Cheetsheet of Linux shell commands that I use to investigate my workstation networking configuration.

I use the ip command rather than the legacy ifconfig variant.

These commands were particularly useful for setting up my Wireguard VPN AppVM on my QubesOS workstation. I ran each of the below commands in my regular sys-net AppVM/ProxyVM, then ran the same commands in my sys-vpn AppVM. After that, I opened a browser in a connected AppVM and opened a search engine to generate some traffic, then ran the commands again to compare the difference.

Table of Contents

Command: ip

Optional: Include the -br flag to keep the output compact.

ip -br link

#> lo               UNKNOWN        00:00:00:00:00:00 <LOOPBACK,UP,LOWER_UP> 
#> eth0             UP             00:16:3e:5e:6c:00 <BROADCAST,MULTICAST,UP,LOWER_UP> 
#> docker0          UP             02:42:2d:26:d2:cf <BROADCAST,MULTICAST,UP,LOWER_UP> 
#> veth32d23e0@if4  UP             12:81:f9:cc:83:d1 <BROADCAST,MULTICAST,UP,LOWER_UP> 
#> veth390c339@if6  UP             0a:d6:90:47:12:9d <BROADCAST,MULTICAST,UP,LOWER_UP>

List local network IP addresses per interface: ip addr

ip -br addr

#> lo               UNKNOWN        127.0.0.1/8 ::1/128 
#> eth0             UP             10.137.0.10/32 fe80::216:3eff:fe5e:6c00/64 
#> docker0          UP             172.17.0.1/16 fe80::42:2dff:fe26:d2cf/64 
#> veth32d23e0@if4  UP             fe80::1081:f9ff:fecc:83d1/64 
#> veth390c339@if6  UP             fe80::8d6:90ff:fe47:129d/64

List routing rules: ip route

ip route

#> default via 10.137.0.16 dev eth0 
#> 10.137.0.16 dev eth0 scope link 
#> 172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1

Command: iptables

Check FILTER rules

Click 'output' button for sample results
  • command
  • output
1
sudo iptables -vL -n -t filter

Check NAT rules

Click 'output' button for sample results
  • command
  • output
1
sudo iptables -vL -n -t nat

Misc

Check network connectivity: ping

ping -c 3 8.8.8.8

#> PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
#> 64 bytes from 8.8.8.8: icmp_seq=1 ttl=58 time=459 ms
#> 64 bytes from 8.8.8.8: icmp_seq=2 ttl=58 time=482 ms
#> 64 bytes from 8.8.8.8: icmp_seq=3 ttl=58 time=293 ms

#> --- 8.8.8.8 ping statistics ---
#> 3 packets transmitted, 3 received, 0% packet loss, time 2000ms
#> rtt min/avg/max/mdev = 293.825/412.069/482.818/84.148 ms

Check NAT and network path: traceroute

traceroute 8.8.8.8

#> traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
#> 1  10.64.0.1 (10.64.0.1)  409.712 ms  409.590 ms  409.520 ms
#> 2  198.144.156.1 (198.144.156.1)  409.425 ms  409.352 ms  409.257 ms
#> 3  C3MR6.YesUP.com (166.48.160.6)  409.180 ms  409.084 ms  409.008 ms
#> 4  ae0-130.cr0-tor1.ip4.gtt.net (173.241.129.13)  408.931 ms  408.847 ms  408.767 ms
#> 5  et-0-0-67.cr7-chi1.ip4.gtt.net (89.149.140.197)  408.717 ms  408.648 ms  408.564 ms
#> 6  as15169.chi11.ip4.gtt.net (199.229.231.234)  408.482 ms  410.680 ms  410.578 ms
#> 7  108.170.243.174 (108.170.243.174)  410.684 ms 108.170.244.1 (108.170.244.1)  410.553 ms 108.170.243.225 (108.170.243.225)  410.594 ms
#> 8  209.85.250.165 (209.85.250.165)  410.549 ms 209.85.254.181 (209.85.254.181)  410.484 ms 72.14.236.65 (72.14.236.65)  410.507 ms
#> 9  google-public-dns-a.google.com (8.8.8.8)  410.425 ms  410.404 ms  410.356 ms

DNS server interrogation: nslookup

Click 'output' button for sample results
  • command
  • output
1
2
3
4
5
# Install dnsutils to access the nslookup, dig and other similar commands
sudo apt-get -y install dnsutils

# Check Google's DNS
nslookup 8.8.8.8

Get my public IP (requires functioning DNS)

curl ipinfo.io/ip

#> 198.144.156.***

Get my public IP location

curl ipinfo.io

#> {
#>  "ip": "198.144.156.***",
#>  "city": "North York",
#>  "region": "Ontario",
#>  "country": "CA",
#>  "loc": "43.8015,-79.3577",
#>  "postal": "M2H",
#>  "org": "*"
#> }