The Linux command line can be used for monitoring, management, and troubleshooting. In this video, you’ll learn about ping, curl, dig, traceroute, cat, top, and more.
If you need to make changes to IP addresses or configurations of your network adapter inside of Linux, then you’ll need to use the IP command. From here, you can enable an interface, disable an interface, or make changes to the configuration of your network settings. To view your current IP configuration, you can use the IP address command that shows you a breakdown of IP addresses separated by the interfaces inside of your Linux device.
If you want to view routing tables, you can use IP route. And if you need to configure an IP address on an interface, there’s a single command line for IP address and then the parameters that you’d like to update. It’s always a challenge when you sit down at a new computer and you’re not quite sure what the IP address configuration is of this device. So on this Linux machine, we will use the IP address command. And it shows us that there are two separate interfaces on this device.
Interface 1 is a loopback address, and it shows all the loopback address information. Since this is a loopback address, it will always have an address on the 127 network, and the default IP address for most devices is 127.0.0.1.
There’s also a second address. This is the primary ethernet adapter on this device. This is adapter enp0s5, and it has an IP address of 10.211.55.20 with a subnet mask of 24. The broadcast address is 10.211.55.255, and you can view MAC information here. There’s also IPv6 information displayed as well. If there are multiple adapters inside of this computer, we will see the IP address configuration for each of those by running the IP address command.
If you’re a system administrator of other operating systems, then you’re probably already familiar with the ping command. Ping command is an almost universal command that’s used across many different operating systems to be able to query a device across the network and see if you can get a response. This is usually one of the first things you do when you’re troubleshooting the network. You use the ping command to see if you can get a response from that remote device.
The syntax of the ping command is very similar to almost any other operating system. We type ping, and then we specify an IP address that we would like to access. Let’s say in this case that we would like to see if device 9.9.9.9 is going to respond to us across the internet. That is for the quad9 DNS service. And if we hit Enter, it begins the process of pinging quad9. It sends 56 bytes of data by default. We get information saying that we are receiving responses from that device.
We can see sequence numbers, time to live information, and round trip time for this ping. Unlike other operating systems, you’ll notice that the ping command in Linux will continue to ping every second until you use the Control-C command and interrupt the process. At that point, it gives us a summary saying that we’ve sent 26 packets, that we’ve also received 26 packets. There’s been zero packet loss because of that. And this occurred over a time frame of 25,000 milliseconds, which is 25 seconds.
The round-trip time minimums, averages, maximums, and deviations are also listed at the bottom. You can see that our minimum time was 35 milliseconds, the average was 35, the maximum was 36.8, and we have a standard deviation of 0.450 milliseconds. When you’re working at the command line, there’s obviously no graphical browser that you can use to access a website, but there are ways to request and receive information from a web server using HTML at the command prompt and the utility CURL.
CURL stands for Client URL, and we’re able to retrieve data from that device using a specific Uniform Resource Locator. This allows us to access a web page or even other devices using this CURL utility. Once we receive all of the raw data or the raw HTML from that website, you can then search through that information, parse out any details, or even use this as part of an automated script.
If you’re using a graphical browser, you can specify a website like www.professormesser.com, and you can view the information associated with that website. But at the command prompt, there is no graphical browser, so we will use the CURL command. And I will specify www.professormesser.com. And the information that we receive in the terminal screen is the raw HTML that would normally be rendered by your graphical browser.
But since we have access now to the raw HTML, we can search through this data, we can parse information, we can look and see what may be really being transferred across the network, and this shows us a raw data view of the entire web page.
When you’re troubleshooting network problems, you might also be troubleshooting issues communicating to a DNS server. One way that you can run commands to see what type of response you would get from that DNS server is to use the dig utility. If you’re a Windows user, then you’re probably familiar with nslookup. The dig command is very similar to the functionality of nslookup, although the resulting output is slightly different.
Let’s use dig to find the IP addresses associated with my website. We’ll use the dig command, and then we’ll specify www.professormesser.com, and we’ll hit Enter. And when we do that, it gives us a series of output messages associated with our request. The first is the dig version that we’re using. And you can see that we’re using this to find www.professormesser.com. It tells us that the request that we made or the question that was posed was for that fully qualified domain name. And by default, I was asking for the internet address. That’s the IN and the A associated with that question.
The next section is the answer section, and you can see that there are three separate IP addresses that were returned from the DNS server. professormesser.com can be found at 104.22.72.108, 172.67.41.114, and 104.22.73.108. By design, there are multiple points of presence on the internet that will allow you to connect to our web server. So depending on where you are in the world, you may have a different IP address. And occasionally, you will see more than one IP address resolve to a single fully qualified domain name, and that’s provided for redundancy. If you’re not able to connect to the first IP address, there are two other IP addresses that will get you to www.professormesser.com.
Earlier, we were able to ping the quad9 DNS server across the internet. To be able to communicate to that server, we had to hop through a number of different routers between my device and the quad9 servers. If you would like to see every router that exists between here and that quad9 server, you can use the traceroute command. This will map the entire path that a packet takes between our device and that remote location and tell us the IP address of every router along the way.
If you’re a Windows user, you’ve probably run a traceroute using tracert. But if you’re in Linux, Unix, or Mac OS, you use the full name of traceroute. Traceroute uses something called a time to live exceeded message to be able to build this table of different routers between two points. When we want to know what the first router is, traceroute uses a time to live of 1. When we want to know what the second hop might be, it uses a time to live of 2.
Notice that the time to live is referring to the number of hops. It’s not referring to a time of day or the number of minutes or seconds that it takes to communicate across the network. Another challenge you’ll run into is that many devices will filter the time to live exceeded messages that are received back. So if you’re working with a firewall that filters out those ICMP messages or the router itself that you’re communicating with will not send back a time exceeded message, then that is a piece of information that will be dropped from the traceroute results.
Let’s run a traceroute to my web server. So we’ll run traceroute w-w-w www.professormesser.com, and we’ll have it go through the traceroute process. This will run relatively quickly, although you’ll notice that there are certain hops along the way where we do not receive a message back from that router. Specifically, we did lose two of those messages on hop 3, and we didn’t get any information from hop 5. If we look at the results of this traceroute, we can see there are 10 hops between our device and the IP address associated with www.professormesser.com.
In this case, it is found that IP address to be 104.22.73.108. And since we have a number of different points of presence around the world, that IP address might change depending on where you happen to be. In each one of these hops, you will notice there is an IP address. That’s the IP address of the router at that hop. And then there are three separate measurements. These are round-trip time measurements to that particular router. By default, traceroute performs each check three times to every hop. You can, of course, modify these configuration options within the traceroute command line. But by default, this gives you the overview of what you might need to be able to determine how many routers there might be between one device and another.
If you’ve downloaded Linux to use on your own system, then you already know the download did not include any type of separate documentation. Instead, the documentation that you need for Linux is built into the operating system itself. And to access those manuals, you would use the man command. Simply use man and the name of the command that you would like to reference, and it will provide all of the documentation for that particular command.
For example, we just ran the traceroute command, but there must have been other parameters that we could have chosen. And we can find those by typing the man option and the name of the utility. In this case, it’s traceroute. And when we hit Enter, it shows us the reference manual for traceroute. Tracing the route to a host shows all of the different command line options.
And if I use an arrow down, I can go a line at a time. Or if I use the spacebar, I can go a page at a time. You can also use the arrow keys or the Page Up and Page Down to move back and forth through the manual information. For instance, you could have used the dash f command to specify the first hop of the traceroute. You can choose the method, the port number that’s being used. Remember earlier, when I mentioned that traceroute goes through each individual hop three times, you can modify that number with the dash q option. And you have information here that can change the way the output is shown on the traceroute command.
When you’re finished reading through the man page, it tells you that you can press H for help or Q to quit. And since we’re done, we press Q, and we’re back to where we started. The term “concatenate” means to link together in a series, and there is a concatenate command inside of Linux, and it is abbreviated to cat. The cat command allows you to view information in a file and put that information on the screen. Or you could also take multiple files and then move them into a third file using a redirect such as the greater than sign.
Let’s try that at our prompt on our Linux machine. On our Linux device, we have three files, one.txt, two.txt, and three.txt. And if we cat one.txt, you’ll see that it simply contains the number 1 and the letters spelled out, one, O-N-E. If we cat two.txt, it has a similar output. It has the number 2, and then spelled out the word “two.” And then if we cat three.txt, it has the number 3, and it spells out the word “three.”
We might want to have all of this information in one single file, so we can use the cat command and then specify one.txt, two.txt, and three.txt and then use the greater than sign to concatenate all of these into all.txt. And we’ll hit Enter. Notice we simply get a prompt back, meaning that this particular concatenation is complete. Now if we cat all.txt, you’ll notice it is a single file that contains the number 1, one, number 2 with two, and number 3 with three. We have successfully concatenated all three of those files into one single file.
We’re often called on as technicians to troubleshoot performance problems on a device. If you’re in Windows, you’ve probably used Task Manager to view the CPU utilization or disk access to a particular system. Or maybe you want to see just how much network traffic is being transferred. If you’re a Windows administrator, then you’ve probably used Windows Task Manager to be able to view CPU information or information on how each individual process is performing.
There’s a similar function within Linux known as top. This will show you information on all of the processes running on your system and how much CPU, memory, and other resources each process may be using. You also get a summary of the load on your system, presented as three separate numbers. The first number is the load over one minute, the second is the load over the last five minutes, and the third is the load over the last 15 minutes. This is another one of those utilities that has many different options available to it. So if you want to customize top to provide information that you’d like to see, make sure you check out the man pages for the top utility.
Running top is as simple as typing top and hitting Enter. And now we can see a one-second update of what’s running on our system. We can view information by user, the process ID, looking at memory information, CPU details, and how much time each individual process has spent in the CPU. This gives us immediate feedback on what’s happening inside of our system, and we’re able to narrow down what processes may be using more resources than another.
If you would prefer a single text-based output of all of these processes, you can view that using the ps command. This is also very similar to what you would find in the Windows Task Manager because it will list out all of the process IDs and then all of the process names themselves. If you just want to see the processes associated with your login, you simply use the ps command. But as the administrator, you might want to view all of the processes running on this machine, and you can use the ps with the dash e option to view all processes.
If you run the ps command by itself, you’re only looking at the processes for the current logged in user. And I have a bash shell– that is the terminal screen that I have up– and I ran the ps command inside of that bash shell. If we use the ps command with the dash e, we’re now viewing the processes for everything on the system. And you can see there are pages and pages of processes.
You can also pipe this output to the more command, which will paginate this so you can go a page at a time to see all of the processes without them going by all at once. But if you’re looking for a very specific process, you might want to use the ps command with the dash e, and then pipe it to the grep command, and then specify a search term. In this case, let’s look for all of the processes that have the search term CPU as part of the process.
And you can see that we have four that showed up. There was process 20, which is cpuhp/0, process 21, which is cpuhp/1, and you can see two other processes that have the word CPU as part of the process name.
If you’re like me, you probably don’t have a lot of free drive space on your computer. And if you’re planning to perform an update or you want to install a new application, it might be good to see if you have enough space to be able to perform that function. In Linux, the way that we view this is with the df command. That stands for disk free, and it will show us all of the file systems and how much space might be available on each file system.
The default is to use df with no parameters, and this shows us the usage based on number of blocks, in this case 1K blocks. If you’d like a view that showed it as number of bytes, you could use the same df command with a dash h to get a human-readable view. This will show the output with gigabytes, megabytes, and other human-readable values.
Let’s run the df command on my machine. I’m going to specify dash h because I like to see this listed as megabytes, gigabytes, and other familiar values. You can see that I have a number of file systems that are mounted on this computer. I have one that is a temporary file system. It has a size of 196 megabytes. I’m only using 1.7 megabytes so that 194 megabytes are available, which means I’m only using 1% of my tmpfs file space.
I have other things that are connected to this computer. For example, I have T4 Vol3. This has a volume size of 3.7 terabytes. I’m using 1.9 terabytes, which means that 1.8 terabytes is available. So I’m using approximately 52% of that particular file system. So if we need to install some additional software, we might want to avoid the file systems with over 90% utilization and instead use one of these file systems that has much more space available.
The natural next question when you find a file system that has very little space available is, what is taking up all of that room on the file system? It may be a single file. It may be multiple files. But we need to determine how we might be able to free up some space on that particular partition. One way that you can find out what’s using that space is by using the du command for disk usage. This will scan your current folder and all of the subdirectories underneath, and it will show you exactly how much space is being used in each individual folder.
If you’re looking to find how you can easily free up some space, this utility should be the one you run, and I would recommend running it with the dash h option so that you get human-readable output. I’m going to run the du command with that dash h option. And I’m going to pipe the whole thing to more so that you can get an idea of just how much information is shown to the screen. And it starts going through the local directory and finding all of the files that are stored in that local directory.
This starts going through all of the individual directories on a particular system one by one and provides you with a summary of how much space is being used. Let’s hit the spacebar to go to the next page. Almost everything here is a relatively small number. Here’s one that’s relatively large. It’s 1.4 megabytes. We have others that are 12 megabytes. These are 28 megabytes. So now we can start getting an idea of where the space is really being used. And we might want to go to the old Firefox data that is in our directory that’s taking up 70 megabytes and start deleting those directories to free up some room.
A lot of the configurations in Linux are stored in text files, and if you need to modify or change an application or something in the operating system, you need to modify that text file. Fortunately, Linux comes with a number of different text editors. One of the more popular is nano. This is a full-screen text editor, and you can run it in your terminal screen. You may find that nano is already installed in your current Linux distribution, or you can install it using the Package Manager on your system.
This full-screen text editor allows us to use functions that normally would not be available at the command line, such as marking and selecting, copying information, pasting it somewhere else, and giving us features that you would normally find in a graphical text editor. On my Linux distribution. I have a file that I would like to edit. This is the auth.log file. You can see it’s 27k in length. This would not be something that would be very easy to update or modify without some type of editor. So we’ll use nano, and we’ll specify auth.log.
This brings up a full-screen editor, and if you’ve done any type of editing from a graphical editor or full screen in Linux, this should be very familiar to you. You can move around with your cursor keys. You can type in at any of these prompts. And you have commands across the bottom where you can save the file, get additional help, copy, cut, replace, and perform other functions inside of this text editor.
When you’re done, you can choose the Control-X option to exit out. Since I’ve made changes to this file, it asks if I’d like to save this information. In this case, since I did not put anything in here that I’d like to save, I’ll simply choose no. And we’re back at our command prompt. Nano is just one of many text editors that you could run inside of your Linux operating system, but since nano is commonly installed with most distributions, it’s probably already going to be available to you.