The IPV4 address is a 32-bit unique number that has two types: public and private. Public IP is used to access the internet while private IP is reserved for local usage.

Knowing your IP address is important especially when you want to create a local area network for gaming or data transferring. It is also important when it comes to troubleshooting your network issues and configuring the firewall. This guide will elaborate on the different methods to check your IP address whether public or private in Linux.

How to find the private IP address in Linux:

There are two ways to check your private IP address. The first is through GUI and the second way is through a terminal. Let’s check the first method.

First, open “Settings” from applications:

Afterward, click on “Network”.

On the right side of the screen, click the icon as demonstrated in the following image:

A window containing the private IP address and other related information will open.

The second method to find the private IP address is using the terminal.

Simply open the terminal and type:

The highlighted part of the above image indicates the private IP.

Another command to check private IP is:

Or execute:

How to find the public IP address in Linux:

Public IP is relatively easier to find. Simply open the web browser and then Google “What’s my IP”. Your public IP address will be displayed:

It can also be accessed using the terminal. There are numerous services that provide your public IP address.

Use the below-mentioned commands to find your public IP:

Conclusion:

In this post, we have learned the importance of IP addresses, the difference between public and private IP, and how to find both in Linux using different methods. The IP address is a 32-bit address, also known as IPV4, and is a unique identity that helps you connect with other devices on the internet. Local IP addresses are used to connect different devices in order to create a shared local area network. Since the number of internet users is multiplying, the IPV4 address may soon be replaced with a newer IP scheme known as IPV6, which is faster and more efficient.

In this guide, we will discuss two essential networking concepts that are bridging and bonding. We will see how to set up, modify, and delete the bridges and bonds in the Linux system. We will demonstrate the procedure on Linux Mint 20 Ulyana system. However, you can also implement the same procedure on Ubuntu or Debian.

Pre-requisites:

• Linux system with at least two network interfaces
• Sudo user

Bridges

Bridging is to create a bridge between two or more network interfaces to pass traffic between them. It allows you to share your system’s internet connection with other systems. Consider a scenario where system A (with no internet connection) wants to connect to another system’s B internet connection. All you need is to plug both systems with an Ethernet cable and create a bridge between them. However, to do so, you will need two interfaces on your system B. One interface will be connected to the internet, and the other one will be connected to system A.

Set up Bridge

In our example, we will set up a bridge br0 between two interfaces, ens33 and ens39. The enss33 interface connects to the internet while the ens39 connects to the second system (that needs an internet connection). We will set up the bridge via DHCP.

First, you will have to install the required program bridge-utils to create a bridge. Issue the below command in Terminal to install bridge-utils:

Create a bridge network interface using the below command in Terminal:

This command will create a bridge named br0. You can name it anything you want.

Now add both interfaces you want to bridge (one that connects to the internet and the other that connects to the second system) using the below syntax:

For instance, in our case, it would be:

The above command will add enss33 and ens39 to the bridge br0.

Now, bring up the bridge interface:

In our case, it would be:

You can also run the below command to get the interface up and running (In the case of DHCP).

Now, edit the /etc/network/interfaces file and append the following lines:

Now restart the networking services using the below command:

Now the bridge has been set up, and hopefully, you will be able to access the internet from your second system.

View Bridge

You can use the below command to view all the configured bridges on your system and the interfaces attached to them.

Modify Bridge

Add an interface to bridge

You can add an interface to an already existing bridge as follows:

For instance, to add an interface named ens38 to the already existing bridge named br0, the command would be:

Delete Interface from bridge

You can also delete an interface from a bridge as follows:

For instance, to delete an interface named ens38 from the bridge named br0, the command would be:

Delete a bridge

To delete a bridge from your system, you will first need to bring it down. Use the following command to do so:

For instance, to delete a bridge named br0, first bring it down:

Then, to delete the bridge, use the following command:

In our example, the command would be:

Network Bonding

Network bonding combines several network interfaces to present them as a single interface, in effect combining their bandwidth into a single connection. Bonding network interfaces increase throughput, provides high availability and failover in situations where one of the interfaces fails.

There are various modes of network bonding which are as follows:

• mode=0 (Balance Round Robin)
• mode=1 (Active backup)
• mode=2 (Balance XOR)
• mode=3 (Broadcast)
• mode=4 (802.3ad)
• mode=5 (Balance TLB)
• mode=6 (Balance ALB)

Setup Network Bonding

In this guide, we will setup mode 1 (Active backup mode). We will bond two interfaces, ens33 and ens38. The ens33 will be our active interface, while ens38 will be the backup interface.

First, you will have to install the ifenslave tool on your system. To do so, issue the below command in Terminal:

Then load the kernel module using the below command:

The above command will add additional capabilities to the Linux kernel.

Now, find out your network interfaces. You can use the below command to do so:

The following output shows there are two network interfaces ens33 and ens38 other than the loopback interface. We will bond the two interfaces, ens33 and ens38, in a bond named bond0.

Now edit the network interfaces files using the below command in Terminal:

Modify the file as follows:

Make sure to replace the interface’s name with yours.

Now save and close the interface configuration file.

Now restart networking service using the below command:

Run the “ifconfig” or “ip a” command, and this time you will see the bond0 as a separate interface with an IP address assigned to it. You can also see there is no IP address assigned to the ens33 and ens38 interfaces.

Test Bonding

To verify if bonding is working, issue the below command:

The following output shows that the binding mode is active-backup, and both the primary and currently active slave is ens33.

Now to test the active-backup mode, run a continuous ping from another system on the network to the bonding server IP address (which in our case is 192.168.72.179). Your ping should work successfully. Then try shutting down the active interface and see if the ping continues or stops. If the ping continues, this means the bonding has been configured successfully.

If you run the below command, you can also see that the primary slave ens33 is down while the currently active slave is now ens38.

Modify Bonding

Change Active Slave Interface

You can also change the active slave interface in bonding using the -c option as follows:

For instance, in our scenario, we have ens33 as an active interface while ens38 as a backup interface. To set ens38 as an active slave interface, the command would be:

Now to confirm whether the active interface has successfully changed, issue the below command in Terminal:

In the below output, you can see that the active slave interface has changed to ens38.

Change bonding mode

To change the bonding mode, edit the /etc/network/interfaces file and change the bond-mode value. For instance, to change the bond mode to round-robin, modify the value of the bond-mode to 0.

Now to confirm whether the bonding mode has successfully changed, issue the below command in Terminal:

In the below output, it is clear that the bond mode has changed to round-robin.

Attaching slave

To attach a new slave interface to an already existing bond, use the following syntax:

The -v is used here for verbose output.

For instance, to add a new slave interface ens33 to an already existing bond0, the command would be:

Detaching slave

To detach a slave interface from a bond, use the -d option as follows:

The -v is used here for verbose output.

For instance, to detach a slave interface ens33 from bond0, the command would be:

Delete Bonding

To delete bonding, edit the /etc/network.interfaces file, and remove the configurations related to bonding. Leave only the interfaces configuration like this:

Then save and close the interfaces configurations file.

Now remove the bonding with the below command:

Then restart networking service:

That is all there is to it! In this article, first, we have shown how to set up a network bridge to share the internet connection with other systems. Then we have shown how to modify the bridges by adding or removing an interface from the bridge. Next, we have shown how to setup network bonds to have increased throughput, high availability, and failover. Then we have shown how to modify a bond by changing its active slaves, attaching/detaching slaves, and changing bonding modes. We have also shown how to delete the bridges and bonds in case you no longer need them.

Media Access Control (MAC) Address

Next, we will discuss step-by-step how to change the MAC address, as well as why there is a need to change it.

Changing the MAC Address

As described earlier, the term MAC address means Media Access Control Address. A MAC address is a unique and separate identifier given to the Network Interface Controller (NIC). A MAC address is a hardware ID assigned upon connecting to the Wi-Fi or through an Ethernet cable. The MAC address is unique for each device, therefore, it does not look similar on any other device. It is possible to spoof a MAC address, but it is not possible to change it permanently. This can be done by using the MAC address.

Why Change the MAC Address?

Normally, there isn’t any need to change the MAC address, but a MAC address change can have many benefits while doing penetration testing. Say, for example, some wireless system has blocked the real MAC address, then it can be bypass or can be spoofed easily before performing the penetration test of the wireless network. In this case, the network admin cannot ban or see the original MAC address. By changing or spoofing the admin MAC address, the network admin can now ban or block the spoofed MAC address.

How to Change the MAC Address

In a Kali Linux, it is very easy to spoof the MAC address. This can be done by opening the terminal window in the Kali Linux system. Initially, we will check all of the adapters that are using the ifconfig command, as shown:

In the above screenshot, the MAC address, which is highlighted, is the MAC address of the eth0 Ethernet interface.

Here, it is essential to turn off the network interface because by doing so, we are now able to change the MAC address of the eth0.

For this purpose, we will enter the following command:

Next, we will change the MAC address. This can be done by entering the following command:

In this command, the -r flag is used to change the current MAC address to the random MAC address in the network interface of eth0.

In the screenshot above, note that the MAC address has been successfully spoofed. Now, we will turn on the network interface again.

This can be done by entering the following command:

Next, it is necessary to check the MAC address again with the help of the ifconfig command:

Above, it can be observed that the highlighted area of the MAC address is now changed.

Conclusion

This article taught you what a MAC address is and how it can be changed in Kali Linux using the macchanger tool. You also learned how to work with macchanger using the well-known ifconfig command.

A quick introduction to Fierce

Today, we will be introducing Fierce, a fantastic network mapping, and port scanning tool. Often used to locate non-contiguous IP space and hostnames across networks, Fierce is far more than just a simple IP scanner or a DDoS tool. It is a great reconnaissance tool that is used by whitehat communities all over the world.

Fierce is specifically designed for corporate networks and is used to discover likely targets in the networks of their systems. Capable of scanning for domains within minutes, Fierce is becoming the preferred tool for performing vulnerability checks in large networks.

Attributes

Some of it’s defining features include:

• performs reverse lookups for the specified range
• Internal and external IP ranges scanning
• Capable of performing entire Class C scan
• enumerates DNS records on targets
• Excellent Brute force capabilities coupled with reverse lookups should brute force fails to locate multiple hosts
• Name Servers discovery and Zone Transfer attack

To see more details on the functionalities and utilities of this software engineering marvel, run the -h flag on it.

How Fierce performs Scanning

Despite being such a resourceful and effective recon tool, it’s working is relatively simple. It starts the scanning process with brute force attacks if it is not possible for it to readily perform zone transfer of the target domain. Fierce uses a predetermined wordlist that contains possible subdomains it can detect. If a subdomain isn’t on the list, it will not be detected.

Performing a basic scan with Fierce

Let’s demonstrate how Fierce works with a simple scan with default settings. Here, we’re performing a basic scan on (websitename.com). To initiate scanning, type:

The scan inquires the names of the servers the target website is hosted on. Next, it will attempt a zone transfer against those servers, which is most likely to fail but, on rare occasions, may work. This is mostly because DNS queries made by the scan terminate against the third-party servers.

If the zone transfer fails, whe scan would attempt to locate the wildcard A record, which is relevant as it lists all the subdomains that are automatically assigned to an IP address. DNS A records look something like:

These records may or may not exist for a particular website, but if they do (let’s say for a website called our website), they will look something like:

Notice how it shows the temp resolved to a.b.c.d. This is in part due to the fact that in DNS, a value of *, resolve a subdomain to its IP address. The attempts at brute-forcing subdomains performed are usually endured and neutralized by this type of record. Still, we can procure some relevant data by searching for additional values.

For example, you can tell whether a subdomain is legit by looking at the IP it is resolved to. If several URLs resolve to a specific IP, they’re likely forfeited to protect the server from the scans such as the one we’re performing here. Usually, websites with unique IP values are real.

Moving on to other scan results, you’ll see that 11 entries were detected from the 1594 words we checked. In our case, we found one entry(c.xkcd.com ) that contained vital information after thoroughly checking. Let us see what this entry has for us.

Looking at some of the information here, one can tell that some of them could be subdomains that Fierce couldn’t detect. We can use snippets from here to improve our wordlist that the scan uses to detect subdomains.

Let us instruct Fierce to perform fwd and reverse DNS lookups with the nslookup command.

The nslookup utility has checked the comic.linuxhint.com subdomain and failed to get any results. However, it’s the inquiry of checking the whatif.linuxhint.com subdomain has yielded some substantial results: namely a CN and A record response.

Let us have a good look at the “whatif.linuxhint.com” subdomain results

Pay attention to the CNAME record, which is, in essence, a redirect. For example, if CNAME receives a query for whatif.xkcd.com, it’ll redirect the request to a similar dummy subdomain. There are then two more CNAME records, which ultimately land the request at prod.i.ssl.global.fastlylb.net, which is at IP address, as seen by the last A record.

You can enter nslookup’s verbose mode by typing nslookup type set d2 to see the results in much more detail.

We highly recommend that you familiarize yourself with the nslookup command. It is available on all popular operating systems, and it saves you a whole lot of your time when you’re probing a server for subdomains.

There’s another great tool called dig, which has a similar function. Activate dig, and you’ll be presented the following:

With the IPs returned, we can get our hands on some more useful stuff about the networks we have been scanning. If we were conducting a pentest for a company, we might have got some idea about their public IP space and could warrant investigating related Ips for investigation.

To sum up:

As we’ve previously mentioned, Fierce is much more than a simple network scanner. We have listed below some of the commands and their uses; I recommend you try out next.

• Wordlist –lets you specify a wordlist file which to search a server for subdomains.
• connect – This feature establishes a connection with identified subdomains during the scan
• delay – specifies a delay in seconds between queries to the server
• dnsserver – send dnsserver requests
• file – downloads the scan results to a specified directory

Media Access Control (MAC) Address

Changing the MAC Address with macchanger in Kali Linux

To follow this tutorial to change the MAC address in Kali Linux by using macchanger, the following points are important to consider:

Key Objective

The key objective of this article is to change the real hardware MAC address of the network’s card. This article will show you how to change the MAC address with the help of macchanger in Kali Linux.

Main Requirements

The main essential requirement is to have authorized access to a system having Kali Linux.

Level of Difficulty

The difficulty level must be easy.

Protocol

#  (needs to execute given Linux commands with authorized roots, instead of using the sudo command, or needs to be done directly by the root user)

$ (involves the execution of given Linux commands as the non-authorized user)

Key Instructions

The following key instructions will be included in this tutorial:

• Changing the MAC address to a random MAC address
• Checking the new MAC address
• Changing the MAC address to a specific MAC address

Change the MAC Address to a Random MAC address

In the first step, we will use macchanger to change the hardware MAC address of the network card to a random address. We will investigate the current MAC address by taking the eth0 network interface. By doing so, we will able to execute the macchanger with the argument eth0 and the option -s.

The network interface must be turned off before changing the MAC address. The command ifconfig is used to turn off the interface of the network. This command is shown below:

If you have failed to turn off the network interface, then the following error message will be displayed:

ERROR: Can’t change MAC: interface up or not permission: Cannot assign requested address

Now, we will change the hardware MAC address of the network card to different hexadecimal numbers. You can do so by entering the following command:

Finally, bring up the network interface and show your new MAC address by entering the following commands:

Check the New MAC Address

After listing the network interface with the help of the ifconfig command, the new MAC address will be shown.

Change the MAC Address to a Specific MAC Address

To change the MAC address to a specific string in Kali Linux, use the following method. This can be done with the help of macchanger’s -m option. The commands for changing the MAC address to a specific address are given below:

Now, use the -1 option to determine the MAC address prefix for the particular hardware vendor. The command will be written as follows:

Conclusion

This tutorial explained what a MAC address is and how one can spoof it using the macchanger and ifconfig commands.

• What is a MAC address?
• Finding the IP and MAC address using the command-line
• The IP command
• Finding the IP address in Linux systems
• Finding the MAC Address in Linux systems

Media Access Control (MAC) Address

The MAC address, also known as Media Access Control address, is a unique and separate hardware number of a particular computer, especially in a LAN (Local area network) or in other networks. When you are connected to the Internet as a host or your computer is connected to the Internet, the IP address of your computer is linked to the physical MAC address of the computer on a LAN. The MAC address is the same as the Ethernet address on the Ethernet LAN. In telecommunication protocols, the media access control, which is the sublayer of the data-link layer, uses the MAC address. For each type of device, there is a different MAC sublayer. In the DLC layer, the other sublayer is a logical link control sublayer.

Next, we will show you how to find the IP and MAC addresses of a device with the help of the command-line in Linux.

Finding IP and MAC Address Using the Command-Line

With the help of the IP command, you can find both the IP and MAC address of your network connection. Here, we will discuss the networking command IP in Linux. The network parameters of Linux are useful to withdraw by using this command. This command will work on different Linux systems, such as Kali Linux, Arch Linux, Fedora, Ubuntu, etc.

The IP command

The IP command replaces the ifconfig command, which is part of the net-tools package. The IP command is very strong and powerful. The syntax of the IP command is written as follows:

In the above command, the xx will be replaced by the following two to obtain the preferred result. These operators include:
-s, which is used to show more information related to the command
-V, which is used to show the ip utility version

To check IP address in Kali Linux, enter the ifconfig command, as shown below:

Finding the IP Address of a Linux System

To list each of the IP addresses of a system, write the following command in the terminal:

This command will display all the IP addresses with their device names that are currently available. If someone does not like the default IP address connected to the internet, then they can use a grep parameter. The parameter can be written as shown below:

Another option is to use the device name, but in this case, it is essential to use the names of the particular network devices. To do this, enter the following command:

Here, you will see that the Ethernet connection is eth0, while wlp2s0 represents the wireless connection. We will use the eth0 in this example:

Finding the MAC Address of a Linux System

Any network device has a critical parameter, such as a MAC address, that will also include the hardware of the computer or a server. There is a unique MAC address for each device on the network that is connected to the computer.

Enter the ip link command into the terminal, as shown below:

The ip link utility lists several parameters for a device. There are two lines for each of the devices for the link-state and their properties. The first line will show the current state of the particular device, the maximum transmission unit, a set of flags on the device, etc. Similarly, the second line will indicate the current MAC address or the type of link layer currently in use. The previous example found the MAC addresses of the two LAN connections currently in use.

Conclusion

This tutorial showed you how to look up MAC addresses in Linux. The commands in this article work with many distros, including Kali, Arch, and Ubuntu Linux machines.

In this article, we will explain a few tools that will allow you to check network usage per process in your Linux system. These tools include IPTraf, Iftop and Nethog. With the help of these tools, you can identify which process or port number is draining much of the network bandwidth.

Note that we have explained the procedure on Ubuntu 18.04 LTS system.

IPTraf

IPTraf is an open-source command-line network monitoring tool that allows monitoring of various network statistics such as TCP, UDP, Ethernet load, ICMP, etc. We can use it to view network usage of a processes running in Linux.

Installation

IPTraf is included in the official repositories of the Ubuntu system. Therefore, we can install it using the apt or apt-get command.

Open the Terminal by using Ctrl+Alt+T shortcut and then run this command as sudo to install IPTraf:

During installation, the system might ask for confirmation by providing with Y/n option. Hit y to confirm and then wait for a while until the IPTraf is installed on your system.

Usage

To use IPTraf, run this command in Terminal:

When you run the above command, you will see the output similar to below. The output shows the network statistics against the source IP address and port number. However, it does not show the specific process which is using the bandwidth.

For some common ports, you can easily guess the process name, such as FTP port number 21, telnet port number 23 and so on. However for some less known ports, to find out a process running against it, use the following netstat command:

For instance, we want to find out the process name against the port number 443. In that case, the command would be:

The output shows the process name “firefox” running against the port number 443.

To view network statistics for a particular interface, use –i followed by interface name:

To view more information about IPTraf, see the man page or use help as follows:

Iftop

Iftop is similar to the top command except it is used for monitoring network usage instead of processor usage. It is an open-source command-line tool that displays current bandwidth usage of a specific interface. Similar to the IPTraf, it also does not displays the process which is using the bandwidth.

Installation

Iftop is available in the official repositories of Ubuntu. Therefore, we can install it simply using the apt or apt-get command.

In the Terminal, run this command as sudo to install Iftop:

During installation, the system might ask for confirmation by providing with Y/n option. Hit y to confirm and then wait for a while until the Iftop is installed on your system.

Usage

To use Iftop, run this command in Terminal:

It displays the sent and received bytes within three different time intervals. At the end, it displays cumulative sent and receive bytes.

To view port number in the display, use –p option as follows:

To view information about the specific interface, use –i option as follows:

To view more information about iftop, see the man page or use help as follows:

Nethogs

Nethogs is an open-source command-line utility that allows viewing network usage of a process running in the Linux system. Unlike the above IPTraf and Iftop tools, Nethogs sorts the output by process and bandwidth usage. Therefore, it comes handy when you need to find which process is using more bandwidth.

Installation

It is also available in the official Ubuntu repositories. Therefore to install it, use the apt or apt-get command as follows:

Wait for a while until the installation of Nethogs is completed.

Usage

To use Nethog for checking network usage, simply type nethogs in the Terminal:

The output displays the sent and received traffic used by different processes. In the end, it displays the total traffic sent and received by all processes.

To view network usage on a specific interface, use the Nethog command as follows:

To specify refresh interval, use –d option. For instance, to set 7 seconds as refresh interval, run this command:

That is all there is to it! In this article, we have learned how to install and use IPTraf, Iftop, and Nethog in Linux. Through these tools, you can easily check the network usage per process in your Linux system.

Now if you want to share something from your local Web Server to your friends which are outside of the Local Area Network and they can not access your machine. Then how would you expose your localhost to your friends outside the LAN?

In this case you establish a tunnel from your localhost to the internet and share a public IP address to your friends which can be accessed from all over the internet.

Tunnels can be established by using SSH or Ngrok. Here we will discuss both the ways and then we will verify the result of tunneling using netcat.

Getting Public IP using Ngrok

Ngrok is a cross platform tunneling software which can be used to establish secure tunnels from the internet to the local network. It also captures all the traffic for inspection. Following is the method to establish tunnels from localhost to the internet.

Installing Ngrok

Before using Ngrok on your machine, we have to install it. Ngrok can be installed by using the following command in Terminal.

When you run the above command, it will install the ngrok after downloading required files. You can check whether Ngrok has been installed or not by using the following command in the Terminal.

If Ngrok has been installed it will give the version as shown in the following figure.

After installing Ngrok, now it is ready to use to establish tunnels.

Exposing Localhost to Public

Ngrok is used to expose your local web server to the internet. All we have to do is to tell Ngrok what port your local web server is listening on. Run the following command to expose your local web server to the internet

When you run the above command in the Terminal, Ngrok establishes a tunnel from your local web server to the internet through port 8080 and displays the public URL through which your local web server can be accessed. Following GUI appears on Terminal when you run the above command.

Now your localhost:8080 can be accessed from all over the internet by using the link shown in the above figure.

Inspecting the Traffic through Tunnel

Ngrok provides us with the ability to inspect all the incoming or outgoing requests from the internet to your localhost. We can observe all the traffic by going to the following link

When you goto the above link, the browser shows you all the incoming or outgoing requests as shown in the following figure.

Terminal also shows the requests made to your local web server. The following figure shows how the terminal keeps the record of http requests.

Getting Public IP using SSH

SSH also known as Secure Shell is a secure communication protocol used for remote communication between client and server. Furthermore, SSH can also be used for establishing tunnels to make your localhost accessible to the public. In this blog we will see how to use SSH for establishing tunnels between your localhost and public internet.

Exposing Localhost to Public

Localhost can also be exposed to the public by using SSH which is basically a communication protocol. It is called SSH tunneling or SSH port forwarding. Run the following command in the Terminal of your localhost to establish a tunnel between your localhost and remote server

In the above command

• 8080 is the port that is server is listening to
• 8088 is the port that you want to expose
• remoteUser is the name of user to whom you are going to expose your web server
• IPAddress is the IP of remote user
• -R means that you are creating a connection from remote server to your localhost

Now port 8088 of your localhost can be accessed from a remote server having IP “IP Address” and username “remoteUser” through port 8080.

Remote Server Configuration

Before accessing localhost through the tunnel from a remote server, do make some changes in the sshd_config file of the remote server. This file can be opened by typing the following command in terminal.

After opening the file, make the changes as shown in the following figure.

After making changes, restart your SSH server to apply these changes. Now localhost is open to the remote server to be accessed.

Testing the Tunnels

So far we have established tunnels between localhost and a remote server by using SSH and Ngrok. Now we will test whether these tunnels have been established or not. We will use netcat command to test tunnels. Run the following command in the terminal of your localhost

When you run the above command in the terminal of your localhost, netcat starts listening on port 8088 of your localhost.

Now type the following command in the terminal of remote server to send message

When you run the above command in the terminal of your remote server, the message “Hello” must appear on the terminal of localhost. If this happens, then your tunnel has been established.

Conclusion

To make your localhost accessible from the internet is done by establishing tunnels between your localhost and the internet. In this blog we have discussed how to establish tunnels to make your localhost accessible to the internet. Two methods of establishing tunnels have been discussed which are SSH tunneling and Ngrok tunneling. Traffic inspection using Ngrok tunneling has also been discussed. After this, the process of testing the tunnels using netcat has been discussed. After reading this blog it will be very easy for you to make your local web server to the public. ]]> https://linuxhint.com/send_receive_udp_packets_linux_cli/ Mon, 24 Feb 2020 18:55:51 +0000 https://linuxhint.com/?p=55615 We already know about two main transport layer protocols like TCP and UDP. For more information about TCP and UDP, you can check the reference section. In this article, we will learn how to send and receive UDP packets via the Linux command-line interface (CLI) using nc (mainly) command.

Expectations:

Here are the key points to learn from this article

1. To understand nc command in Linux.
2. Use nc command for sending and receiving UDP packets through network.
3. Send some human readable sentences through nc command.
4. Capture the UDP packet sent by nc command.
5. Check network packet in Wireshark.
6. Find out any other command other than netcat for Linux.

Netcat Command:

Netcat(nc) command is installed by default in Linux OS. Open one terminal [Shortcut Alt+Ctrl+t] and use below command to check if nc is present or not.

Here is the expected output

This means nc command is already exist in Linux.

General Set Up Diagram:

Send UDP packet:

Let’s take an example like we will send UDP packet from System A to System B. So, in server-client concept, we have to run server at System B side and client at System A side.

Also we have valid IP addresses.

Start Server:

To start sever using nc command use below command in System B terminal

Here is the screenshot

This command does not have any output to show as of now. This is just listening mode on port 9999.

Start Client:

To connect to server using nc command use below command in System A terminal

Now system A has to connect to System B. So we have provided server IP address and port number.

Here is the screenshot

Check Connection:

We can check the below command for the confirmation about client connation to server port.

Here is the screenshot

Send UDP packets:

Now we can send udp packet from System A to B and vice versa.

Step 1:

Now go to system A and send any sentences like

Screenshot:

Step 2:

We should able to see this in System B side. Here is the screenshot

We can also send UDP packets from System B to System A.

Step 1:

Go to System B and send sentence like

Here is the screenshot from System B

Step 2:

Here is the screenshot from System A

Check packets in Wireshark:

Now while we have been sending UDP packets from System A to System B and vice verse, we can start Wireshark in either System A or System B. Here we have the capture file, let’s do some analysis and confirm if this server and client communication used UDP protocol.

Note that we will only analyze the first communication:

System A has sent:

To:

We will use filter “udp.port == 9999” to get only related packets in Wireshark. Refer below screenshot for analysis from Wireshark capture:

To know how to use Wireshark refer below link

https://linuxhint.com/wireshark_basics_how_to_use/

Other command to send UDP packets:

There is another method to send UDP packets

Run server at System B:

Run below command at System A:

But we are able to send only one time “hello”. If we kill server and rerun then it’s working.

Conclusion:

From the above exercise we have learned the mechanism to send some messages using UDP protocol. And the best method is to use nc command in Linux.

References:

To understand TCP: https://linuxhint.com/tcp_packet_capture_analysis/
To understand UDP: https://linuxhint.com/udp_wireshark_analysis/ ]]> https://linuxhint.com/solve_internet_problems_linux/ Tue, 11 Feb 2020 11:24:33 +0000 https://linuxhint.com/?p=55030 You probably heard from many Linux users on how great the Linux operating system is. How it gives you freedom and lets you do stuff that you’d never even dream on doing on windows. After finally deciding to change platforms. You install a Linux distro. At this point, your expectations are very high, and these expectations come plummeting down the hill, just like the last season of Game of Thrones, when you first start to use it.

Especially when you are new to Linux, things can get quite frustrating if you are not yet comfortable in the Linux environment. How you install software and apps, how you navigate is all different from Windows or MacOS.  The most frustrating problems can be internet connectivity problems. In this guide, I will be addressing such common issues. This will help you when you have internet connectivity problems on Linux and just want to get online quicky.

Ubuntu distro:

Linux has a wide range of distros, and it can be a little frustrating to decide which distro to choose. I will be using Ubuntu 18.4 LTS version as it’s by far the most popular and most used distro. Terminal commands may vary for various distros, so in case if a specific command doesn’t work, make sure it’s the correct command for your distro. To check what version of Linux you are on, type the following command in the terminal.

The above command will display the following screen

Some little pre-checks:

Before we move forward with our diagnosis, make sure your network isn’t the one with the problem, i.e., make sure your network has internet access. If you are connected through a cable, make sure the cable is connected correctly.  Laptops have keys that turn wifi on and off. Make sure your wifi is turned on. You can also turn wifi on from Linux settings, as explained in the next part.

No Internet Connection

Most of the time, the wifi switch is turned off, and as a result, no internet connection as displayed. To fix this, go to settings, for this click on the down arrow next to the battery icon on the top right of your screen. In the dropdown, click on the screwdriver icon next to the button with a lock icon.

In the wifi tab, make sure you turn on the wifi switch. Also, make sure the airplane mode is turned off.

If your Linux still isn’t catching wifi signals, make sure your interfaces are up and running. To check whether your interfaces are up, type the following command in terminal

Now you will see the following screen.

In the above figure in the enp0s3 section, you should find “LOWER_UP.” This means your interface is up

Next, you’d want to check your IP and make sure its configured. For this type the following command in the Linux terminal

Your terminal will look like this.

Your ip will be displayed after “innet.” If this is not the case, your IP is not correctly configured.

Check your Drivers

In most cases, the network drivers are not installed or not correctly installed, or your drivers are not up to date.  If your hardware is working correctly, this might be the case. Click on the shell button in the right bottom and type “software and updates” in the search bar. Open the software and update the app.

Go to the “Additional Drivers” tab. At this point, either connect an external device like a USB having the setup of the required network drivers or connect your Linux with the internet via Ethernet so that Linux can search the required drivers from the internet or your device. The available drivers will be shown here. Install the appropriate drivers from here. If no drivers are displayed here, this means no drivers are available on Linux for your hardware. In other words, Linux doesn’t support your equipment. But this is an extreme case, and it rarely happens. To check more information about your hardware, and what chipset do you have, type the following command in the terminal

Following will be the output

As my system is currently connected via Ethernet, Linux shows what ethernet hardware do I have. This is a useful command as it gives you all the information on once screen. You can google your chipset name and add the word Linux in front, doing this will show you whether Linux supports your particular hardware or not.

Some Diagnosing Tools

Linux includes some commands that can help you with the diagnosis of your Internet problem. One such command is following

What this will do is that it will make five connections with the site mentioned after the c5 part, google.com in this case, and will show the details like ping and packet loss of that connection each time. The 5 in “c5.” Part indicates the specifies of times  Linux makes the connection with that site. In the end, it also gives you a summary of all the connections, the minimum time, the maximum time, and the average.

With the help of this command, you can determine whether the problem is with your laptop or the site that you’re trying to access or with your Internet Service Provider.

Conclusion

Most of the connectivity problems are just because of wifi switch turned off, or sometimes the airplane mode is on. Here I have mentioned some solutions that you can go through, and hopefully, your problem will be solved. The most important part of this is that you update your drivers as that is the second most common reason that causes the connectivity problem. Updating drivers can be a bit tricky in Linux as the procedure is a lot different than the Windows procedure. But the drivers for network chipsets are proprietary and can be easily installed from the “Software and Updates app.”

The telnet program, which is not the Telnet protocol, can be useful to test port states which is the functionality this tutorial explains. The reason why this protocol is useful to connect to different protocols such as POP is both protocols support plain text (which is their main problem and why such services should not be used).

Checking ports before starting:

Before starting with telnet, let’s check with Nmap some ports on the sample target (linuxhint.com).

Getting started with Telnet to specific ports for testing purposes:

Once we learned about open ports, we can start launching tests, let’s try the port 22 (ssh), on the console write “telnet <target> <port>” as shown below:

As you can see in the example below the output says I’m connected to linuxhint.com, therefore the port is open.

Let’s try the same on the port 80 (http):

The output is similar with port 80, now let’s try the port 161 which according to Nmap is filtered:

As you see the filtered port didn’t allow the connection to be established returning a time out error.

Now let’s try Telnet against a closed (not filtered) port, for this example I will use the port 81. Since Nmap didn’t report on closed ports before proceeding I will confirm it is closed, by scanning the specific port using the -p flag:

Once confirmed the port is closed, let’s test it with Telnet:

As you can see the connection wasn’t established and the error is different than with the filtered port showing “Connection refused”.

To close an established connection, you can press CTRL+] and you will see the prompt:

Then type “quit” and press ENTER.

Under Linux you can easily write a little shell script to connect through telnet with different targets and ports.

Open nano and create a file called multipletelnet.sh with the following content inside:

#! /bin/bash
#The first uncommented line will connect to linuxhint.com through port $
telnet linuxhint.com 80
#The second uncommented line will connect to linux.lat through ssh.
telnet linux.lat 22
#The third uncommented line will connect to linuxhint.com through ssh
telnet linuxhint.com 22

Connections only start after the previous was closed, you can close the connection by passing any character, In the example above I passed “q”.

Yet, if you want to test many ports and targets simultaneously Telnet isn’t the best option, for which you have Nmap and similar tools

About Telnet:

As said before, Telnet is an unencrypted protocol vulnerable to sniffers, any attacker can intercept the communication between the client and the server in plain text accessing sensible information such as passwords.

The lack of authentication methods also allow possible attackers to modify the packages sent between two nodes.

Because of this Telnet was rapidly replaced by SSH (Secure Shell) which provides a variety of authentication methods and also encrypts the whole communication between nodes.

Bonus: testing specific ports for possible vulnerabilities with Nmap:

With Nmap we can go far more than with Telnet, we can learn the version of the program running behind the port and we can even test it for vulnerabilities.

Scanning a specific port to find vulnerabilities on the service:

The following example shows a scan against the port 80 of linuxhint.com calling Nmap NSE script vuln to test offensive scripts looking for vulnerabilities:

As you can see, since it is LinuxHint.com server no vulnerabilities were found.

It is possible to scan a specific port for a specific vulnerability; the following example shows how to scan a port using Nmap to find DOS vulnerabilities:

As you can see Nmap found a possible vulnerability (it was a false positive in this case).

You can find a lot of high quality tutorials with different port scanning techniques at https://linuxhint.com/?s=scan+ports.

I hope you found this tutorial on Telnet to a specific port for testing purposes useful. Keep following LinuxHint for more tips and updates on Linux and networking ]]> https://linuxhint.com/route_command_linux/ Thu, 16 Jan 2020 20:19:56 +0000 https://linuxhint.com/?p=53603 Before showing how the route command should be used in Linux it is necessary to understand what a routing table is.

A routing table is a file containing information on how the information or packets should be transferred: the network path to all nodes or devices within a network. It is a map used by routers and gateways to track paths. The hop-by-hop routing is widely used, the packet contains the routing table to reach the next hop, once reached, it will read the routing table again to reach the next hop.

Using the route command you can communicate with subnets and different networks, you can also block the traffic between networks or devices by modifying the routing table.

In Linux the route command is part of the net-tools suite which includes ifconfig, iwconfig and other known tools to deal with networking. Like the rest of components of the net-tools suite the route command is being replaced by the ip route command, also explained in this tutorial.

Note: Replace “enp2s0” and “wlp3s0” device names  mentioned in this tutorial for your correct device names.

How to use the route command in Linux

Since the net-tools package is being replaced by the iproute2 and isn’t included in all Linux distributions by default in case you lack of it on Debian and derived systems like Ubuntu or Mint, in the terminal run:

Once installed you’ll be able to use route, ifconfig, iwconfig and other commands included in the package.

To print the routing table on Linux run:

As you can see the default gateway is 192.168.0.1, it is the router, the first hop through which the traffic passes before going to the next hop or final node.

By applying the flag -n (numerical) you can replace the destination domain name for IP addresses:

If you join a wired network with your Linux device, the DHCP does not work you stay without internet, additionally to setting an IP address, netmask you may need to add a gateway you can copy from the configuration of any other connected device.

To add a default gateway such as a router run:

To block a host run:

Note: replace 192.168.0.121 for the host you want to block.

Some of the most popular flags include:

You can learn more about the route command on its man page.

The route replacement: ip route

Since the route command explained above is deprecated the ip route command is replacing it just as ip replaced ifconfig, or iw replaced iwconfig. Below you’ll see some examples of commands replacing the shown previously:

To display the routing table using the ip route command run:

As you can see in the image above, like with route the default gateway is 192.168.0.1 which is the router. The same can be achieved by using only the letter r:

If you want to display the local table, which contains the destination addresses assigned to the local host you can run:

As you can see all printed addresses belong to the local device.

To add a default gateway using the command ip route run:

In my case:

You can remove the default gateway by replacing “add” for “delete”.

Ip route allows to assign the default route to additional interfaces,for this run:

You can also replace the default gateway by adding the flag replace as shown in the following example:

You can also instruct ip route to show only an output related to the IPv4 or IPv6 protocols specifically.

For IPv4

For IPv6 the syntax is the same:

To add an IPv6 gateway run:

If you want to block an address you can run:

You can also block from a specific source:

Blackhole filtering with ip route:

Blackhole filtering is when a firewall or routing device discards traffic intentionally based on defined rules, usually for security purposes.

Using both the command route and ip route in Linux you can create  blackhole filtering rules.

The first example shows a blackhole filter for both incoming and outgoing packets form ip address 192.168.3.2:

To remove a blackhole filter run:

As you can see after checking the blackhole was removed.

The ip route command is more complex than the former route, the man page clarifies all of the many options it contains, you can also access it online at https://manpages.debian.org/jessie/iproute2/ip-route.8.en.html.

I hope you found this brief article About Linux Command: route useful.
Keep following LinuxHint for additional updates and tips on Linux and Networking.

This article will list some of the most popular command line network speed monitoring tools available for Linux. Before going ahead, take heed of a few things. Some commands require root permissions to access network information. If you are not comfortable with these apps, many other no-root options are mentioned below.

Secondly, the command below will be regularly used to auto detect currently active network interface on your system. Whenever you see this command used in other commands, you can replace it with proper name of a network interface if you know it.

Let’s get started.

Ifstat

Ifstat is a simple command line utility that displays network bandwidth consumption and speed at regular intervals.

To install ifstat in Ubuntu, run the command below:

To view network speed for all interfaces, run the command below:

To view network speed for active interface only, run the command below:

Slurm

Slurm is command line tool to monitor real time network traffic. Apart from statistics about incoming and outgoing traffic, it also displays colorful ascii graphics to represent network consumption.

To install slurm in Ubuntu, run the command below:

To view network speed of currently active interface, run the command below:

Bmon

Bmon is a command line tool to capture and monitor network traffic activity. By default, it shows network speed in an interactive curses based user interface inside a terminal. However, it supports other output formats like HTML and plain text as well.

To install Bmon in Ubuntu, run the command below:

To view network speed for all interfaces, run the command below:

To view network speed for active interface only, run the command below:

Speedometer

Speedometer, as the name suggests, is a tool for monitoring and measuring network bandwidth. It’s terminal based interface uses colorful labels and graphs to represent bandwidth consumption and network speed.

To install speedometer in Ubuntu, run the command below:

To view network speed of currently active interface, run the command below:

Nethogs

Nethogs is a command line “top” tool for monitoring network speed. It works similar to top / htop utility and displays network speed for every process that is responsible for in or out network traffic.

To install nethogs in Ubuntu, run the command below:

To view network speed for all interfaces, run the command below:

To view network speed of currently active interface, run the command below:

Iftop

Iftop is another network monitoring tool that works like “top” command line tool. It displays network traffic for different processes in a tabular form.

To install Iftop in Ubuntu, run the command below:

To view network speed of currently active interface, run the command below:

Vnstat

Vnstat is simple and straightforward tool for monitoring network speed. Though it does not have bells and whistles of other tools mentioned above, it just works and can show network speed in just one line.

To install Vnstat in Ubuntu, run the command below:

To view network speed of currently active interface, run the command below:

Nload

Nload is a console based utility that can display real time network traffic statistics as well as maximum, minimum, and average bandwidth consumption.

To install Nload in Ubuntu, run the command below:

To view network speed of currently active interface, run the command below:

Wavemon

Wavemon is a command line tool that allows you to monitor wireless signal quality, speed, bandwidth consumption, and other useful information about your wireless connection.

To install Wavemon in Ubuntu, run the command below:

To view network speed of currently active wireless interface, run the command below:

Conclusion

Some apps have been omitted from this list as they aren’t being maintained anymore. However, almost all of the tools mentioned above come pre-installed by default on most Linux distributions and require no setup. They are useful for desktop PCs and are also extensively used for remotely monitoring servers.

The term IP Forwarding describes sending a network package from one network interface to another one on the same device. It should be enabled when you want your system to act as a router that transfers IP packets from one network to another.

On a Linux system the Linux kernel has a variable named `ip_forward` that keeps this value. It is accessible using the file `/proc/sys/net/ipv4/ip_forward`. The default value is 0 which means no IP Forwarding, because a regular user who runs a single computer without further components is not in need of that, usually. In contrast, for routers, gateways and VPN servers it is quite an essential feature.

Next, we will explain to you how to enable IP Forwarding temporarily, and permanently.

IP Forwarding As A Temporary Solution

In order to enable this kernel parameter on the fly you have two options. Option 1 simply stores the value of 1 in the variable from above as follows:

Option 2 uses the `sysctl` command that allows you to adjust different kernel parameters at runtime, too [2]. As an administrative user run the following command:

Keep in mind that this setting is changed instantly. Also, the result will not be preserved after rebooting the system.

You can query the stored value as follows:

This command returns a value of 0 for no IP Forwarding, and a value of 1 for IP Forwarding enabled. As an alternative, using `sysctl` also shows you the current status:

Enabling IP Forwarding Permanently

In order to achieve this some other steps have to be done. First, edit the file `/etc/sysctl.conf`. Search for a line containing the entry “#net.ipv4.ip_forward=1”, and remove the # at the beginning of the line.

Then, save the file, and run the `sysctl` command in order to enable the adjusted settings:

The option `-p` is short for `–load`, and requires a name for the configuration file to be followed.

Next, restart the proc file system that provides information about the status of the Linux kernel using the following command:

In about 2015 the file name was shortened from `procps.sh` to `procps`. So, on elderly Debian systems the script that you have to invoke is named `procps.sh`, instead.

Dealing With Systemd

The next hurdle came with the release of Systemd version 221. IP Forwarding is disabled by default, and enabling requires an additional file to be there. If it is not there yet, just add it. The file name consists of the name of the network interface followed by the suffix `.network`, for example `eth0.network` for the network interface `/dev/eth0`. As stated in the documentation [4], other extensions are ignored.

The following code snippet shows the setup for the network interface `/dev/tun0`. It contains of two sections — `Match` and `Network`. In the Match section define the name of the network interface, and in the network section enable IP Forwarding.

Conclusion

Activating IP Forwarding for IPv4 is not a mystery. Just a few steps, and your are there. Happy hacking!

Links and references

* [1] Setting up Systemd-Networkd, Debian Wiki
* [2] Juergen Haas: Learn the Linux sysctl command
* [3] Systemd News for version 221
* [4] Documentation for Systemd ]]> https://linuxhint.com/linux_network_bonding/ Sat, 21 Sep 2019 18:43:35 +0000 https://linuxhint.com/?p=47697

• Introduction to Network Bonding
• Configuring Network Bonding wired & wireless  on Debian 10 Buster (DHCP)
• Configuring Network Bonding wired & wireless on Debian 10 Buster (Static)
• Testing if Bonding is working
• Troubleshooting wpa_supplicant error when restarting networking services

Introduction to Network Bonding

Network Bonding is the bonding or combination of two different physical network interfaces to increase the bandwidth or backup connectivity in case an interface fails.

The addition of a network interface in order to backup connectivity is called “network redundancy”, in short network redundancy is when a network interface fails, the second (it may be more than 2 interfaces) replaces its functionality preventing connectivity failure. On the other hand, Network Bonding can be useful to distribute traffic between different network interfaces increasing the bandwidth capability, this is called “Load Balancing” and there are different types to provide both network redundancy and load balancing, or both of them.

There are different types of network bonding, in the first place you can combine you ethernet and wifi cards to achieve network redundancy, or load balancing (it won’t increase the speed provided by your ISP),  there are also available devices to achieve network balancing bonding 4g connections from mobiles, but you can also turn your Linux computer into a Network Bonding device.

There are 7 types of Network Bonding:

1. mode=0 (Balance Round Robin)
2. mode=1 (Active backup) ⇒ Explained in this tutorial.
3. mode=2 (Balance XOR)
4. mode=3 (Broadcast)
5. mode=4 (802.3ad)
6. mode=5 (Balance TLB)
7. mode=6 (Balance ALB)

This tutorial explains how to configure Network Bonding on Debian and Ubuntu Linux distributions in a way the wired connection is the default while the wireless is the backup when the wired isn’t connected. This is the mode 1 (Active Backup) and the Wireless device will work only when the wired fails. Both network devices will be bonded through bond0 interface.

Configuring Network Bonding wired & wireless on Debian 10 Buster (DHCP)

Before starting you need to install the ifenslave package to attach and detach slave network devices to a bonding device. Run:

Just in case load the bonding modules

The second step is to check your network interface names, run:

In my case I want to bond the ethernet card, identified as enp2s0 and the wireless card, identified as wlp3s0. While following this tutorial replace both names for your network card names.

Now you must make sure your network interfaces are present in the file /etc/network/interfaces. If they are not , open the file with nano:

Add similar lines to these I added below the comment “#Add similar lines to get your network cards working…” replacing my network card names (enp2s0 and wlp3s0) for yours:

Save and exit by pressing CTRL+X

Start the bonding devices by running:

Restart the networking service by running:

Bonding should be working now, but it wasn’t my case…an error preventing me from restarting the networking services appeared, if that was your case too check Troubleshooting wpa_supplicant error when restarting networking services, if you didn’t see errors then jump to Testing if Bonding is working to confirm everything went ok.

Configuring Network Bonding wired & wireless on Debian 10 Buster (Static)

 
If you already followed the steps above and want to change your configuration into static ignore the following steps and jump to the /etc/network/interfaces file edition to update it, if you started this tutorial from this section to setup a static configuration from 0 then follow all next steps starting by installing the ifenslave package to attach and detach slave network devices to a bonding device by running:

Just in case load the bonding modules

The second step is to check your network interface names, run:

In my case I want to bond the ethernet card, identified as enp2s0 and the wireless card, identified as wlp3s0. While following this tutorial replace both names for your network card names.

Now you must make sure your network interfaces are present in the file /etc/network/interfaces. If they are not , open the file with nano:

/etc/network/interfaces file edition for static configuration:

Add similar lines to these I added below the comment “#Add similar lines to get your network cards working…” replacing my network card names (enp2s0 and wlp3s0) for yours, also replace the IP addresses according to your network class (e.g 10.0.0.X, 192.168.1.X, etc.)

Save and exit by pressing CTRL+X

Start the bonding devices by running:

Restart the networking service by running:

Bonding should be working now, but it wasn’t my case…an error preventing me from restarting the networking services appeared, if that was your case too check Troubleshooting for errors when restarting networking services, if you didn’t see errors keep reading the next section to test your configuration and ignore the last one for troubleshooting.

Testing if bonding is working

To confirm bonding is working properly run:

To check your network settings you can also run

If your configuration was set properly you’ll see a similar result, if you’d set a static IP you’ll see it. In my static configuration I’d set IP 192.168.0.54:

Troubleshooting wpa_supplicant error when restarting networking services

Troubleshooting note (ignore this step if you didn’t get errors when restarting networking services)

When restarting the networking service I got the error:

“ Failed to initialize control interface ‘/run/wpa_supplicant’.You may have another wpa_supplicant process already running or the file was left by an unclean termination of wpa_supplicant in which case you will need to manually remove this file before starting wpa_supplicant again.“

To solve it just rename the file /run/wpa_supplicant/wlp3s0 (replace wlp3s0 with your wifi card name)

If you got the error I mentioned above probably when trying to restart your networking services some interfaces went down, repeat the step to start the bonding devices (ignore this step if you didn’t get the error and services restarted properly):

And then restart the networking services again

And then restart the networking services again

This should be working now, to confirm it run:

To check your network settings you can also run

I hope you found this tutorial useful to get your Network Bonding working on Debian 10 Buster and Ubuntu Linux distributions, keep following LinuxHint for more tips and updates on Linux.

• Tcptrack
• Nload
• Iftop
• Cbm
• Iperf

The present tutorial explains how to measure your internet connection speed using different tools available for Linux. Before going through these tools there are some concepts which should be clarified, the download speed, the upload speed and latency, this tutorial focuses on the download speed.

Download speed: the download speed is the receiving speed, the speed used by packets to reach your device, that’s the relevant speed when you download files, watch online videos or visit websites, it is the most relevant measure for home users.

Upload speed: the upload speed is the sending speed, the speed to send traffic from your device to another device over the internet, it is the speed you see when uploading images or videos to any website or through any communication app. Usually Internet Service Providers give an extremely low upload speed unless you pay an extra, it is especially relevant for servers.

Latency: is the time traffic takes to arrive destination and get back to your device, this isn’t necessarily related to the speed since high latency may be caused due many hops or intermediating routers between your device and the destination, each routing device will have it’s own latency, as explained on Traceroute with Nmap if you notice low speed between your device and a specific destination, a way to diagnose the problem is to traceroute a packet all its way over the internet trying to find a low intermediating device measuring the latency.

TCPTRACK

The first tool described in this tutorial is tcptrack, which can be installed in Debian and Ubuntu Linux distributions through apt, you can get tcptrack for other Linux distributions at https://pkgs.org/download/tcptrack.

Installing tcptrack on Debian and Ubuntu:

When using tcptrack you need to specify your network device with the option -i. In my case the network device is wlp3s0, therefore I run:

Live output:

These are mostly websites, you can also specify a port, which is especially useful for servers, to specify a port simply add the option port, the following example shows tcptrack measuring the internet connection on the port 56254.

Live output:

With the option -d you can instruct tcptrack to measure only connections established after tcptrack was launched.

Live output:

NLOAD

Nload is another tool to monitor network traffic and bandwidth speed like tcptrack, it also can be installed through apt on Debian and Ubuntu Linux distributions, it is also available as tar.gz for other distributions at https://sourceforge.net/projects/nload/. The advantage of nload is you can easily see the incoming and outgoing traffic divided.

To install nload on Debian or Ubuntu run:

To launch nload you need to specify the network device, replace wlp3s0 with your network device and launch it as in the following example:

Live output:

IFTOP

Iftop is another opensource tool available on Debian and Ubuntu respositories, you can download it for other Linux distributions as tar.gz at http://www.ex-parrot.com/pdw/iftop/.

To launch iftop run it adding the option -i to define your network card as in the following example:

Live output:

At the bottom  you can see the transmitted traffic, (TX) and received (RX), cum (cumulative) shows the traffic since iftop was executed, peak rates and rates. The last line (TOTAL) shows the total value for each of the mentioned.

CBM

CBM is another tool available on Debian and Ubuntu Linux distributions repositories, you can also find it for other distributions at https://github.com/resurrecting-open-source-projects/cbm.

CBM is a colorful tool which can display all network interfaces traffic simultaneously without discriminating between connections giving a total result.
To install cbm on Debian or Ubuntu run:

Then just run without options

Cbm does not need too much explanation, each column clearly details it function.

You can browse the different interfaces with the arrows to display each interface IP address.

IPERF

Iperf is a great tester to measure the bandwidth between two nodes, it supports TCP,UDP,SCTP, IPv4 and IPv6, it shows timing, loss and more. Iperf is included in Debian and Ubuntu repositories too, it is available for other distributions at https://iperf.fr/.

Iperf must be installed in both devices which communication speed will be measured.
To install Iperf on Debian or Ubuntu on both computers run:

Then, from the server device run:

From the second device run:

In my case it would be:

Here you have a  very detailed article on IPERF with deep analysis by Bamdeb Ghosh highly recommended. I hope you found this description on speed monitors useful, keep following LinuxHint for more tips and updates on Linux.

Related articles:

ethtool Commands and Examples
How to Monitor Network Traffic using nethogs ]]> https://linuxhint.com/monitoring_linux_network_stats/ Sat, 21 Sep 2019 18:33:24 +0000 https://linuxhint.com/?p=47777 Brief Introduction
IPTRAF
VNSTAT
IFSTAT
IFTOP
Related articles

Brief introduction

This tutorial goes deep on network stats for Linux users describing IPTRAF, VNSTAT, IFSTAT and IFTOP being IPTRAF and VNSTAT the most complete programs listed with a variety of options for monitoring customizations. All programs included in this article are available on Debian and Ubuntu repositories and their official urls are shown for users using different distributions.

IPTRAF

 Iptraf is a very friendly console interactive tool to monitor traffic statistics including many customization options, together with vnstat it is the most complete tool shown in this tutorial. It is also available on Debian and Ubuntu repositories, you can download it for different distributions at https://github.com/vergoh/vnstat.

To install Iptraf on Debian and Ubuntu based systems run:

Run Iptraf executing:

Note: run iptraf-ng and no iptraf or you’ll get an error like “bash: iptraf: command not found“, this tool needs your terminal to be properly sized to work, maximize your terminal when running it.

Once executed Iptraf main menu is displayed, to begin learning this menu press ENTER on the first option “IP traffic monitor”.

Iptraffic will let you select the network card you want to monitor, or all them, in my case I chose wlp3s0, select your proper network card,or all them, and press ENTER.

On the new screen you see your traffic on live view, you can move between lines with your arrow keys and display additional information by pressing M (more).

The default view shows the packets quantity, when pressing M you can see the size.
Press Esc to go back to the main menu.

With the keyboard arrows move to the next options on the main menu, to “General interface statistics“.

In this screen you can find summarized statistics for all your network cards together.

Press Esc again to go back to the main menu.

On the main menu, go to the option “Detailed interfaces statistics” and press ENTER.

In this menu you can select the network card you want detailed statistics on individually, select your card and press ENTER.

This screen shows the total packets, total bytes, incoming and outgoing packets and bytes for protocols IPv4, IPv6, TCP,UDP, ICMP, Non IP, total rates and incoming and outgoing rates for the selected network card. Press Esc to go back to the main menu.

Browse to “Statistical breakdowns” and press ENTER.

In this menu you can select statistics by packet size or protocol, select any and press ENTER.

Select your network card and press ENTER.

The section shows the packet sizes going through the network by port and protocol. Press Esc to go back to the main menu.
On the main menu move to “LAN station monitor”

Select your network interface or all them and press ENTER.

This section shows the MAC addresses and the incoming and outgoing packets, units are expressed in  kb/s.

Go back to the main menu by pressing Esc.

On the main  menu  press ENTER  on Filters.

You can see filter options for IP,ARP, RARP and Non-IP packets and on the right side the current configuration enabled or disabled for each, press ENTER on any of the options.

Select “Define new filter” and press ENTER.

Set your filter name and press ENTER.

To add a new filter press the key I (insert).

Here you can define your filter rules, such as source and destination IP addresses, ports and more, below you can select if include or exclude.

Press Esc to go back to the main menu.
On the main menu browse to Configure and press ENTER.

Here you have many options such as logging statistics, format modes and more, you can browse all options and set any you want.

To exit this menu move to “Exit Configuration” and press ENTER.

VNSTAT

Vnstat is a traffic monitor available for Linux and BSD systems, it is included in Debian and Ubuntu repositories, other Linux distribution users can get it as tar.gz from https://humdi.net/vnstat/.

To install vnstat on Debian and Ubuntu run:

Once installed vnstat needs to be configured properly, run:

Inside the configuration file you’ll find the line “#default interface” and below it “Interface eth0”, if your network card is identified as eth0 you should leave it, but if your network interface is different replace it, in my case I’d set wlp3s0 to monitor my wifi card. You can also edit the location of the db, when timing should be updated, date formats and more options.

Once replaced if needed, press CTRL+X and Y to save and exit.

To run vnstat, on the terminal just run:

Output:

Contrary to the rest of monitors explained in this tutorial, vnstat runs on background and logs all traffic allowing the user to display it monthly, weekly,daily or hourly basis among more options you can see by running vnstat —help.

IFSTAT

Ifstat is a very simple tool for traffic statistics, it is also included in Debian and Ubuntu repositories, other Linux distribution users can find ifstat at http://gael.roualland.free.fr/ifstat/.

to install ifstat on Debian or Ubuntu run:

To launch ifstat run:

IFTOP

Iftop is another tool available on Debian and Ubuntu Linux distributions repositories, to install it run apt install iftop

To launch iftop use the -i option to specify the network interface:

In my case:

Iftop shows the transmission and reception rates, as well as incoming and ongoing speed for each established connection. At bottom you can see summarized statistics

I hope you liked this article on Linux tools for network statistics, keep following LinuxHint for more tips and updates on Linux and networking.

Related articles:

ethtool Commands and Examples
How to Monitor Network Traffic using nethogs
Top 10 Ubuntu Network Tools

The present tutorial is a continuation of Basic Linux Network Commands, despite it starts with easy commands for DNS lookup, all commands are essential to diagnose problems. In this tutorial a few examples for each command are shown and briefly explained.

The nslookup and host commands to query DNS records

According to Wikipedia “nslookup is a network administration command-line tool available in many computer operating systems for querying the Domain Name System (DNS) to obtain domain name or IP address mapping, or other DNS records.”

In the following example the command nslookup is used to resolve the IP address of linuxhint.com.

The following example shows the mx records for linuxhint.com by applying the option -type=mx.

Alternatively you could use the command host to get both lookup resolution and mx records:

The dig command to query DNS records

The dig command (Domain Information Groper) needs a longer description to understand its output (check Understanding dig command output section)

Where (Understanding dig command output):

The first line ; <<>> DiG 9.11.5-P4-5.1-Debian <<>> linuxhint.com shows the dig version used.
The following lines specify dig got an answer to a query without errors,  its ID number, flags section in this case show it is printing a query response (qr), Recursion Desired (rd) and Recursion Available (ra). The rest prints the quantity of results.

Next lines show EDNS (Extension mechanisms for DNS) compatibility, while the Question section shows what was asked (linuxhint.com Address).

The answer section gives the result, linuxhint.com IP address (A).

The rest is additional description on how the query  was carried out, time, DNS server and size.

It is important to highlight all from all mentioned above only the lines without “;” are relevant, lines starting with “;” are comments.
By default, dig works through our local DNS (on Linux specified in the file /etc/resolv.conf). We can specify a DNS by adding a @ prefix.
The following example instructs dig to use the 1.1.1.1 DNS and avoid all comments with the option +short.

To end the introduction to dig, a final example showing the CNAME records for LinuxHInt:

You can use dig to get any kind of DNS record like MX records.

The traceroute command to diagnose network problems

All modern operating systems include the traceroute feature (recently explained in Nmap traceroute). This function is excellent to diagnose network problems, including speed tests and packets which can’t reach the destination. When traffic goes through internet each routing device intermediating is called “hop”, traceroute helps to identify what hops are affecting our traffic in some manner, for example, delaying it or blocking it.

The following example shows a simple traceroute, without options, for linuxhint.com

In the example above you see 15 hops, or routing devices from my local router 192.168.0.1 to reach linuxhint.com, some of the hops, 2, 10 and 11 are not responding to the traceroute packets (* * *).
Let’s take a single line to check:

On the side right you can see the round-trip time (RTT), it gives three times because by default traceroute sends 3 packets, you can modify it by applying the -q option.

The following example will show only one RTT result per line:

In case a connection is slow, or you couldn’t reach the destination by using traceroute you can determine what hop is generating the problem.

The scp command to transfer files between devices

The scp command is a command every admin, or user should know to transfer files between Linux devices, it was deeply explained at Using the scp Command, but will be quoted in this tutorial too.

The first example shows how to copy a file from a remote computer to the local computer, the syntax is:

Where:
scp = calls the program
Username = replace it for the proper username
@ = separates username and host/ip
X.X.X.X = replace it for the proper host/ip.
:/path/to/remote/file = determine the remote location of the file to fetch.

/local/directory/where/to/save/the/file = replace it for the local directory where you want to store the file.

In my case, I connect to the remote device with IP 192.168.0.1 using the user linuxhint to copy the Vagrantfile file which is stored in the home directory of the user linuxhint, and I copy it to the home of the local user called shared.

The following example shows how to copy a local file to a remote device:

Where:
scp = calls the program
FILENAME = name of the file to transfer
Username = replace it for the proper username
@ = separates username and host/ip
X.X.X.X = replace it for the proper host/ip
:/remote/directory = determine the remote location to store the transferred file.

The nc command to transfer files and scan ports

The nc (netcat) command is among the most useful tools for sysadmins, nc is useful for many tasks like redirecting, port scan, server diagnostics, file transferences, network monitoring and more. This tutorial shows two examples of the nc command use to scan ports and transfer files over the network.

The following example shows how nc is used to send a file called “linuxhint” from a computer to another through port 22.

On the destination computer run the following command:

On the sending computer execute:

I check the file is there by running ls

The following example shows how nc is used to scan the range port 22-80 on linuxhint.com

The rsync command to clone and files directories between devices

The rsync command is a great tool to clone files and directories from a device to other, it can be useful to keep real time synchronization between devices, you can keep updated back up, create a script for Continuous Data Protection and more. The following 2 examples show how to synchronize files and directories from and to a server.

The syntax to copy a file from a server to a directory is:

In the following example I copy the file named linuxhint to the current or working directory (.)

I check the file transference with by running  ls on the working directory

The following example shows how to clone a local directory to a remote server, the syntax is:

In this practical example I clone a directory named rsync to the Desktop directory of the linuxhint user at the remote server.

Where:
a= archive
z= compress
v= verbosity

I hope you found this description on important Linux networking commands useful to understand their importance when working with networks. Keep following LinuxHint for new tips and updates on Linux and networking.

This tutorial briefly describes some basic commands any Linux user should know to check the network configuration, state and configure it. This tutorial will show basic applications of commands, a new tutorial is being written to explain more advanced scenarios. For advanced tips on the following and additional tutorials check Advanced Linux Network Commands. Here you’ll learn how to change IP addresses on Linux, how to disable and enable network cards under Linux using different commands, how to set your wireless card in monitor and managed modes with iwconfig, how to get an IP address from your DHCP server using the dhclient command, how to set a gateway under Linux, get the IP address of a domain name and monitor the traffic between your device and the network with netstat, in some cases the same functions with different commands.

The ip command

The ip command allows to print information on the network interfaces and configuration, as well to apply changes, it replaces the old ifconfig command which will be explained later in this tutorial.

To get a general view on your network devices configuration you can run:

An equivalent to ip address is ip addr show, it will throw the same result:

If you want to limit the information to IPv4 information run:

Note: if you work with IPv6 run ip -6 a

To show the information on a single network device apply the option dev as in the next example:

In my case I executed:

If you want to show the IPv4 information of a single device you can run:

To remove an existing IP address for a device you can run:

In my case I ran:

Then, to assign a new IP address run:

In my case I executed:

To disable a network card the command is:

In my case I run:

To enable the network card called enp2s0 back I run:

The ifconfig command

The ifconfig command is predecessor to the command ip. Not all modern Linux distributions include it, to get it working some distributions need the user to install the package net-tools.

To get a general view on your devices configuration run as root:

You can also print information on a specific device by adding it after invoking ifconfig, in the following example I print information for the wlp3s0 device:

With ifconfig you can change the address by specifying it after the network device

In my case it would be like:

Note: the examples above show how to enable the network card using the command ifconfig, but you can also use the command ip link set down <device> as explained in the ip command section.

It is recommended to include the proper netmask as in the next example by adding the netmask option.

For more information on the ifconfig command, check the tutorial How to use ifconfig.

The iwconfig command

Very similar to ifconfig, Linux includes the iwconfig command too which is useful to set configurations exclusive for wireless network cards. In the following examples the iwconfig command will be used to change the wireless network card modes between managed mode and monitor mode. The monitor mode is useful to sniff packets without being associated with other stations or routers, it is mandatory when cracking wireless routers with programs like reaver or aircrack-ng.

As you can see by default our network cards are set in Managed mode, which allows the wifi card to act as a network station. Run:

Note: where “wlp3s0” replace it with your network device name.

To change the Managed mode shown in the image above, first we need to disable the wifi card using the command ifconfig.

Then set the monitor mode by running:

And now enable the wireless network card back

Check the new mode by running iwconfig wlp3s0:

To restore the managed mode repeat the process replacing the step iwconfig wlp3s0 mode monitor for iwconfig wlp3s0 mode managed

The dhclient command

When joining a network you obviously need a free IP address to attach your device to it. While you can ping or nmap the network to set up a new device, many routers assign it through DHCP. if you want  your new device to automatically get an IP address and it didn’t by default you can use the dhclient command. In many cases when trying to join a wireless network using WICD, I found the “Obtaining IP” process to get stuck or taking a long time and managed to help it by running this command.

The syntax is:

In my case

The route command

When joining a network which wasn’t properly configured to allow new devices to connect you will need to set a proper IP address, usually it will be manually through the command ip or ifconfig, to set the proper gateway using the command route and enable proper DNS, like 8.8.8.8 to access internet. The following example shows how to add and remove gateways.
To remove a defined gateway run:

In my case I ran:

To add a new gateway run:

To check your defined gateways run:

The host command

The command host is useful for domain name lookup, to learn the IP address of a specific domain name. For example, to learn linuxhint.com IP address just run

The netstat command

To end this tutorial lets see how to monitor our network traffic with the command netstat.
Run the command netstat without options:

By default the netstat command will show ESTABLISHED connections, If you want to list the listening ports only run the command with the -l option:

By default, netstat will also list all TCP and UDP connections, if you want to show TCP connections, or listening ports only run:

Note: the option -a prevents lookup to speed up results.

If you want to show UDP connections only then run:

I hope you found this article useful to learn basic network commands, learning them is a must for every Linux user to afford any network inconvenient. Keep following LinuxHint for more tips and updates on Linux and networking.

In this article, I am going to show you some of the common ways to find the IP address of your Linux server or workstation. So, let’s get started.

Finding IP Addresses with ip Command:

The ip command is the most popular command for finding the IP addresses assigned to the network interfaces of your Linux server or workstation. You will very likely find this command preinstalled on every modern Linux distribution out there.

To find the IP addresses of all the network interfaces connected to your Linux server or workstation, run the ip command as follows:

As you can see, I have 2 network interface attached to my CentOS 7 server. One is ens33 and the other one is ens37. The ens33 network interface has the IPv4 address 192.168.21.131 and the ens37 network interface has the IPv4 address 192.168.50.1.

The ip command also prints the IPv6 address attached to the network interfaces of your Linux server or workstation.

As you can see, on my CentOS 7 server, the IPv6 address attached to the ens33 network interface is fe80:fd75:7722:6480:6d8f. The same way, the IPv6 address configured to the ens37 network interface is fe80:20c:29ff:feaa:bd0e.

If you want, you can also find the IPv4 or IPv6 address configured to a specific network interface.

For example, to find the IP (IPv4 or IPv6) address of the network interface ens33, run the ip command as follows:

As you can see, the IP addresses of the network interface ens33 is shown only.

Finding IP Addresses with nmcli:

nmcli is the command line tool for configuring Linux network interfaces via Network Manager. You can use it to find the IP addresses configured on the network interfaces on your Linux server or workstation.

To list all the Network Manager network interface connections you have on your Linux server or workstation, run the following command:

As you can see, I have 2 Network manager connections Private (for the interface ens37) and ens33 (for the interface ens33). On Network Manager, you can name your network connections. I have named one here (Private) and left the other (ens33) without naming it anything.

Now, to see the IP addresses configured on the network connection Private, run the nmcli command as follows:

As you can see, the IPv4 (and IPv6 if configured) address is listed. In my case, the IP address is 192.168.50.1.

We can also find the IP addresses of the ens33 (unnamed) network connection with nmcli as follows:

As you can see, the IP address of the ens33 network connection is listed. But something is different here. The network connection ens33 got the IP address via DHCP. That’s why it is in the DHCP4 OPTION.

Finding IP Addresses with ifconfig Command:

ifconfig is a very old command for finding the IP addresses of Linux servers and workstations. It is so old that is it not even installed on any modern Linux distribution by default. I’ve included it here because you might have to maintain very old servers with some old Linux distribution. The command is very simple to use anyway.

To find the IP addresses of all the network interfaces of your Linux server or workstation, run the ifconfig command as follows:

As you can see, the IP addresses of all the network interfaces on my CentOS 7 server is listed.

If you want to list the IP address of any single network interface (let’s say ens33), then run the ifconfig command as follows:

As you can see, the IP address of the ens33 network interface is printed on the console only.

Finding IP Addresses in GNOME Desktop Environment:

If you’re using a graphical desktop environment on your Linux workstation such as GNOME 2 or GNOME 3, then you can find the IP address of you network interface graphically.

On GNOME desktop environment, open the Settings app and click on Network as marked in the screenshot below.

Now, select the network interface which you want to find the IP address of and you should be able to find the IP address of that network interface as you can see in the screenshot below.

Finding the Public IP Address of your Server:

You can use a third party website ifconfig.me to find the public IP address of your Linux server very easily. For this to work, you need to have curl installed on your server.

To find the public IP address of your Linux server, run the following command:

So, that’s how you find the IP address in Linux servers and workstations. Thanks for reading this article.

In this brief tutorial you’ll learn how to check your mac address and how to edit it randomly or for a specific replacement mac address.

For this tutorial I will work on the network card enp2s0, replace this network card for yours (e.g eth0, wlan0, etc.)

To check your mac address just execute:

We can see on the enp2s0 network card the mac address is d0:17:c2:12:3c:cd while the wlp3s0 wifi card mac address is a2:58:a6:6a:29:04. Mac addresses 12 digits, 6 fields of 2 characters and letters separated by “:” like XX:XX:XX:XX:XX:XX.

The first 6 characters and numbers belong to the device manufacturer, in my case d0:17:c2 belongs to ASUS. The last 12 digits are the ID number for the hardware and it is unique.

First of all, to edit our network card mac address we need to disable our network card, the mac can not be changed while the card is being used. To disable our network card run:

Then, to edit our mac address type:

Then enable the network card back by typing:

If you need to edit our mac frequently maybe is convenient to use a  program called macchanger, to install it on Debian or Ubuntu systems run:

During the installation you’ll be asked if macchanger should start when a networking device is enabled, here you can decide whatever you want, changing your mac address by default shouldn’t create problems unless you have your router configured to accept specific mac addresses.

Select any of the options and press enter to finish.

After macchanger is installed we can also check our mac address by typing

As you can see it matches with the mac address exposed using ifconfig.

Here Macchanger shows the current mac, the real hardware’s mac (Permanent MAC) and the new one if you assign it.To change your mac address fast for a random address simply run:

Make sure you run macchanger as root and that the network device is down. If you get an error when running this command then run:

To disable your network card, after it type “ifconfig” again and you’ll see your network card wont show up.

Then run macchanger -r again.

If we want to assign our card a specific address we can execute:

For example

If we set our card up and run an ifconfig we’ll see our new mac address.

After editing our mac address we need to enable the network card back, for this run::

Now we can see our system also displays the new mac address 32:ce:cb:3c:63:cd.

Firewalls and IDS can contain policies whitelisting and banning specific mac addresses. Manipulating our network cards’ physical address is a great step to avoid leaving traces in logs and increase your privacy by masking your device or to bypass security obstacles when pentesting a network, the most common use as said at the starting is when we want to crack a wifi access dissociating a connected device with the aircrack suite by cloning it’s mac address.

I hope you found this tutorial on macchanger useful, keep following LinuxHint for more tips and updates on Linux.

In this article, I am going to show you how to install and use nethogs to monitor network traffic on Linux. So, let’s get started.

Installing nethogs on Ubuntu/Debian:

nethogs is not installed on Ubuntu/Debian by default. But, it is available in the official package repository of Ubuntu/Debian. So, you can easily install nethods with the APT package manager.

First, update the APT package manager cache with the following command:

Now, install nethogs with the following command:

nethogs should be installed.

Now, to check whether nethogs is working, run the following command:

As you can see, it’s working correctly.

Installing nethogs on CentOS 7:

nethogs is not installed on CentOS 7 by default. But nethogs is available in the EPEL repository of CentOS 7. So, you can easily install nethogs from the EPEL repository with the YUM package manager.

First, enable EPEL repository with the following command:

Now, press y and then press <Enter>.

Now, press y and then press <Enter> to accept the GPG key of the CentOS 7 repository.

EPEL repository should be enabled.

Now, run the following command to install nethogs with the YUM package manager.

Now, press y and then press <Enter>.

Now, press y and then press <Enter> to accept the GPG key of the EPEL repository.

nethogs should be installed.

Now, to check whether nethogs is working, run the following command:

nethogs is working perfectly.

Installing nethogs on Arch Linux:

nethogs is not installed on Arch Linux by default as well. But, nethogs is available in the official package repository of Arch Linux. So, you can easily install nethogs on Arch Linux using the Pacman package manager.

Now, press y and then press <Enter> to continue.

nethogs should be installed.

Now, run the following command to check whether nethogs is working.

As you can see, nethogs is working perfectly.

Using nethogs:

Now that you have nethogs installed, you’re ready to monitor your network traffic with nethogs.

If you want to monitor the network traffic of all the network interface of your computer, you can run nethogs as follows:

nethogs should start. As you can see, the network upload (sent) and download (received) speeds for each process is listed. The network interface each process is using is also listed here. The owner of the process and also the PID is listed here. If you have any process which is eating up network bandwidth unnecessarily, you can just kill the process using the PID.

nethogs should automatically update the information just like top and htop does.

By default, nethogs displays the network download and upload speeds in kilobytes/s (kb/s). This is one of the display modes of nethogs. There are 4 display modes of nethogs, the default kb/s, total bytes used (b), total kilobytes used (kb), total megabytes used (mb). You can press the m key on your keyboard to while nethogs is running to cycle through these display modes.

The default display mode of nethogs. It shows the network download and upload speed in kilobytes/s (kb/s).

Another display mode of nethogs. In this display mode the total network usage per process in kilobytes (kb) is displayed. Also the total network usage of every process (in kb) is displayed as well.

In this display mode the total network usage per process in bytes (b) is displayed. Also the total network usage of every process (in b) is displayed as well.

In this display mode the total network usage per process in megabytes (mb) is displayed. Also the total network usage of every process (in mb) is displayed as well.

You can close nethogs network monitor with <Ctrl> + c.

If you want to monitor a specific network interface using nethogs, you can easily do it.

For example, let’s say, you want to monitor the network interface ens33 with nethogs. To do that, start nethogs network monitor with the following command:

NOTE: You can list all the network interfaces of your computer with the ip a command.

Now, only the ens33 interface should be monitored.

So, that’s how you use nethogs on Linux to monitor network traffic. Thanks for reading this article.

In this article, I will show you how to use ethtool command on Linux. I will be using Debian 9 Stretch for the demonstration. But any modern Linux distribution should work. Let’s get started.

Checking ethtool Availability:

In most cases, ethtool should already be installed on your favorite Linux distribution. You can check whether ethtool is installed already with the following command:

As you can see, ethtool 4.8 is installed on my Debian 9 Stretch machine.

If you see an error, then ethtool may not be installed on your computer. You can install ethtool very easily in your favorite Linux distribution. I will show you how to install ethtool on Ubuntu, Debian, RHEL 7 and CentOS 7 in the next sections of this article below.

Installing ethtool on Ubuntu and Debian:

ethtool is available in the official package repository of Ubuntu and Debian. So it is really easy to install.

First, update the APT package repository cache with the following command:

Now, install ethtool with the following command:

Installing ethtool on CentOS 7 and RHEL 7:

ethtool is available in the official package repository of CentOS 7 and RHEL 7. You can install it very easily.

First, update the YUM cache with the following command:

Finally, install ethtool with the following command:

Displaying Network Interface Card Information with ethtool:

You can display information about the network interface cards (NICs) connected to your computer with ethtool utility. To do that, you need the network interface name of your network interface card (NIC).

On Linux, every network interface card (NIC) is assigned unique names such as eth0, ens32 etc.

First, find the assigned names of all the available network interfaces of your computer, with the following command:

As you can see, I have only two network interface cards (NICs) connected to my computer. If you have more, it should show up here. The assigned names of my network interfaces are ens33 and enx00e04c42a3fe respectively. Yours should be different. But take a note of these as you will need it from now on.

Now, to display more information about a network interface card (let’s say enx00e04c42a3fe) with ethtool, run the following command:

As you can see, a lot of information about the network interface card enx00e04c42a3fe is listed here.

For example, the supported link modes of your NIC is displayed here.

The currently used duplex mode and speed is displayed here as well. As you can see, it is connected in full duplex mode at 100 Mbps speed.

You can also find out whether your NIC supports auto negotiation from here. If auto negotiation is enabled, your NIC picks a random link mode from one of its supported link modes depending on the Router or switch port it’s connected to.

Checking Which Driver your NIC is Using:

You can also check which driver your NIC is using with ethtool command.

For example, to check for the driver used by one of your NIC (let’s say enx00e04c42a3fe), run ethtool command as follows:

As you can see, my enx00e04c42a3fe NIC is using Realtek r8152 driver version 1.08.7. Yours may be different.

Display Network Usage Statistics with ethtool:

You can find out how many packets the NIC sent (Tx or transmitted) and received (Rx or received) using ethtool. You can also find out how many of these packets collided, transmission (Tx) errors and receiver errors (Rx) and many more.

To display your NIC (let’s say enx00e04c42a3fe) statistics, run ethtool as follows:

As you can see, a lot of statistics data on your NIC is displayed.

Making your NIC Blink Using ethtool:

Making your NIC blink may sound useless. But imagine a case where your computer has lots of network interfaces. How would you know which port is assigned what network interface name? Well, just blink each network interface and find out for yourself using ethtool. Simple!

To blink a network interface (let’s say enx00e04c42a3fe) with ethtool, run ethtool as follows:

This feature may not be available on your NIC card. Check the manual of your NIC card for more information on this.

My NIC card do not have this feature, so all I get is an error.

Setting Speed and Modes on NICs Manually:

At times, auto negotiation may fail and your NIC may use the wrong speed and mode. You can easily fix that with ethtool.

First, check what speeds and modes are supported on your NIC (Let’s say enx00e04c42a3fe) with the following command:

You can find the supported link modes of your NIC in the Supported link modes section and your Routers or Switches advertised link modes on Link partner advertised link modes section as you can see in the marked section of the screenshot below. My NIC and Router supports, 10baseT and 100baseT in Half and Full duplex mode.

Currently, my NIC enx00e04c42a3fe is working in Full duplex mode at 100 Mbps speed.

To change it, let’s say in Full duplex mode at 10 Mbps speed, run ethtool as follows:

As you can see, the speed is changed to 10Mbps and the duplex mode is full. Also, auto negotiation is turned off.

Getting Help on ethtool:

The ethtool command has lots of options. It’s not possible to show how every option work in this article due to the scope and hardware limitation of my computer.

But you should be able to find what you need on the manpage of ethtool, which you can access with the following command:

So, that’s how you use ethtool on Linux. Thanks for reading this article.

GNS3 Features

• Can be used as a proof of concept or client demonstration for commercial purposes
• A great platform for learning and teaching of a network environment
• With the use of a virtual lab, you can test a multi vendor interoperability
• Good for real-time network simulation for pre-deployment testing
• Quickly run and test multiple hardwares without the need for a physical hardware
• For purpose of network certification training, you can customise topologies and labs within GNS3
• Furthermore, you can connect GNS3 to a real network environment

GNS3 2.0.3 Changelog

• Display error when we can’t export files
• Fix auth header not sent is some conditions
• If we have auth issue at server startup continue to get better error
• Do not override IOU configuration file when you change the image
• Fix some PNG loading issues on Windows
• Handle label with missing elements
• Support floating value for font size
• Handle partial json in a response
• Add Dominik as a new team member

How to install GNS3 on Ubuntu 17.04, Ubuntu 16.10, Ubuntu 16.04, Ubuntu 15.04, Ubuntu 14.04

sudo add-apt-repository ppa:gns3/ppa

sudo apt-get update && sudo apt-get install gns3-gui

How to uninstall GNS3 from Ubuntu

sudo apt remove gns3-gui

How to install GNS3 on Arch Linux

yaourt -S gns3-gui gns3-server

How to install GNS3 on Fedora 24

dnf install gns3-server gns3-gui wireshark wireshark-qt