• Resolve a name via nsswitch
    getent hosts <host name>
  • CloudShark: Sharing network traces


  • ethtool - Usage
    ethtool eth0                       # Print general info on eth0
    ethtool -i eth0                    # Print kernel module info
    ethtool -S eth0                    # Print eth0 traffic statistics
    ethtool -a eth0                    # Print RX, TX and auto-negotiation settings
    # Changing NIC settings...
    ethtool -s eth0 speed 100
    ethtool -s eth0 autoneg off
    ethtool -s eth0 duplex full
    ethtool -s eth0 wol g               # Turn on wake-on-LAN
    Do not forget to make changes permanent in e.g. /etc/network/interfaces.
  • miitool - Show Link Infos
    # mii-tool -v
    eth0: negotiated 100baseTx-FD flow-control, link ok
      product info: vendor 00:07:32, model 17 rev 4
      basic mode:   autonegotiation enabled
      basic status: autonegotiation complete, link ok
      capabilities: 1000baseT-HD 1000baseT-FD 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
      advertising:  100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control
      link partner: 1000baseT-HD 1000baseT-FD 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control
  • Enable Jumbo Frames
    ifconfig eth1 mtu 9000
  • ipsets - Using IP sets for simpler iptables rules
    ipset create smtpblocks hash:net counters
    ipset add smtpblocks
    ipset add smtpblocks
    iptables -A INPUT -p tcp --dport 25 -m set --match-set smtpblocks src -j DROP
  • iptables - Loopback Routing:
    iptables -t nat -A POSTROUTING -d <internal web server IP> -s <internal network address> -p tcp --dport 80 -j SNAT --to-source <external web server IP>
  • NFS - Tuning Secrets: SGI Slides on NFS Performance


  • Black Hole Route: To block IPs create route on loopback
    route add -net gw lo   # for a subnet
    route add gw lo   # for a single IP
  • Quick Access Log IP Top List
    tail -100000 access.log | awk '{print $1}' | sort | uniq -c |sort -nr|head -25
  • Find out if IP is used before configuring it
    arping <IP>
  • Traceroute with AS and network name lookup
    lft -AN
  • Manually lookup AS
  • Tracks DNS changes


  • vnstat - Short term measurement bytes/packets min/avg/max:
    vnstat -l      # Live listing until Ctrl-C and summary
    vnstat -tr     # 5s automatic traffic sample
  • vnstat - Long term statistics:
    vnstat -h      # last hours (including ASCII graph)
    vnstat -d      # last days
    vnstat -w      # last weeks
    vnstat -m     # last months
    vnstat -t       # top 10 days


  • nmap commands
    # Network scan
    nmap -sP
    # Host scan
    nmap <ip>
    nmap -F <ip>      # fast
    nmap -O <ip>     # detect OS
    nmap -sV <ip>     # detect services and versions
    nmap -sU <ip>     # detect UDP services
    # Alternative host discovery
    nmap -PS <ip>     # TCP SYN scan
    nmap -PA <ip>     # TCP ACK scan
    nmap -PO <ip>     # IP ping
    nmap -PU <ip>     # UDP ping
    # Alternative service discovery
    nmap -sS <ip>      
    nmap -sT <ip>
    nmap -sA <ip>
    nmap -sW <ip>
    # Checking firewalls
    nmap -sN <ip>
    nmap -sF <ip>
    nmap -sX <ip>


  • X-Trace - Multi-protocol tracing framework
  • iptraf - Real-time statistics in ncurses interfaces
  • mtr - Debug routing/package loss issues
  • netstat - The different modes
    # Typically used modes
    netstat -rn          # List routes
    netstat -tlnp       # List all open TCP connections
    netstat -tlnpc      # Continuously do the above
    netstat -tulpen    # Extended connection view
    netstat -a           # List all sockets
    # And more rarely used
    netstat -s            # List per protocol statistics
    netstat -su          # List UDP statistics
    netstat -M           # List masqueraded connections
    netstat -i            # List interfaces and counters
    netstat -o           # Watch time/wait handling
  • nttcp - TCP performance testing
    # On sending host
    nttcp -t -s
    # On receiving host
    nttcp -r -s
  • List Kernel Settings
    sysctl net
  • tcpdump - Be verbose and print full package hex dumps:
     tcpdump -i eth0 -nN -vvv -xX -s 1500 port <some port>
  • SNMP - Dump all MIBs: When you need to find the MIB for an object known only by name try
    snmpwalk -c public -v 1 -O s <myhost> .iso | grep <search string>
  • Hurricane Electric - BGP Tools: Statistics on all AS as well as links to their looking glasses.
  • tcpdump - Tutorial: Many usage examples.
    # Filter port
    tcpdump port 80
    tcpdump src port 1025 
    tcpdump dst port 389
    tcpdump portrange 21-23
    # Filter source or destination IP
    tcpdump src
    tcpdump dest
    # Filter  everything on network 
    tcpdump net
    # Logically operators
    tcpdump src port 1025 and tcp 
    # Provide full hex dump of captured HTTP packages
    tcpdump -s0 -x port 80
    # Filter TCP flags (e.g. RST)
    tcpdump 'tcp[13] & 4!=0'

NFS Administration Commands