~/ linuxnetwork.net

Mastering Interface & Connection Information with net-tools: A Comprehensive Guide

Net-tools is a legacy suite of command-line utilities for managing network interfaces, connections, and routing tables on Unix-like operating systems. Developed in the early 1990s, it became the de facto standard for network administration for decades. While modern Linux distributions have largely adopted iproute2 (a more powerful, kernel-integrated alternative) as the default network toolset, net-tools remains critical for:

  • Maintaining legacy systems and scripts that rely on its syntax.
  • Troubleshooting network issues on older servers or embedded devices.
  • Gaining a foundational understanding of network concepts before moving to modern tools.

This blog focuses on the core net-tools commands for inspecting interface status and connection information, with detailed examples, common practices, and best practices to streamline your network administration workflows.

Table of Contents#

  1. Introduction to net-tools and its Relevance
  2. Key Commands for Interface & Connection Information 2.1 ifconfig: Network Interface Configuration & Status 2.2 netstat: Network Connection & Statistics 2.3 arp: Address Resolution Protocol Table Management 2.4 route: Routing Table Configuration & Inspection
  3. Migrating to iproute2: Modern Alternatives
  4. Troubleshooting Common Scenarios with net-tools
  5. Conclusion
  6. References

2. Key Commands for Interface & Connection Information#

2.1 ifconfig: Network Interface Configuration & Status#

2.1.1 Basic Syntax & Core Functionality#

ifconfig (interface configurator) is used to:

  • Display the status of active/inactive network interfaces.
  • Assign IP addresses, netmasks, and MTU values to interfaces.
  • Bring interfaces up or down.

Basic Syntax:

ifconfig [interface] [options] [IP netmask]

2.1.2 Common Usage Examples#

  1. Show all active interfaces:

    ifconfig

    Output includes IP address, MAC address, broadcast address, and interface state (e.g., UP, RUNNING).

  2. Show all interfaces (including inactive):

    ifconfig -a

    Useful for diagnosing disabled or unconfigured interfaces.

  3. Inspect a specific interface:

    ifconfig eth0

  4. Bring an interface up/down:

    sudo ifconfig eth0 up
sudo ifconfig eth0 down

  5. Assign a static IP address:

    sudo ifconfig eth0 192.168.1.10 netmask 255.255.255.0 broadcast 192.168.1.255

2.1.3 Best Practices#

  • Always use sudo when modifying interface settings (requires root privileges).
  • Use -a to avoid missing inactive interfaces that may be causing connectivity issues.
  • Verify changes with ifconfig <interface> immediately after making them.
  • Avoid using ifconfig in new automation scripts; prefer ip addr or ip link from iproute2 for long-term compatibility.

2.2 netstat: Network Connection & Statistics#

2.2.1 Basic Syntax & Core Functionality#

netstat (network statistics) provides real-time insights into:

  • Established, listening, and pending network connections.
  • Routing tables, interface statistics, and protocol-specific metrics.

Basic Syntax:

netstat [options]

2.2.2 Common Usage Examples#

  1. List all listening TCP/UDP ports with process details:

    sudo netstat -tulpn

    Flags breakdown:

    • -t: TCP connections
    • -u: UDP connections
    • -l: Listening ports only
    • -p: Show process ID (PID) and name
    • -n: Numeric output (skip DNS lookups for speed)

  2. Show established TCP connections:

    netstat -nt

  3. Display the routing table:

    netstat -rn

  4. Filter connections for a specific port:

    netstat -tulpn | grep :80

    Useful for verifying which process is using port 80 (HTTP).

2.2.3 Best Practices#

  • Combine flags for targeted output (e.g., -tulpn is a standard combination for port monitoring).
  • Use -n to avoid DNS resolution delays, especially on systems with slow or unreliable DNS.
  • Use -p only when necessary, as it exposes sensitive process information and requires root access.
  • For continuous monitoring, pipe output to watch: 
    watch netstat -tulpn

2.3 arp: Address Resolution Protocol Table Management#

2.3.1 Basic Syntax & Core Functionality#

The arp command manages the ARP table, which maps IPv4 addresses to physical (MAC) addresses on the local network. This is critical for resolving layer-2 connectivity issues.

Basic Syntax:

arp [options] [IP address]

2.3.2 Common Usage Examples#

  1. Show all ARP table entries:

    arp -a

  2. Show numeric entries (no DNS lookup):

    arp -n

  3. Delete a stale ARP entry:

    sudo arp -d 192.168.1.1

  4. Add a static ARP entry (persists until reboot):

    sudo arp -s 192.168.1.10 00:11:22:33:44:55

2.3.3 Best Practices#

  • Clear ARP cache entries only when you suspect stale or incorrect mappings (e.g., duplicate IP conflicts).
  • Use static ARP entries sparingly; they can break connectivity if the target device’s MAC address changes (e.g., hardware replacement).
  • Verify static entries with arp -a and test connectivity with ping <IP>.

2.4 route: Routing Table Configuration & Inspection#

2.4.1 Basic Syntax & Core Functionality#

The route command manages the kernel routing table, which determines how packets are forwarded between networks.

Basic Syntax:

route [options] [add/del] [target]

2.4.2 Common Usage Examples#

  1. Show routing table (numeric output):

    route -n

    Avoids DNS lookups and speeds up output.

  2. Add a default gateway:

    sudo route add default gw 192.168.1.1 eth0

  3. Add a static route to a subnet:

    sudo route add -net 10.0.0.0 netmask 255.255.255.0 gw 192.168.1.2 eth0

  4. Delete a route:

    sudo route del -net 10.0.0.0 netmask 255.255.255.0

2.4.3 Best Practices#

  • Use -n to avoid DNS-related delays and errors when DNS is unavailable.
  • Always specify the interface (e.g., eth0) when adding routes to avoid ambiguity on multi-interface systems.
  • Test temporary routes first; for permanent changes, use distribution-specific files (e.g., /etc/network/interfaces for Debian, /etc/sysconfig/network-scripts for RHEL).

3. Migrating to iproute2: Modern Alternatives#

While net-tools is still useful, iproute2 is the modern, kernel-integrated toolset recommended for all new systems. Here’s a quick mapping of net-tools commands to iproute2 equivalents:

net-tools Commandiproute2 Equivalent
ifconfig eth0ip addr show eth0
ifconfig eth0 upip link set eth0 up
netstat -tulpnss -tulpn
netstat -rnip route show
arp -aip neigh show
route -nip route show

Iproute2 offers more granular control, better performance, and support for modern network features like IPv6 and network namespaces.

4. Troubleshooting Common Scenarios with net-tools#

4.1 Diagnosing Interface Connectivity Issues#

  1. Check if the interface is active: 
    ifconfig eth0 | grep "UP BROADCAST RUNNING"
  2. If inactive, bring it up: sudo ifconfig eth0 up
  3. Verify IP assignment: ifconfig eth0 | grep "inet addr"

4.2 Identifying Unwanted Network Connections#

  1. List all listening ports: sudo netstat -tulpn
  2. Filter for suspicious ports: netstat -tulpn | grep :2222
  3. Kill the associated process: sudo kill <PID>

4.3 Resolving ARP Cache Conflicts#

  1. Check for duplicate IPs in the ARP table: arp -n
  2. Delete the conflicting entry: sudo arp -d 192.168.1.5
  3. Force re-resolution: ping 192.168.1.5

5. Conclusion#

Net-tools remains a valuable tool for legacy network administration and troubleshooting. Understanding its core commands (ifconfig, netstat, arp, route) is essential for maintaining older systems and scripts. However, for new infrastructure, iproute2 is the preferred choice due to its modern feature set and long-term support.

By combining the best practices and examples outlined in this guide, you can efficiently diagnose and resolve network issues using net-tools, while also being prepared to transition to modern tools when needed.

6. References#

2026-03