Linux Networking¶
Every security pro needs to control network interfaces , check connections , and filter traffic from the command line
Interface Configuration
ip link show # List all interfaces
ip addr show eth0 # Show IP addresses
ip link set eth0 up/down # Enable/disable interface
ip route show # Routing table
Connectivity Testing
ping -c 4 google.com # Test connectivity
traceroute google.com # Trace route
mtr google.com # Continuous trace (combines ping + traceroute)
Socket Statistics
ss -tuln # Listening sockets (TCP/UDP)
ss -antp # All TCP connections with processes
netstat -antp # Old school but still everywhere
ss replaced netstat on modern systems. Use it for socket statistics
DNS Resolution
host google.com # DNS lookup
dig google.com ANY # Detailed DNS query
nslookup google.com # Legacy tool
dig -x 8.8.8.8 # Reverse DNS lookup
HTTP Operations
curl -I https://example.com # Fetch headers only
curl -v https://example.com # Verbose (shows TLS handshake)
curl -X POST -d "key=val" URL # POST request
wget -r -l 2 URL # Recursive download
SSH
ssh user@host # Basic connect
ssh -i key.pem user@host # Key-based auth
ssh -L 8080:localhost:80 host # Local port forwarding
ssh -D 1080 user@host # SOCKS proxy tunnel
ssh -J jumpuser@jumphost user@target # ProxyJump
Packet Capture
tcpdump -i eth0 # Capture on interface
tcpdump port 80 # Filter by port
tcpdump host 192.168.1.1 # Filter by host
tcpdump -w capture.pcap # Write to file
tcpdump -r capture.pcap # Read file
Firewall (iptables/nftables)
iptables -L -n -v # List rules
iptables -A INPUT -p tcp --dport 22 -j ACCEPT # Allow SSH
iptables -P INPUT DROP # Default deny
ufw enable # Uncomplicated firewall
ufw allow 22/tcp # Allow SSH