 4 re0 ff02::%lo0/32 ::1 Um 0 1 32768 4 lo0
Flags:
U = Up
G = Gateway
S = Static, e.g., default route added at boot time
H = Host-specific
C = Generate new (host-specific) routes on use
L = Valid link-layer (MAC) address
c = Cloned route
R = Reject route, known but unreachable route
Solaris
solaris$ netstat -nr Routing Table: IPv4 Destination Gateway Flags Ref Use Interface -------------------- -------------------- ----- ----- ---------- --------- default 10.1.2.1 UG 1 20274 10.1.2.0 10.1.2.72 U 1 9 ce0 224.0.0.0 10.1.2.72 U 1 0 ce0 127.0.0.1 127.0.0.1 UH 13 902628 lo0 Routing Table: IPv6 Destination/Mask Gateway Flags Ref Use If --------------------------- --------------------------- ----- --- ------- ----- fe80::/10 fe80::203:baff:fe09:3d51 U 1 0 ce0 ff00::/8 fe80::203:baff:fe09:3d51 U 1 0 ce0 ::1 ::1 UH 4 11 lo0
Flags:
U = Up
G = Gateway
H = Host-specific
Windows
netstat -nr
C:\>netstat -nr
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 0c 29 a4 ae c9 ...... AMD PCNET Family PCI Ethernet Adapter
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.1.1.100 10.1.1.222 10
10.1.1.0 255.255.255.0 10.1.1.222 10.1.1.222 10
10.1.1.222 255.255.255.255 127.0.0.1 127.0.0.1 10
10.255.255.255 255.255.255.255 10.1.1.222 10.1.1.222 10
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
224.0.0.0 240.0.0.0 10.1.1.222 10.1.1.222 10
255.255.255.255 255.255.255.255 10.1.1.222 10.1.1.222 1
Default Gateway: 10.1.1.100
===========================================================================
Persistent Routes:
None
Route Table
Iproute2 on Linux and Android
ip route
Linux with two wired Ethernet interfaces and one wireless LAN interface:
Linux$ ip route default via 73.168.26.1 dev p7p1 metric 5 10.1.1.0/24 dev p3p1 proto kernel scope link src 10.1.1.100 73.168.26.0/23 dev p7p1 proto kernel scope link src 73.168.26.16 metric 5 169.254.0.0/16 dev p7p1 scope link metric 5 169.254.0.0/16 dev wlp10s0u1 scope link metric 35 169.254.0.0/16 dev p3p1 scope link metric 1002 192.168.1.0/24 dev wlp10s0u1 proto kernel scope link src 192.168.1.101 metric 35 Linux:xena:~ % ip -6 route unreachable ::/96 dev lo metric 1024 error -113 pref medium unreachable ::ffff:0.0.0.0/96 dev lo metric 1024 error -113 pref medium 2001:558:600d:16::/64 dev p7p1 proto kernel metric 256 pref medium unreachable 2002:a00::/24 dev lo metric 1024 error -113 pref medium unreachable 2002:7f00::/24 dev lo metric 1024 error -113 pref medium unreachable 2002:a9fe::/32 dev lo metric 1024 error -113 pref medium unreachable 2002:ac10::/28 dev lo metric 1024 error -113 pref medium unreachable 2002:c0a8::/32 dev lo metric 1024 error -113 pref medium unreachable 2002:e000::/19 dev lo metric 1024 error -113 pref medium unreachable 3ffe:ffff::/32 dev lo metric 1024 error -113 pref medium fe80::/64 dev wlp10s0u1 proto kernel metric 256 pref medium fe80::/64 dev p3p1 proto kernel metric 256 pref medium fe80::/64 dev p7p1 proto kernel metric 256 pref medium default via fe80::201:5cff:fe79:1446 dev p7p1 metric 1024 pref medium
Android on a Samsung Galaxy smart phone with the 802.11 wireless enabled:
Android$ ip route default via 192.168.1.1 dev wlan0 192.168.1.0/24 dev wlan0 scope link 192.168.1.0/24 dev wlan0 proto kernel scope link src 192.168.1.100 192.168.1.1 dev wlan0 scope link Android$ ip -6 route fe80::/64 dev p2p0 proto kernel metric 256 fe80::/64 dev wlan0 proto kernel metric 256
Cisco
show ip route
router> show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
U - per-user static route, o - ODR
Gateway of last resort is 10.1.1.100 to network 0.0.0.0
10.0.0.0/24 is subnetted, 1 subnets
C 10.1.1.0 is directly connected, Ethernet0
C 192.168.1.0/24 is directly connected, Ethernet1
S* 0.0.0.0/0 [1/0] via 10.1.1.100
See the page "How Routing Works" for an explanation of IP routing and example output.
Interactive Changes to the IP Configuration
On Linux and BSD,
you can assign an IP address and netmask interactively.
You will need to know the correct device name,
but ifconfig -a or ip addr
will show you the list.
Use the LAN oriented commands above if you need to figure out which of two Ethernet interfaces you're using.
Use ifconfig on traditional Linux and BSD,
ip on Linux with Iproute2.
Then just do something like this:
BSD: # ifconfig eth0 192.168.250.219/24 Linux: # ifconfig eth0 192.168.250.219/24 Iproute2: # ip addr add 192.168.250.219/24 dev eth0
To add an IPv6 address on Linux and BSD:
BSD: # ifconfig re0 inet6 2001:1800:1234:90::1/64 Linux: # ifconfig eth0 add 2001:1800:1234:90::1/64 Iproute2: # ip -6 addr add 2001:1800:1234:90::1/64 dev eth0
Then add the default route with something like this:
BSD: # route add default 192.168.250.254 Linux: # route add default gw 192.168.250.254 Iproute2: # ip route replace default via 192.168.250.254
Permanent Changes to the IP Configuration
On FreeBSD, configure the interface in
/etc/rc.conf:
$ more /etc/rc.conf [...] hostname="freebsd" ifconfig_ue0="inet 10.1.1.235/24" defaultrouter="10.1.1.100" ipv6_prefix_ue0="fc00:0:0:0" ipv6_defaultrouter="fc00::213:3bff:fe12:6fa9" sshd_enable [...]
On most Linux distributions,
configure the interface in
/etc/sysconfig/network-scripts/ifcfg-name
and the default gateway in
/etc/sysconfig/network:
$ cat /etc/sysconfig/network-scripts/ifcfg-p3p1 DEVICE=p3p1 BOOTPROTO=static IPADDR=192.168.250.219## Always include the NETMASK field. Red Hat Enterprise Linux 6## leaves this out. It includes a PREFIX field, which does get## the netmask correctly set, but their boot scripts then## miscalculate the broadcast address!NETMASK=255.255.255.0## Always comment out the unneeded BROADCAST and NETWORK entries## added by Red Hat's installation tools! If you leave them in,## and later you make manual changes that are the least bit## contradictory, strange problems will occur!# BROADCAST=192.168.250.255# NETWORK=192.168.250.0## Also comment out the unneeded HWADDR entry added by Red Hat's## installation tool! If you leave it in, and then change your## Ethernet card, your networking will mysteriously fail.# HWADDR=00:03:47:76:23:F8## If you want IPv6:IPV6INIT=yes IPV6ADDR=2001:1800:1234:90::1/64 $ cat /etc/sysconfig/network HOSTNAME=whatever.example.com NETWORKING=yes GATEWAY=192.168.250.254 NETWORKING_IPV6=yes IPV6FORWARDING=yes
For channel bonding,
configure a bond interface in
ifcfg-bondN
and then configure network interfaces to be bound together.
Here we bind p3p1 and p7p1 to be
bond0 and configure its IP.
The bonding options specify
MII link monitoring at 100 millisecond interval and
Active Load Balancing policy for fault tolerance and
load balancing, with transmit and receive load
balancing for IPv4.
$ cat /etc/sysconfig/network-scripts/ifcfg-bond0 DEVICE=bond0 IPADDR=10.1.2.3 NETMASK=255.255.255.0 ONBOOT=yes BOOTPROTO=static BONDING_OPTS="miimon=100 mode=balance-alb" $ cat /etc/sysconfig/network-scripts/ifcfg-p3p1 DEVICE=p3p1 MASTER=bond0 SLAVE=yes ONBOOT=yes BOOTPROTO=none $ cat /etc/sysconfig/network-scripts/ifcfg-p7p1 DEVICE=p7p1 MASTER=bond0 SLAVE=yes ONBOOT=yes BOOTPROTO=none
On Debian/Ubuntu Linux,
configure the interface
and default gateway in
/etc/network/interfaces.
Here is a simple one:
$ cat interfaces auto lo iface lo inet loopback iface eth0 inet static address 192.168.250.219 netmask 255.255.255.0 gateway 192.168.250.1 auto eth0
For more details on IPv6, 802.11i/WPA2 security and more, see my page on on networking with the Raspberry Pi and its Debian/Ubuntu derived distribution.
Use traceroute
to trace the hop-by-hop route to a destination
| Linux, Unix and OS X | traceroute 35.203.182.32
or traceroute cromwell-intl.com
|
| Windows | tracert 35.203.182.32
or tracert cromwell-intl.com
|
| Cisco | trace
You will then be asked to enter the target IP address. |
The output will resemble something like the following, with one line per router along the way, and three probes to each router. The tool works by sending packets with a TTL or Time-To-Live of just one hop. The first router they reach is obligated to drop those packets, and we expect it to send back an ICMP packet reporting this. The tool does the timing and tries to look up a domain name corresponding to the router reporting the errors. Then it repeats the process with a TTL of 2 hops, then 3, increasing until it receives a reply from the target, or the TTL reaches 30 hops, more than enough to get to the other side of the world.
Note that many web servers today silently drop traceroute
probes.
In that case you will see the trace to the last router
and dropped packets (stars) beyond that.
Use tcptraceroute to trace the route for a
specific TCP port.
Also remember that most organizations pay a company to host their web server at an entirely different point in the Internet topology than their main operation. And, with CDN or Content Delivery Network operations like Akamai, prominent web sites are frequently hosted on several mirrors all around the world and you will be directed to the closest one.
Finally, slightly inconsistent DNS configurations may makes things a little more confusing.
Here is an example. I was staying at a hostel in Fukuoka, Japan, when I updated this page. I asked for a trace to the Purdue Federal Credit Union in Indiana. I explicitly asked for the IP addresses to be converted back to fully-qualified domain names. Depending on your version of the tool, it may provide nothing but IP addresses by default.
This example shows some of the potential DNS oddities.
The name www.purduefed.com is an alias,
the canonical name is simply purduefed.com.
Then, the hosting company has not changed the PTR record
mapping back from IP address to name.
It used to do business as Purdue Employees
Federal Credit Union, using the domain
purdueefcu.com.
$ traceroute --resolve-hostnames www.purduefed.com traceroute to purduefed.com (72.12.218.18), 64 hops max 1 192.168.11.1 8.789 ms 5.242 ms 2.219 ms 2 r081.fkoknt01.ap.so-net.ne.jp (218.221.253.61) 11.886 ms 18.253 ms 9.495 ms 3 tn02gi6.fkoknt01.ap.so-net.ne.jp (210.132.216.89) 6.779 ms 7.018 ms 8.796 ms 4 note-13Vl638.net.so-net.ne.jp (202.223.119.213) 27.055 ms 54.929 ms 46.687 ms 5 202.213.194.61 23.846 ms 32.668 ms 27.771 ms 6 202.213.194.33 26.746 ms 31.092 ms 25.822 ms 7 ae-4.a01.tokyjp05.jp.bb.gin.ntt.net (120.88.53.9) 24.472 ms 29.946 ms 91.634 ms 8 ae-24.r03.tokyjp05.jp.bb.gin.ntt.net (129.250.6.83) 27.009 ms 32.079 ms 26.424 ms 9 * * * 10 ae-12-12.car1.Louisville1.Level3.net (4.69.140.213) 191.316 ms 430.565 ms 395.326 ms 11 WINTEK-CORP.car1.Louisville1.Level3.net (4.59.184.106) 392.432 ms 220.610 ms 203.536 ms 12 72.12.218.10 214.017 ms 374.270 ms 343.802 ms 13 www.purdueefcu.com (72.12.218.18) [open] 462.688 ms 263.595 ms 399.409 ms
Hop #1 is the wireless access point in the hostel.
Hops #2-4 are across the so-net.ne.jp
network in Japan.
Hops #5 and 6 are routers in the 202.213.194.0/24 network.
That network also belongs to so-net.ne.jp,
but they have not set up pointer records and we only
see IP addresses, not names.
You can look up address ownership with the
whois command.
Hops #7 and 8 are across ntt.net,
a major network provider in Japan.
Hop #9 timed out all three times. That router dropped the timed-out packets, but it did not return ICMP error reports for that. Later steps returned results, so this router was not responding as expected although it could successfully forward packets.
Hops #10 and 11 are across level3.net routers,
a major world-wide provider.
The round-trip times generally increase, but look how much
larger they are for hop #10.
The router at hop #8 was in Japan, then hop #10 was
in the U.S.
Hop #12 is another router whose name doesn't resolve back to a name. The 72.12.192.0/192 range (that is, 72.12.192.0 through 72.12.223.255) belongs to Wintek, a network provider in Lafayette, Indiana.
Hop #13 is the destination.
Other than the three sent to hop #9, all the individual packets returned ICMP reports. Sometimes just 1 or 2 packets will time out, and you see "*" instead of a time.
Sometimes you will notice that every packet is routed individually. The 3 packets sent with a given TTL may take different routes, leading to 2 or 3 hostnames or IP addresses reported on the corresponding line.
Use ping6
and traceroute6
to test connectivity over IPv6.
Most operating systems implement traceroute
and traceroute6 correctly, sending
packets to a randomly chosen UDP port.
They expect the target to reply with an ICMP error reporting
that no service is using that port.
The Windows version, tracert, inappropriately
sends ICMP packets.
Routers aren't supposed to report ICMP timeouts with more ICMP
packets, as that could turn into an endless feedback loop.
But with so many people using Windows,
many routers make an exception.
Many, but not all.
If you use tracert on Windows,
you may get less information.
Rack of Cisco routers. Most are 3600 series routers, the brown one near the bottom is a 2500 series. The network connections are on the opposite side, the single cable to each router is a connection to its console port.
UDP/TCP Information (OSI Layer 4)
Display all TCP connections, listening ports and service states
Click here
to see several
detailed examples of
netstat -a output
and the corresponding
Cisco output.
| Linux, Unix, Android, and OS X | netstat -aNote — check the manual page for your version of netstat to find
the option to only show TCP/IP and
leave out the possibly voluminous
Linux/Unix domain socket information.
It's probably
-f inet
or
-A inet,
and
-f inet6
or
-A inet6
if you're running IPv6.
|
| Iproute2 on Linux |
ss -aHowever, on Android stick with netstat -a
|
| Windows | netstat -a |
| Cisco | show tcp brief show tcp
|
Use tcptraceroute to test TCP connectivity.
General Information
Display TCP/IP statistics (or counters)
Click here
to see several
detailed examples of
netstat -s output
and the corresponding
Cisco output.
| Linux, Unix and OS X | netstat -s |
| Windows | netstat -s |
| Cisco | show interfaces
show ip traffic
show tcp statistics
|