Linux Networking Fundamentals: Interface Inspection, Connection Listing, Ping Tests, and Simple Firewall Setup
Introduction
Ever wonder why your Linux server can’t reach the internet or why certain ports stay open? In the next few minutes we’ll master the essential tools to inspect interfaces, list active connections, test reachability, and lock down your server with a simple firewall. These commands give you instant visibility into network health, reduce debugging time, and let you secure access with just a few lines.
1. View Network Interfaces
The modern replacement for the classic ifconfig is ip. It provides a concise view of every interface, its IP address, MAC address, and operational state.
# Show all interfaces with details
ip addr show
Typical output:
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 52:54:00:12:34:56 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.10/24 brd 192.168.1.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fe12:3456/64 scope link
valid_lft forever preferred_lft forever
Why use ip?
-
Unified syntax for addresses, routes, and link settings.
-
Works consistently across modern distributions.
-
Provides richer information (e.g., scope, lifetime).
2. List Listening Sockets
ss (socket statistics) supersedes netstat. It is faster, more memory‑efficient, and offers granular filters.
# Show all listening TCP and UDP sockets
ss -tuln
Sample output:
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
tcp LISTEN 0 128 0.0.0.0:22 *:*
udp UNCONN 0 0 127.0.0.1:323 *:*
You can also get a quick summary:
ss -s
Tips:
-
Add
-pto see the owning process (ss -tulpn). -
Use
-4or-6to limit to IPv4/IPv6. -
Combine with
grepfor specific ports, e.g.,ss -tuln | grep ':80'.
3. Test Connectivity with Ping
The simplest way to verify that a host is reachable is ping. Limiting the count prevents endless output.
# Send three ICMP echo requests to Google DNS
ping -c 3 8.8.8.8
Typical result:
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=115 time=12.3 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=115 time=12.1 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=115 time=12.2 ms
--- 8.8.8.8 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 12.101/12.215/12.345/0.098 ms
Best practice: Use an external, reliable host (e.g., 8.8.8.8 or 1.1.1.1) to rule out DNS issues. For DNS troubleshooting, replace the IP with a hostname.
4. A Minimal Firewall with UFW
Uncomplicated Firewall (UFW) provides a user‑friendly front‑end to iptables. For many servers, a default‑deny policy with explicit allows is sufficient.
# Enable the firewall (defaults to deny incoming, allow outgoing)
sudo ufw enable
# Allow SSH (port 22) so you don’t lock yourself out
sudo ufw allow ssh
# Verify the rule set
sudo ufw status verbose
Typical status output:
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
To Action From
-- ------ ----
22/tcp (SSH) ALLOW IN Anywhere
22/tcp (SSH) ALLOW IN Anywhere (v6)
Why UFW?
-
Simple commands (
allow,deny,status). -
Persists across reboots.
-
Integrates with
systemdfor automatic reloads.
5. Quick Tips & Automation
You can chain the commands to create a one‑shot health check script. Using && ensures each step only runs if the previous one succeeded.
#!/usr/bin/env bash
set -euo pipefail
ip addr show && \
ss -tuln && \
ping -c 2 1.1.1.1 && \
sudo ufw status
Save this as netcheck.sh, make it executable (chmod +x netcheck.sh), and run it whenever you need a rapid snapshot of network health.
Best Practices
-
Prefer
ipandssover legacy tools for speed and consistency. -
Run commands as root (or with
sudo) when you need full visibility. -
Document firewall rules; a comment in
/etc/ufw/user.ruleshelps future audits. -
Test firewall changes on a non‑production host or use
ufw status numberedto manage rules safely. -
Log ICMP failures (
/var/log/syslogorjournalctl -u systemd-networkd) to detect silent outages.
Common Pitfalls
-
Forgetting to allow SSH before enabling UFW, which results in immediate lock‑out.
-
Relying solely on
pingfor DNS health; usedigornslookupfor name resolution checks. -
Assuming
ss -tulnshows all traffic; it only lists sockets that are listening, not established outbound connections. Usess -sorss -pfor deeper inspection. -
Over‑permissive firewall rules (e.g.,
ufw allow 0.0.0.0/0) defeat the purpose of hardening.
Performance Benefits
-
ssreads kernel socket tables directly, making it orders of magnitude faster thannetstaton busy systems. -
Minimal firewall rules reduce packet‑filter processing overhead, keeping latency low for allowed services.
Conclusion
With just a handful of commands—ip addr show, ss -tuln, ping -c 3 <host>, and a few ufw lines—you gain full visibility into your Linux server’s network stack and can lock down access without wrestling with raw iptables. Combine them into scripts, integrate into monitoring pipelines, and you’ll spend far less time chasing phantom network bugs.
What’s your go‑to command for Linux network debugging? Share it in the comments and let the community learn from each other!
Related Posts
Linux Commands Every Developer Should Know
A practical guide to the terminal commands that show up in daily development, debugging, and server work.
Useful Linux Commands for Logs and File Search
A production-style walkthrough of find, tail, journalctl, grep, and awk for server troubleshooting.
Mastering Bash: Variables, Loops, and Conditionals for Everyday Automation
Learn how to write clean Bash scripts using variables, for‑loops, and ternary conditionals to automate repetitive Linux tasks.
Mastering Linux User and Group Administration: From Creation to Sudo Privileges
Learn how to create, modify, and manage Linux users, groups, passwords, and sudo rights using native commands. Step‑by‑step guide with best practices and pitfalls to avoid.