The `ip` command in Linux is a powerful tool used to configure and manage network interfaces, routing tables, and network policies. It serves as a modern replacement for older commands such as `ifconfig` and route.
You Should Know:
1. Display Network Interfaces
To list all network interfaces and their details:
ip addr show or shorthand: ip a
2. Bring an Interface Up/Down
Enable or disable a network interface (e.g., `eth0`):
sudo ip link set eth0 up sudo ip link set eth0 down
- Assign an IP Address to an Interface
Add an IP address to `eth0`:
sudo ip addr add 192.168.1.100/24 dev eth0
4. Remove an IP Address
Delete an assigned IP:
sudo ip addr del 192.168.1.100/24 dev eth0
5. Display Routing Table
View the kernel routing table:
ip route show or shorthand: ip r
6. Add a Static Route
Add a route for a specific network via a gateway:
sudo ip route add 10.0.0.0/8 via 192.168.1.1
7. Delete a Route
Remove a specific route:
sudo ip route del 10.0.0.0/8
8. Change the MAC Address
Modify the MAC address of an interface (temporarily):
sudo ip link set eth0 address 00:11:22:33:44:55
9. Monitor Network Statistics
Check network statistics and errors:
ip -s link
10. Enable Promiscuous Mode
Allow an interface to capture all traffic (useful for sniffing):
sudo ip link set eth0 promisc on
11. List ARP Cache
View the ARP table (MAC to IP mappings):
ip neigh show
12. Flush ARP Cache
Clear the ARP table:
sudo ip neigh flush all
13. Create a Network Namespace
Isolate network environments (useful for containers):
sudo ip netns add mynamespace
14. List All Network Namespaces
View available namespaces:
sudo ip netns list
15. Check Link Status
Verify if an interface is connected:
ip link show eth0
What Undercode Say:
The `ip` command is a must-know for Linux administrators, cybersecurity professionals, and network engineers. Unlike deprecated tools like ifconfig, it provides granular control over modern networking setups, including:
– Virtual networks (namespaces, VLANs)
– Advanced routing (policy-based routing, multipath)
– Traffic monitoring (packet loss, errors)
For offensive security, mastering `ip` helps in:
- Network reconnaissance (
ip neigh,ip route) - Man-in-the-Middle (MITM) attacks (ARP spoofing, promiscuous mode)
- Traffic redirection (policy routing, tunneling)
For defensive security, it aids in:
- Network hardening (disabling interfaces, MAC restrictions)
- Forensic analysis (inspecting connections, logs)
Expected Output:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:11:22:33:44:55 brd ff:ff:ff:ff:ff:ff inet 192.168.1.100/24 brd 192.168.1.255 scope global dynamic eth0 valid_lft 86388sec preferred_lft 86388sec
Prediction:
As Linux continues to dominate cloud and containerized environments, the `ip` command will remain a critical tool for network automation, security hardening, and troubleshooting. Expect deeper integration with eBPF and AI-driven network analytics in future Linux kernels.
For more Linux networking insights, check:
References:
Reported By: Xmodulo The – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅
