Table of Contents
Using Core Networking Tools: `ip`, `ss`, and `ping`
This chapter focuses on three essential command‑line tools for day‑to‑day network diagnostics and management on modern Linux systems:
ip: configure and inspect network interfaces, addresses, routes, and moress: view socket and connection informationping: test basic connectivity and latency
You’ll see only the most commonly useful options and patterns that are relevant in practice.
The `ip` Command
ip (from the iproute2 suite) is the modern replacement for older tools like ifconfig, route, and arp. It has a consistent syntax:
ip <object> <subcommand> [options]Common objects you’ll use:
addr(ora): IP addresses on interfaceslink: physical/logical network interfacesroute(orr): routing tableneigh: neighbor/ARP entries
Inspecting Interfaces and Addresses
Show all addresses on all interfaces:
ip addr show
# or shorter:
ip aTypical output includes:
- Interface name:
lo,eth0,enp3s0,wlan0, etc. - State:
UP,DOWN - MAC address (for Ethernet)
- IPv4 addresses (
inet) - IPv6 addresses (
inet6)
Show addresses for a specific interface:
ip addr show dev eth0
# equivalent:
ip a s dev eth0Show only active (UP) interfaces:
ip link show upEnabling and Disabling Interfaces
Bring an interface up or down (requires root):
sudo ip link set dev eth0 up
sudo ip link set dev eth0 downThis changes the current runtime state, not any persistent config files.
Adding and Removing IP Addresses
Add an IPv4 address to an interface:
sudo ip addr add 192.168.1.50/24 dev eth0Remove it:
sudo ip addr del 192.168.1.50/24 dev eth0Notes:
/24is the CIDR prefix (equivalent to255.255.255.0).- These changes are temporary and lost on reboot unless saved via your distro’s network configuration mechanism.
Viewing and Managing Routes
Show the current routing table:
ip route show
# or shorter:
ip rYou’ll typically see:
- A default route (
default via 192.168.1.1 dev eth0) - Routes for local subnets
Show routes for IPv6:
ip -6 route showAdd a temporary default route (root needed):
sudo ip route add default via 192.168.1.1 dev eth0Delete a route:
sudo ip route del defaultAgain, these routing changes are not persistent across reboots.
Viewing ARP / Neighbor Entries
On IPv4, neighbor entries are the ARP cache: mapping IP → MAC.
Show neighbor table:
ip neigh showExample usage when debugging connectivity on a LAN:
- If you can’t reach
192.168.1.10, check if it has a neighbor entry:
ip neigh show 192.168.1.10- If the entry is
FAILEDorINCOMPLETE, ARP resolution is failing.
Delete a bad or stale neighbor entry:
sudo ip neigh del 192.168.1.10 dev eth0The `ss` Command
ss (socket statistics) shows network connections and listening sockets. It is the modern replacement for netstat and is usually faster and more feature‑rich.
Basic syntax:
ss [options]Listing All Connections
Show all sockets (TCP, UDP, Unix, etc.):
ss -aThis can be very verbose. More focused queries are common.
Common Views for TCP
Show established TCP connections:
ss -t state establishedShow listening TCP sockets (i.e., servers/daemons listening for connections):
ss -tlnMeaning of common flags:
-t– TCP sockets only-u– UDP sockets only-l– listening sockets-n– show numeric addresses/ports (no DNS/port name lookups)-a– all (listening + non‑listening)
Showing Process Information
To see which process owns a particular socket, use -p (requires root for full details):
sudo ss -tulpnThis is one of the most useful commands when you want to know:
- Which process is listening on port 80?
- Is a service actually bound to the right IP/port?
Breakdown:
-t– TCP-u– UDP-l– listening-p– show process (PID/program)-n– numeric addresses/ports
Example: find what’s using port 22 (SSH):
sudo ss -tnlp | grep ':22 'Filtering by Port or Address
You can use sport (source port) and dport (destination port) filters.
Show connections to port 443 (HTTPS):
ss -t state established '( dport = :443 )'Show all listening sockets on port 80:
ss -tln '( sport = :80 )'Show all UDP sockets bound to a given address:
ss -uln 'src 192.168.1.10'Note on quoting: the filter expression is inside single quotes to prevent the shell from interpreting parentheses.
Inspecting Local Services
Common usage patterns when troubleshooting services:
- Is something listening on a port?
ss -tln | grep ':8080'- What process is that?
sudo ss -tulpn | grep ':8080'- Is your server bound to
127.0.0.1(loopback) only or to all interfaces (0.0.0.0)?
ss -tln | grep ':80'
# Look at the "Local Address:Port" columnThe `ping` Command
ping tests basic IP connectivity between your machine and another host. It sends ICMP Echo Request packets and waits for Echo Replies.
Typical use cases:
- Is the host reachable at all?
- Is there basic network connectivity (DNS, gateway, etc.)?
- What is the approximate round‑trip time (latency)?
Basic Usage
Ping a hostname or IP:
ping example.com
On many Linux systems, ping runs indefinitely until you stop it with Ctrl+C. The summary statistics (packet loss, average RTT) appear after you interrupt.
Common way to send a limited number of pings:
ping -c 4 example.comFlags:
-c 4– send 4 packets and exit-i 0.5– set interval (in seconds) between pings (e.g., 0.5 seconds)-W 2– wait up to 2 seconds for a reply before giving up
Reading `ping` Output
A typical response line:
64 bytes from 93.184.216.34: icmp_seq=1 ttl=55 time=18.4 msKey fields:
ttl: how many hops the packet can still traverse (decreases at each router)time: round‑trip latencyicmp_seq: sequence number of the packet (helps see loss or reordering)
At the end, you’ll see a summary like:
4 packets transmitted, 4 received, 0% packet loss, time 3003ms
rtt min/avg/max/mdev = 18.123/18.456/18.789/0.200 mspacket loss: shows connectivity quality (0% is ideal)avg: average round‑trip time
Pinging Different Targets
To locate where a problem might be, you can ping progressively:
- Loopback (local TCP/IP stack):
ping -c 2 127.0.0.1- Default gateway (router):
ping -c 4 192.168.1.1- An external IP (bypassing DNS):
ping -c 4 8.8.8.8- A hostname (tests DNS resolution + connectivity):
ping -c 4 google.comThis pattern helps narrow down whether the issue is local, with the gateway, with upstream networking, or with DNS.
When `ping` Fails
Common failure messages:
connect: Network is unreachable
→ Likely no route to that network; check your routing table (ip route).Destination Host Unreachable
→ A router or your own host cannot find a route; check IP, subnet, and gateway.Request timeout for icmp_seq
→ No response; packet loss or firewall might be dropping ICMP.
Some networks or hosts block ICMP entirely; lack of ping response does not always mean the host is completely down.
Putting the Tools Together
These tools are most powerful when combined in a logical troubleshooting flow. Examples:
Example 1: Web Service Not Reachable Externally
- Check service is listening locally:
ss -tlnp | grep ':80'- Confirm interface has correct IP:
ip addr show dev eth0- Verify route to client or gateway:
ip route show- From a client machine, test basic connectivity:
ping -c 4 server-ip
If ping works but you still can’t reach the web app, suspect firewalls or application-level issues.
Example 2: No Internet on a Desktop
On the desktop:
- Check a local interface and address:
ip a- Check default route:
ip r- Ping the router:
ping -c 4 192.168.1.1- Ping an external IP:
ping -c 4 8.8.8.8- Ping a hostname:
ping -c 4 google.com- If needed, verify no local service is hijacking ports:
ss -tulpnBy following these steps, you can systematically isolate whether the problem is in local configuration, routing, upstream connectivity, or DNS.
Quick Reference
Useful ip commands:
ip a # show addresses
ip link # show interfaces
ip link show up # show only UP interfaces
ip r # show routes
ip neigh # show ARP/neighbor table
sudo ip link set dev eth0 up
sudo ip addr add 192.168.1.50/24 dev eth0
sudo ip route add default via 192.168.1.1 dev eth0
Useful ss commands:
ss -tln # listening TCP sockets
ss -tuln # listening TCP and UDP
sudo ss -tulpn # listening sockets with process info
ss -t state established
ss -tln | grep ':22'
Useful ping commands:
ping 8.8.8.8 # continuous ping (Ctrl+C to stop)
ping -c 4 google.com # send 4 pings
ping -c 4 192.168.1.1 # test gateway
ping -c 2 127.0.0.1 # test local stackThese tools form the foundation of everyday network diagnostics on Linux.