print PDF Ireland

Basic Tools


The following tools are indispensable to know when to use a linux server. Here We can't give all options of these commands. Don't forget that you can get more help by typing the command with the paramaters: --help , "man netstat" or 'info netstat". Finally, remember that under Linux, you have to be careful when using upper/lowercases (the ping command exists, not the Ping command).


This command is normally known by everyone. It exists in all servers. It allows to check if a remote server responds. The syntax is very easy: ping -c 5 213.186.xx.xx to send 5 pings to the server, which has the following Ip: 213.186.xx.xx We can also use the server name, if it is filled in your hosts file or in DNS server. For example, we can use ping to check if the connection is still active or to activate it. If you don't add -c 5 option to send only 5 pings, the command doesn't stop. Then, use the combinaison Crtl+C. It exists an other more complete tool, but it isn't installed by default: hping.


ifconfig allows to know the configuration of your network card, but also to change this one by typing:

ifconfig eth0 213.186.xx.xx netmask broadcast 213.186.xx.255

As the values I have just given are standard, you can easily type ifconfig ETH0 213.186.xx.xx (The netmask and broadcast proposed are those corresponding to a C class address). Note: at the time of server boot, this modification will be lost. In the same time, you must modify the file: /etc/sysconfig/network-script/ifcfg-eth0. You can use linuxconf to do the same work in an easier way. We can also desactivate a network card ifconfig eth0 down and obviously it activates ifconfig eth0 up.


The arp command allows to link Ip addresses with MAC addresses. The important possible options are:
arp -a to have all ARP entries of the table
arp -d hostname to delete an entry of the table
arp -s hostname mac_address to add a new entry in the table


This command allows to see, add or remove the routes declared on your server. Therefore, to indicate to your server where to go to find the addresses, which aren't the ones of your local network, you have to indicate it the gateway where the packages must be sent to.
To see the routes, indicate route -n (we can use also netstat -nr). The -n option allows not to have the name resolution.

To add a route by default:
route add default gateway (The gateway towards which I send all the packets, which aren't for the local network)

To destroy this route:
route del default

To add a route to a host indicate:
route add -host gateway (Indicate the netmask if this one isn't a mask corresponding to the class of your address)

To add a route to a network indicate:
route add -net netmask gateway

Finally, to delete one of these routes replace add by del. The gateway corresponds the most of time to your router. To get the route you have just added at every boot time, save the command in the file: /etc/rc.d/rc.local for example.


Here is a less known command but it is very useful. Here, I can't comment all the options, I suggest you to read the netstat guide. Indeed, It allows to know the ports listened on your server, on which interface, with which transport protocols (TCP or UDP), the active connections and to know the routes.

To see the active connections netstat -nt for open ports netsat.ntl. We can also check if a route by default exists. For example, does a route by default exist to server? Therefore, use -nr | grep 213.186.xx.xx
  • The -a option enumerates the working ports or those listened by the server
  • The -i option gives information about the network interface
  • The -p protocol option gives a lot of information (packets received, lost, fowarded, size, ...) about the network traffic in the given protocol

For example:
netstat -p ip_address


lsof allows to list open files and active process.
lsof -i indicates the internet process.
We can reduce the list to one specific protocol (for example: lsof -ni tcp:25) or reduce to one system (for example lsof -ni @213.186.xx.xx:25).
To know all the open files by or on /hda1 use lsof /dev/hda1.
lsof -i -a -p 1234 allows to know all network ports which are open by the 1234 process (-a is read as an AND operator).
lsof -p 1234, 12345 -u 500, toto allows to know all the files opened by the user 500 or toto or the process 1234 or 12345.
Other commands exist to do it (fuser, ps, netstat,...), but they are very complicated.


Traceroute allows to determine the path used by a packet to reach its target on Internet. We can either use the Ip address or the hostname. Note: With traceroute command, some firewalls or routers may not be displayed.
The traceroute command is very useful to know where can find a blockade or a slowdown. Several options exist for example we can choose gateways (up to 8) to reach a system. Once again, I advise you to read the traceroute guide.


Telenet is the indispensable tool to know. It exists as a client on all systems and as a server on Unix. Note: it's less and less installed by default on the new distributions, in their server versions. In it server version, it allows to give a remote access to the system and a shell to administrate it. However, for security reason, we don't use this tool, we prefer to use SSH, because all the passwords are crypted on the network. SSH clients for windows exist.
However the telnet client allows to do all sort of things. As a client, telnet allows you to send and read your messages. It allows as well to test the other protocols. For example: we can use telnet to connect to a FTP server "telnet my_ftp_server 21" or on a web server "telnet my_web_sevrer 80".


ftp is a tool which allows to download the files between systems. You know the ftp clients as ws_ftp.
Under Linux, it exists a ftp server, you can activate it in /etc/inetd.conf. It's installed by default in all distributions. This ftp server isn't linked with the apache installation, the Microsoft systems as well, where you must install IIS to benefit from this service.
Note: the ftp server causes an important security probelm, you'd rather use SFTP, which is available with SSH.

Here are the commands you will use the most:
dir: to list a directory
cd name_of-directory: to change a directory
get my_file: to copy a file to local system
mget *: to copy all the files of the directory to your station
put my_file: to copy a file to the server
mput *: to copy the files saved in your directory
binary: to copy in binary mode
exit: to quit

A big number of others commands exist. But here are the main ones to copy files between systems. The ftp command will give you a big number of services, because it allows easily to exchange files between linux and windows, without installing a ftp client or configure samba.


The nslookup tool allows to query a domain name server (DNS server) in order to have information about a domain or a system. By default, nslookup uses the domain name server configured on your system. However, you can query an other domain name server.
[root@xxxxx /] nslookup


Command nearly similar, but it is easier to use.
host 213.186.xx.xx gives information about the domain
host -v -t mx your_domain gives information about the MX servers
host -l -t any your_domain to give all the machine of domain


This command allows to know the users who are logged on your system.


This command enables you to see the latest connections carried out on your server.
last without anything: display all the information
last david: shows all connections of david user
last reboot: all the reboot of the system with the date

lastb is a variant of last, this command search only for the wrong login (it reads the /var/log/btmp file)


finger is a service which allows you to get information about the users accounts of your system. This service is to exclude. It syntax is however easy:
finger toto@remote_system

For further information, use the option -l This example shows 2 open connections on the system.
[root@xxxxx] finger -l


This tool allows you to create connections (socket) between machines. We use it as a client netcat 200 (connection on the 23 port of the system) or as a server netcat -l -p 80 (It listens on the 80 port). It allows the ports scanning too.
Here are some examples:

netcat -t ns213.186.xx.xx 23 behaves laike a telnet client
netcat -l -p 23 > spy.log listens on the 23 port (telnet) and saves in spy.log everything typed by the client
netcat -l -p 23 < my_command executes the commands which are in my_command
netcat -l -p 23 -e my_command executes the command after connection
netcat -vv remote_sytem 1-100 allows to launch a scan on remote sytem
netcat -vv -z -i 10000 -r 1-200 allows to scan randomly the ports from 1 to 100 with a timeout. We avoid the detection