Network Configuration Commands

Category: Network Tools and Commands
Type: Network Tools & Commands
Generated on: 2025-07-10 09:17:25
For: Network Engineering, Administration & Technical Interviews

---

Network Configuration Commands Cheatsheet

This cheat sheet provides a quick reference for common network configuration and diagnostic commands used in production network environments. It covers Linux, Windows, and macOS.

Tool	Description	Use Cases
ip / ifconfig	Configure and display network interfaces. ip is the modern replacement for ifconfig on Linux.	Assigning IP addresses, setting interface state (up/down), viewing interface statistics.
ping	Test network connectivity to a host.	Verifying network reachability, measuring round-trip time (RTT).
traceroute / tracert	Trace the path taken by packets to a destination.	Identifying network bottlenecks, diagnosing routing problems.
netstat	Display network connections, routing tables, interface statistics.	Monitoring active connections, identifying listening ports, troubleshooting network performance. Replaced by ss on modern Linux systems.
ss	Display socket statistics. A modern replacement for netstat on Linux.	Same as netstat, but often faster and provides more detailed socket information.
nslookup / dig	Query Domain Name System (DNS) servers.	Resolving hostnames to IP addresses, troubleshooting DNS issues.
route	Display and manipulate the IP routing table.	Adding or deleting routes, configuring default gateways.
tcpdump / Wireshark	Capture and analyze network traffic.	Troubleshooting network protocols, diagnosing security issues, analyzing application performance. tcpdump is command-line, Wireshark is GUI.
iptables / firewall-cmd / netsh advfirewall	Configure firewall rules.	Controlling network access, implementing security policies.
ifconfig (deprecated - use ip)	Display and configure network interfaces (legacy).	Similar to ip, but older and less feature-rich.
ipconfig	Display and configure network interfaces (Windows).	Similar to ifconfig / ip, used to manage network settings on Windows systems.

ip (Linux)

ip [OPTIONS] OBJECT {COMMAND | help}

• OBJECT: addr, link, route, etc.
• COMMAND: show, add, del, etc.

ifconfig (Linux/macOS)

ifconfig [interface] [options]

ping (Linux/macOS/Windows)

ping [options] hostname/IP

traceroute (Linux/macOS) / tracert (Windows)

traceroute [options] hostname/IP
tracert [options] hostname/IP

netstat (Linux/macOS/Windows)

netstat [options]

ss (Linux)

ss [options] [FILTER]

nslookup (Linux/macOS/Windows) / dig (Linux/macOS)

nslookup hostname/IP [server]
dig [options] hostname/IP [server]

route (Linux/macOS/Windows)

route [add|del] [-net|-host] target [netmask] [gw gateway] [metric metric] [[dev] iface]

tcpdump (Linux/macOS)

tcpdump [options] [expression]

iptables (Linux)

iptables -[ACDI] chain rule-specification [options]

firewall-cmd (Linux - RHEL/CentOS/Fedora)

firewall-cmd [options]

netsh advfirewall (Windows)

netsh advfirewall firewall [command]

ipconfig (Windows)

ipconfig [options]

Interface Configuration

Linux (using ip)

# Show all interfaces
ip addr show

# Bring interface eth0 up
sudo ip link set dev eth0 up

# Assign IP address 192.168.1.10/24 to eth0
sudo ip addr add 192.168.1.10/24 dev eth0

# Set default gateway
sudo ip route add default via 192.168.1.1

Linux (using ifconfig - legacy)

# Show eth0 interface config
ifconfig eth0

# Assign IP address 192.168.1.10/24 to eth0 (and bring it up)
sudo ifconfig eth0 192.168.1.10 netmask 255.255.255.0 up

# Bring eth0 down
sudo ifconfig eth0 down

Windows

# Show all interfaces
ipconfig /all

# Renew IP address for Ethernet adapter
ipconfig /renew Ethernet

Connectivity Testing

# Ping Google's DNS server
ping 8.8.8.8

# Expected output (example):
# PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
# 64 bytes from 8.8.8.8: icmp_seq=1 ttl=118 time=14.2 ms
# 64 bytes from 8.8.8.8: icmp_seq=2 ttl=118 time=14.0 ms
# ...

Route Tracing

# Trace route to google.com
traceroute google.com

#Windows version
tracert google.com

# Expected output (example):
#  1  192.168.1.1 (192.168.1.1)  1.234 ms  1.345 ms  1.456 ms
#  2  10.0.0.1 (10.0.0.1)  5.678 ms  6.789 ms  7.890 ms
# ...

Network Statistics

# Show all listening ports (Linux)
ss -lnt

# Show all active TCP connections (Linux)
ss -nt

# Show all network connections (Linux/macOS)
netstat -an | grep LISTEN
netstat -an | grep ESTABLISHED

# Show all network connections (Windows)
netstat -an | findstr "LISTENING"
netstat -an | findstr "ESTABLISHED"

DNS Resolution

# Resolve google.com
nslookup google.com

# Using dig (more detailed)
dig google.com

# Using specific DNS server
nslookup google.com 8.8.8.8
dig @8.8.8.8 google.com

Routing Table

# Show routing table (Linux/macOS)
route -n
ip route show

# Show routing table (Windows)
route print

Packet Capture

# Capture traffic on interface eth0 and save to file
sudo tcpdump -i eth0 -w capture.pcap

# Capture HTTP traffic on port 80
sudo tcpdump -i eth0 port 80

# Analyze a capture file using Wireshark (GUI)
wireshark capture.pcap

Firewall Configuration (Linux - iptables)

# Allow SSH traffic (port 22)
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT

# Block all traffic from a specific IP address
sudo iptables -A INPUT -s 192.168.1.100 -j DROP

# Save iptables rules (Debian/Ubuntu)
sudo iptables-save > /etc/iptables/rules.v4
# Restore
sudo iptables-restore < /etc/iptables/rules.v4

Firewall Configuration (Linux - firewall-cmd)

# Open port 80 for HTTP traffic
sudo firewall-cmd --add-port=80/tcp --permanent
sudo firewall-cmd --reload

# Allow SSH service
sudo firewall-cmd --add-service=ssh --permanent
sudo firewall-cmd --reload

# List all open ports
sudo firewall-cmd --list-all

Firewall Configuration (Windows)

# Allow inbound traffic on port 80
netsh advfirewall firewall add rule name="Allow HTTP" dir=in action=allow protocol=TCP localport=80

# Block outbound traffic to a specific IP address
netsh advfirewall firewall add rule name="Block Outbound" dir=out action=block remoteip=192.168.1.100

Tool	Option(s)	Description
ip	-c	Colored output.
ifconfig	up, down	Activate/Deactivate interface.
ping	-c count, -t (Windows), -i interval	Send count number of pings. -t pings continuously (Windows). -i set interval.
traceroute/tracert	-m max_hops, -w timeout	Set maximum hops, set timeout.
netstat	-a, -n, -t, -u, -l, -p	All connections, numeric addresses, TCP, UDP, listening, process name/PID.
ss	-l, -t, -u, -n, -p, -o state [TCP-STATE]	Listening, TCP, UDP, numeric, process, and connection states (e.g., -o state established)
nslookup	[server]	Specify DNS server.
dig	+trace, @server, +short	Trace DNS resolution path, specify DNS server, short output.
route	-n, add, del, -net, -host, gw	Numeric addresses, add/delete route, network/host route, gateway.
tcpdump	-i interface, -w file, -r file, -n, -v, expression	Interface, write to file, read from file, no DNS resolution, verbose, filter expression.
iptables	-A, -D, -I, -L, -p, --dport, --sport, -j	Append, Delete, Insert rule, List rules, protocol, destination port, source port, jump to target.
firewall-cmd	--add-port, --remove-port, --add-service, --remove-service, --permanent, --reload, --list-all	Add/remove port, add/remove service, make permanent, reload firewall, list all settings.
netsh advfirewall	add rule, delete rule, dir, action, protocol, localport, remoteip	Add/delete rule, direction (in/out), action (allow/block), protocol, local port, remote IP.
ipconfig	/all, /release, /renew, /flushdns	Detailed information, release IP address, renew IP address, flush DNS cache.

Linux ip command advanced

# Show IP addresses with labels
ip -c address show
# Show routing table information with label
ip -c route show

# Create a virtual ethernet pair
sudo ip link add veth0 type veth peer name veth1
sudo ip link set veth0 up
sudo ip link set veth1 up

# Assign IPs to veth pairs and set them in different net namespaces (advanced networking)
sudo ip netns add ns1
sudo ip link set veth0 netns ns1
sudo ip netns exec ns1 ip addr add 10.1.1.1/24 dev veth0
sudo ip netns exec ns1 ip link set veth0 up
sudo ip addr add 10.1.1.2/24 dev veth1
sudo ip link set veth1 up

tcpdump advanced filtering

# Capture packets to or from a specific network
sudo tcpdump -i eth0 net 192.168.1.0/24

# Capture packets larger than a specific size (e.g., 1500 bytes)
sudo tcpdump -i eth0 greater 1500

# Capture packets with a specific TCP flag set (e.g., SYN flag)
sudo tcpdump -i eth0 'tcp[tcpflags] & tcp-syn != 0'

#Capture traffic using BPF (Berkeley Packet Filter)
sudo tcpdump -i eth0 "host 192.168.1.1 and port 80"

#Analyze previously captured file
tcpdump -r capture.pcap

iptables advanced rules

# Redirect port 80 to port 8080
sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080

# Implement rate limiting to prevent DoS attacks
sudo iptables -A INPUT -p tcp --syn -m limit --limit 1/s --limit-burst 1 -j ACCEPT
sudo iptables -A INPUT -j DROP

# Match a specific MAC address
sudo iptables -A INPUT -m mac --mac-source 00:11:22:33:44:55 -j DROP

# Logging packets before dropping
sudo iptables -A INPUT -j LOG --log-prefix "IPTABLES DROP: "
sudo iptables -A INPUT -j DROP

Combine commands

# List all IP addresses using netstat and filter out unwanted lines
netstat -ntpl | grep LISTEN | awk '{print $4}'

# Find the process listening on port 80
ss -lntp | grep ":80"

# Trace the route and save it to a file
traceroute google.com > google_route.txt

Problem	Solution	Commands
Cannot reach host	Verify network connectivity, DNS resolution, firewall rules.	ping, traceroute, nslookup, iptables -L, firewall-cmd --list-all, netsh advfirewall firewall show rule name=all
Slow network performance	Identify bottlenecks using traceroute, analyze network traffic using tcpdump, check interface statistics.	traceroute, tcpdump, netstat -i, ss -s, ethtool (Linux), ipconfig /all (Windows), performance monitoring tools.
DNS resolution issues	Verify DNS server settings, flush DNS cache, check DNS server availability.	nslookup, dig, ipconfig /displaydns (Windows), ipconfig /flushdns (Windows), check /etc/resolv.conf (Linux), check Network preferences (macOS)
Port not listening	Verify application is running and listening on the correct port, check firewall rules.	netstat -an, ss -lntp, iptables -L, firewall-cmd --list-all, netsh advfirewall firewall show rule name=all
High network traffic	Identify the source of the traffic using tcpdump, analyze captured traffic using Wireshark.	tcpdump, Wireshark, network monitoring tools.
Incorrect IP Address	Check interface configurations. Update with ip, ifconfig or ipconfig.	ip addr show, ifconfig, ipconfig /all
Routing Issues	Verify the route table is correct and routing traffic as expected	route -n, ip route show, route print
Connection Reset	Check the TCP connection state with ss and verify that the server hasn’t closed the connections because of timeout or resource limitations.	ss -o state established
Firewall Blocking Traffic	Review firewall rules to make sure that the required ports and protocols are allowed.	iptables -L, firewall-cmd --list-all, netsh advfirewall firewall show rule name=all
MTU Size issues	Verify that MTU configuration is correct across all the devices in the network. If there is mismatch, the MTU is likely to become blackholed and unable to pass large sized packets.	ip link show (Linux), netsh interface ipv4 show subinterfaces (Windows)

• ping: Successful pings indicate network reachability. High RTT indicates potential network latency. Packet loss indicates network congestion or other issues.

• traceroute: Shows the path taken by packets. * indicates a dropped packet or a timeout. High RTT at a specific hop indicates a bottleneck.

• netstat / ss: LISTEN state indicates a server is listening for connections. ESTABLISHED state indicates an active connection. TIME_WAIT state indicates a connection that is closing.

• nslookup / dig: Shows the IP address associated with a hostname. NXDOMAIN indicates the hostname does not exist. SERVFAIL indicates a DNS server failure.

• tcpdump: Displays the raw packets. Requires understanding of network protocols to interpret. Use Wireshark for a more user-friendly analysis.

• iptables / firewall-cmd / netsh advfirewall: Lists the firewall rules. Understand the order of the rules and the effect of each rule.

• ifconfig/ipconfig: Displays the network interfaces with their assigned IP and MAC addresses.

• tcpdump: Sensitive data (e.g., passwords) may be captured in plain text if not using encryption (HTTPS). Store captured files securely. Limit capture duration and size.

• iptables / firewall-cmd / netsh advfirewall: Incorrectly configured firewall rules can lock you out of the system or expose the system to security risks. Test rules thoroughly before implementing them in production. Use the principle of least privilege.

• route: Incorrect routing table entries can disrupt network connectivity. Carefully plan and test route changes.

• Remote Access: Ensure remote access tools such as SSH are hardened and access is only granted with the least privilege level.

• Regular Audits: Periodically review and audit network configurations for any vulnerabilities or misconfigurations.

• Secure Passwords: Enforce strong passwords and multi-factor authentication where possible.

Command	Linux	Windows	macOS	Notes
Interface Configuration	ip, ifconfig	ipconfig, netsh interface	ifconfig	ip is the modern replacement for ifconfig on Linux. Windows uses ipconfig.
Traceroute	traceroute	tracert	traceroute
Network Statistics	netstat, ss	netstat	netstat	ss is the modern replacement for netstat on Linux.
DNS Resolution	nslookup, dig	nslookup	nslookup, dig
Firewall	iptables, firewall-cmd, nftables	netsh advfirewall firewall	pfctl (Packet Filter)	Linux has various firewalls. Windows uses netsh. macOS uses Packet Filter.
Routing	route, ip route	route	route

This cheatsheet is designed to be a quick reference. Always consult the manual pages (man command) or online documentation for detailed information and advanced usage. Use caution when executing network-impacting commands in a production environment.