Commandes réseau Linux Cheat Sheet
Aperçu général
Les commandes réseau Linux fournissent des outils complets pour la configuration du réseau, le dépannage, la surveillance et l'analyse de sécurité. Ce guide couvre les services de réseautage essentiels pour les tests de connectivité, la gestion des interfaces, l'analyse du trafic et les diagnostics de réseau que chaque professionnel de l'informatique doit maîtriser.
C'est pas vrai. Attention : Les commandes réseau peuvent affecter la connectivité et la sécurité du système. Tester les changements de réseau dans les environnements sûrs et maintenir les méthodes d'accès de sauvegarde.
Test de connectivité réseau
Connectivité de base
# Test basic connectivity
ping hostname
ping -c 4 hostname # Send 4 packets only
ping -i 2 hostname # 2-second intervals
ping -s 1000 hostname # Large packet size
# IPv6 ping
ping6 hostname
ping6 -c 4 ::1 # IPv6 localhost
# Continuous ping with statistics
ping -c 100 hostname|tail -2 # Show summary only
Test de connectivité avancé
# Trace network path
traceroute hostname
traceroute -n hostname # No DNS resolution
traceroute -p 80 hostname # Use port 80
traceroute -m 15 hostname # Max 15 hops
# IPv6 traceroute
traceroute6 hostname
# MTU discovery
ping -M do -s 1472 hostname # Test MTU size
tracepath hostname # Path MTU discovery
```_
### Essais portuaires et de service
```bash
# Test specific ports
telnet hostname 80
telnet hostname 22
# Netcat for port testing
nc -zv hostname 80 # Test port 80
nc -zv hostname 20-25 # Test port range
nc -u hostname 53 # Test UDP port
# Test multiple ports
nmap -p 80,443,22 hostname
nmap -p 1-1000 hostname # Scan port range
```_
## Résolution et essais DNS
### DNS de base Questions
```bash
# Lookup IP address
nslookup hostname
nslookup hostname dns-server
# Reverse DNS lookup
nslookup IP_address
# Dig command (preferred)
dig hostname
dig @dns-server hostname
dig hostname MX # Mail exchange records
dig hostname NS # Name server records
dig hostname TXT # Text records
DNS avancé Opérations
# Detailed DNS information
dig +trace hostname # Trace DNS resolution path
dig +short hostname # Short output
dig +noall +answer hostname # Answer section only
# Reverse DNS with dig
dig -x IP_address
# DNS cache operations
systemctl flush-dns # Flush DNS cache (systemd)
sudo systemd-resolve --flush-caches
# Check DNS configuration
cat /etc/resolv.conf
systemd-resolve --status
DNS Dépannage
# Test different DNS servers
dig @8.8.8.8 hostname
dig @1.1.1.1 hostname
dig @208.67.222.222 hostname # OpenDNS
# DNS performance testing
dig hostname|grep "Query time"
time nslookup hostname
# Check DNS propagation
dig +trace hostname @8.8.8.8
Gestion de l'interface réseau
Informations sur l'interface
# Show all interfaces
ip addr show
ip a # Short form
ifconfig # Traditional command
# Show specific interface
ip addr show eth0
ifconfig eth0
# Show interface statistics
ip -s link show
cat /proc/net/dev
Configuration de l'interface
# Bring interface up/down
ip link set eth0 up
ip link set eth0 down
ifconfig eth0 up
ifconfig eth0 down
# Assign IP address
ip addr add 192.168.1.100/24 dev eth0
ifconfig eth0 192.168.1.100 netmask 255.255.255.0
# Remove IP address
ip addr del 192.168.1.100/24 dev eth0
# Change MAC address
ip link set dev eth0 address 00:11:22:33:44:55
ifconfig eth0 hw ether 00:11:22:33:44:55
Gestion de l'interface sans fil
# Wireless interface info
iwconfig
iw dev wlan0 info
# Scan for wireless networks
iwlist wlan0 scan
iw dev wlan0 scan
# Connect to wireless network
iwconfig wlan0 essid "NetworkName"
iwconfig wlan0 key s:password
# Wireless signal strength
iwconfig wlan0|grep Signal
watch -n 1 iwconfig wlan0
Tables d'acheminement et de réseau
Gestion des tableaux d'acheminement
# Show routing table
ip route show
route -n # Traditional command
netstat -rn
# Add route
ip route add 192.168.2.0/24 via 192.168.1.1
route add -net 192.168.2.0/24 gw 192.168.1.1
# Delete route
ip route del 192.168.2.0/24
route del -net 192.168.2.0/24
# Default gateway
ip route add default via 192.168.1.1
route add default gw 192.168.1.1
ARP Gestion des tableaux
# Show ARP table
ip neigh show
arp -a
# Add ARP entry
ip neigh add 192.168.1.100 lladdr 00:11:22:33:44:55 dev eth0
arp -s 192.168.1.100 00:11:22:33:44:55
# Delete ARP entry
ip neigh del 192.168.1.100 dev eth0
arp -d 192.168.1.100
# Clear ARP cache
ip neigh flush all
Connexions réseau et ports
Connexions actives
# Show all connections
ss -tuln # TCP/UDP listening ports
ss -tulpn # Include process names
netstat -tuln # Traditional command
netstat -tulpn
# Show established connections
ss -t state established
netstat -t|grep ESTABLISHED
# Show connections by process
ss -p
lsof -i # List open network files
Spécifique au port Informations
# Show what's using a specific port
ss -tulpn|grep :80
netstat -tulpn|grep :80
lsof -i :80
# Show all ports used by a process
ss -p|grep process_name
lsof -p PID
# Show network files by user
lsof -i -u username
Statistiques des réseaux
# Network interface statistics
ss -i # Interface info
netstat -i # Interface statistics
cat /proc/net/dev
# Protocol statistics
ss -s # Socket statistics
netstat -s # Protocol statistics
cat /proc/net/snmp
Surveillance et analyse des réseaux
Surveillance des réseaux en temps réel
# Monitor network traffic
iftop # Interface traffic
iftop -i eth0 # Specific interface
nethogs # Per-process bandwidth
nload # Network load monitor
# Bandwidth monitoring
vnstat # Network statistics
vnstat -i eth0 # Specific interface
vnstat -d # Daily statistics
Capture et analyse des paquets
# Capture packets with tcpdump
tcpdump -i eth0 # Capture on eth0
tcpdump -i any # Capture on all interfaces
tcpdump -w capture.pcap # Write to file
tcpdump -r capture.pcap # Read from file
# Filter packets
tcpdump host 192.168.1.100
tcpdump port 80
tcpdump tcp and port 22
tcpdump -n icmp # ICMP packets only
# Wireshark command line
tshark -i eth0 # Live capture
tshark -r capture.pcap # Read file
tshark -i eth0 -f "port 80" # Capture filter
Essais de performance du réseau
# Bandwidth testing with iperf
iperf3 -s # Server mode
iperf3 -c server_ip # Client mode
iperf3 -c server_ip -t 30 # 30-second test
iperf3 -c server_ip -u # UDP test
# HTTP performance testing
curl -w "@curl-format.txt" -o /dev/null -s http://example.com
wget --spider -S http://example.com
Sécurité du réseau et numérisation
Scannage des ports
# Nmap basic scans
nmap hostname # Basic scan
nmap -sS hostname # SYN scan
nmap -sU hostname # UDP scan
nmap -sV hostname # Version detection
# Nmap advanced options
nmap -A hostname # Aggressive scan
nmap -O hostname # OS detection
nmap -p 1-65535 hostname # Full port scan
nmap --top-ports 1000 hostname # Top 1000 ports
Surveillance de la sécurité des réseaux
# Monitor failed connections
tail -f /var/log/auth.log|grep "Failed"
journalctl -f -u ssh
# Check for suspicious connections
ss -tulpn|grep LISTEN
netstat -tulpn|grep LISTEN
# Monitor network traffic patterns
tcpdump -c 100 -i eth0|awk '\\\\{print $3\\\\}'|sort|uniq -c
Pare-feu et contrôle de la circulation
Iptables Basics
# List current rules
iptables -L
iptables -L -n -v # Verbose with numbers
# Basic rules
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -j DROP # Drop all other input
# Save and restore rules
iptables-save > /etc/iptables/rules.v4
iptables-restore < /etc/iptables/rules.v4
UFW (pare-feu non compliqué)
# UFW basic operations
ufw status
ufw enable
ufw disable
# Allow/deny rules
ufw allow 22
ufw allow ssh
ufw deny 23
ufw allow from 192.168.1.0/24
# Delete rules
ufw delete allow 22
ufw --numbered status
ufw delete 1
Contrôle de la circulation
# Show traffic control rules
tc qdisc show
tc class show dev eth0
# Bandwidth limiting
tc qdisc add dev eth0 root tbf rate 1mbit burst 32kbit latency 400ms
# Remove traffic control
tc qdisc del dev eth0 root
Systèmes et services de fichiers réseau
NFS (Système de fichiers réseau)
# Show NFS exports
showmount -e nfs_server
exportfs -v # Local exports
# Mount NFS share
mount -t nfs nfs_server:/path /mnt/nfs
mount -t nfs4 nfs_server:/path /mnt/nfs4
# NFS statistics
nfsstat
nfsstat -c # Client stats
nfsstat -s # Server stats
SSH et accès à distance
# SSH with options
ssh -p 2222 user@hostname # Custom port
ssh -i keyfile user@hostname # Private key
ssh -L 8080:localhost:80 user@hostname # Local port forwarding
ssh -R 8080:localhost:80 user@hostname # Remote port forwarding
# SCP file transfer
scp file user@hostname:/path/
scp -r directory user@hostname:/path/
scp -P 2222 file user@hostname:/path/ # Custom port
# SFTP operations
sftp user@hostname
sftp -P 2222 user@hostname # Custom port
Dépannage de réseau
Questions communes liées aux réseaux
# Check network connectivity layers
ping 127.0.0.1 # Loopback test
ping gateway_ip # Gateway connectivity
ping 8.8.8.8 # Internet connectivity
nslookup google.com # DNS resolution
# Check network configuration
ip addr show # IP configuration
ip route show # Routing table
cat /etc/resolv.conf # DNS configuration
Dépannage des performances
# Check for packet loss
ping -c 100 hostname|grep "packet loss"
# Check network latency
ping -c 10 hostname|tail -1
# Check bandwidth utilization
iftop -i eth0
nload eth0
# Check for network errors
ip -s link show eth0
cat /proc/net/dev|grep eth0
Diagnostic avancé
# MTU path discovery
tracepath hostname
# Check for duplicate IP addresses
arping -D -I eth0 192.168.1.100
# Network socket debugging
ss -tulpn|grep LISTEN
lsof -i|grep LISTEN
# Check network hardware
ethtool eth0 # Ethernet tool
mii-tool eth0 # Media-independent interface tool
Ressources
- [Guide d'administration du réseau Linux] (LINK_5)
- TCP/IP Network Administration
- [Guide de l'utilisateur de Wireshark] (LINK_5)
- [Scannage réseau Nmap] (LINK_5)
- [Linux Networking Cookbook] (LINK_5)
*Cette feuille de triche fournit des commandes réseau complètes pour les systèmes Linux. Assurez-vous toujours d'avoir une autorisation appropriée avant d'effectuer des analyses de réseau ou des modifications dans les environnements de production. *