Linux Networking Commands: IP Address, Open Ports, Firewall & Netcat
To check your IP address in Linux, run ip addr show or the older ifconfig command in your terminal. You will see your IPv4 address listed next to inet under the active interface, usually eth0 or ens33. On older systems, install the net-tools package to use ifconfig.
- ip addr is the modern standard; ifconfig is deprecated but still common on older systems.
- ss and netstat both show open ports; ss is faster and ships with most modern distros.
- Use lsof -i :PORT or fuser to find and kill the process holding a port.
- Stop the firewall (ufw or firewalld) only in isolated test environments, never on production servers.
- nc (netcat) is a legitimate diagnostic tool for testing port connectivity and transferring data between hosts.
How to Check Your IP Address in Linux
Learning how to check your IP address in Linux is one of the first practical skills for any sysadmin, DevOps engineer or security analyst. The command you reach for first depends on your distro. On Ubuntu 20.04+, Debian 11+, CentOS 8+ and most modern systems, ip addr show is the right call. On older RHEL 6 or CentOS 6 boxes, you might still need ifconfig from the net-tools package.
Using ip addr
Run the following steps to check your IP address in Linux using the ip command:
- Open your terminal.
- Type ip addr show and press Enter.
- Look for the inet line under your primary interface. The output looks like inet 192.168.1.105/24, where /24 is the subnet mask in CIDR notation.
- To filter results, run ip -4 addr show eth0 | grep inet to show only the IPv4 address for a specific interface.
Want your public-facing IP? That is different from your LAN address. Run curl ifconfig.me or curl ipinfo.io/ip to hit an external service and get your public IP in one line. This is the address the internet actually sees. Knowing how to check your public IP address in Linux is essential when configuring remote access or firewall rules.
Using ifconfig (legacy systems)
ifconfig still works fine if it is installed. Run it without arguments to see all interfaces. The downside is that it is no longer maintained upstream and is not installed by default on modern Ubuntu or Fedora. If you are preparing for a cybersecurity interview, know both commands because interviewers still ask about ifconfig. In India, RHCSA certification exams tested in cities like Pune, Bengaluru and Chennai frequently include questions on both ip addr and ifconfig syntax.
How to Check Open Ports in Linux (and Spot Conflicts)
This is where troubleshooting gets practical. Say your Node.js app will not start because something is already listening on port 3000. You need to know what is holding that port before you can fix anything. Knowing how to list all open ports in Linux saves significant debugging time.
ss vs netstat: which one to use
ss (socket statistics) is the modern replacement for netstat. It queries the kernel directly, which makes it noticeably faster on servers with thousands of connections. According to the Linux man pages, netstat is part of the deprecated net-tools package, while ss comes from iproute2, which is actively maintained.
| Command | Package | Speed | Default on Modern Distros | Best Use |
|---|---|---|---|---|
| ss -tulnp | iproute2 | Fast | Yes | All TCP/UDP listening ports with PID |
| netstat -tulnp | net-tools | Slower | No (install separately) | Legacy scripts, older RHEL/CentOS |
| lsof -i :PORT | lsof | Moderate | Usually yes | Check a single specific port |
| nc -zv HOST PORT | netcat | Fast | Often yes | Test remote port reachability |
How to check if a specific port is open in Linux
Run ss -tulnp | grep :3000 to see if anything is listening on port 3000. The flags break down like this: -t (TCP), -u (UDP), -l (listening), -n (numeric, no DNS lookup), -p (show process). You will get the PID and process name right in the output.
To test whether a remote port is reachable from your machine, use nc -zv 192.168.1.10 22. If SSH is running on that host, you will get a “Connection to 192.168.1.10 22 port [tcp/ssh] succeeded” message. This is exactly the kind of diagnostic step a SOC analyst runs when checking if a service is reachable across a network segment.
A 2023 survey by Stack Overflow found that Linux is the most-used operating system among professional developers at 53%, which means these commands are not niche knowledge. They are everyday tools. (Source: Stack Overflow Developer Survey 2023)
How to kill a process running on a port in Linux
First, find the PID. Run ss -tulnp | grep :8080 and note the number after pid=. Then kill it with kill -9 PID. The -9 flag sends SIGKILL, which forces termination immediately without giving the process a chance to clean up.
A cleaner approach uses fuser: run fuser -k 8080/tcp and it kills whatever holds that TCP port in one command. If you are on a system where a Java or Python service keeps restarting, check whether a process manager like systemd is relaunching it before you assume the kill worked.
If you are setting up servers and hitting port conflicts regularly, the DevOps engineering path covers this kind of environment management in much more depth.
Managing the Firewall in Linux (ufw vs firewalld)
Linux distributions ship with different default firewalls. Ubuntu uses ufw (Uncomplicated Firewall). RHEL, CentOS, Fedora and Rocky Linux use firewalld. Both sit on top of nftables or iptables at the kernel level, but the management interfaces are completely different. Knowing how to allow a port through the firewall in Linux is a core skill for any server administrator.
ufw commands for Ubuntu/Debian
Check the firewall status with sudo ufw status verbose. To allow a port, run sudo ufw allow 80/tcp. To stop the firewall entirely, use sudo ufw disable. That command persists across reboots, so the firewall will not come back unless you run sudo ufw enable again.
firewalld commands for RHEL/CentOS/Fedora
Check status with sudo firewall-cmd –state. Stop it temporarily with sudo systemctl stop firewalld. Disable it permanently with sudo systemctl disable firewalld. To open a port, run sudo firewall-cmd –permanent –add-port=8080/tcp followed by sudo firewall-cmd –reload.
A real security note on stopping the firewall
Disabling a firewall should only happen in an isolated lab or a private VM with no public exposure. According to the IBM X-Force Threat Intelligence Index 2022, exposed services with no firewall protection are compromised within minutes of being publicly accessible. Automated scanners like Shodan index new open ports within hours of exposure. (Source: IBM X-Force Threat Intelligence Index 2022)
If you are studying for a SOC analyst role, port and firewall questions come up constantly. The cybersecurity interview prep guide at 3University covers exactly what interviewers ask about firewall rules and network exposure.
What is nc (Netcat) in Linux and How Do You Use It
nc, short for netcat, is a networking utility that reads and writes data across TCP or UDP connections. It is often called the Swiss army knife of networking because it handles port scanning, file transfers, banner grabbing and basic chat between hosts. It ships with most Linux distros and is legal and legitimate for diagnostics on networks you own or have permission to test.
Common nc use cases
Test if a remote port is open: nc -zv example.com 443. The -z flag scans without sending data, and -v gives verbose output. For a UDP check, add -u: nc -zuv 192.168.1.1 53.
Transfer a file between two Linux machines: on the receiver, run nc -l 9999 > received_file.txt, and on the sender, run nc RECEIVER_IP 9999 < file_to_send.txt. It is quick for lab environments where you do not want to set up SCP or FTP.
According to the Red Hat State of Enterprise Open Source 2024 report, 78% of enterprise Linux deployments run on systemd-based distributions, which means tools like ss, ip and firewalld are the standard, not the exception. (Source: Red Hat State of Enterprise Open Source 2024)
If you are just getting started with Linux terminal commands, the Kali Linux beginner’s guide at 3University gives you a solid foundation before you start working with networking tools.
nc in a cybersecurity context
Penetration testers use netcat to set up reverse shells during authorized engagements. That is exactly why it shows up in ethical hacking certifications like CEH and OSCP. In India, candidates sitting for OSCP from cities like Bengaluru, Hyderabad and Pune regularly cite netcat as one of the first tools they learned in lab environments. Indian IT professionals pursuing RHCSA and CEH certifications also encounter netcat in practical exam scenarios.
Know the difference between using nc for diagnostics on your own infrastructure versus using it against systems you do not have permission to test. The tool itself is neutral; the authorization is what matters legally and ethically.
Port scanning frequency has grown significantly: according to Shodan’s 2023 data, over 15 million devices worldwide have port 22 (SSH) publicly exposed, making it the most scanned port on the internet. Understanding what is open on your own systems is the first line of defense. (Source: Shodan Annual Report 2023)
Practice these commands in a safe home lab or a virtual machine. Set up two Linux VMs, run a simple Python HTTP server on one with python3 -m http.server 8080, then use ss, nc and lsof on the other to probe it. That hands-on repetition is what makes these commands stick.
When you are ready to take this further, 3University’s SOC Analyst Certification Course walks you through real-world network analysis, SIEM tools and incident response workflows where every command in this article becomes part of your daily toolkit.
Frequently Asked Questions
How do you check your IP address in Linux?
Run ip addr show in the terminal to see all network interfaces and their assigned IP addresses. Look for the inet line under your active interface, usually eth0, ens33 or wlan0. To check your public IP address in Linux, run curl ifconfig.me. On older systems, ifconfig works if the net-tools package is installed.
How do you check if a port is open in Linux?
Use ss -tulnp | grep :PORT to see if a service is listening locally. To test a remote port from your machine, run nc -zv HOSTNAME PORT. Both commands are fast and reliable. The ss command shows the PID of the process holding the port, which makes follow-up troubleshooting much quicker.
How do you kill a process running on a port?
Find the PID with ss -tulnp | grep :PORT or lsof -i :PORT, then run kill -9 PID to force-terminate it. A faster single-command option is fuser -k PORT/tcp, which finds and kills the process in one step. Check if a service manager like systemd is restarting it automatically afterwards.
How do you stop the firewall in Linux?
On Ubuntu, run sudo ufw disable to stop and disable ufw. On RHEL, CentOS or Fedora, use sudo systemctl stop firewalld to stop it temporarily, or sudo systemctl disable firewalld to prevent it from starting on reboot. Only do this in isolated test environments, never on internet-facing production systems.
What is the nc (netcat) command used for?
Netcat (nc) is a command-line tool for reading and writing data over TCP and UDP connections. Common uses include testing if a remote port is open, transferring files between hosts and banner grabbing during network diagnostics. In authorized penetration testing, it is also used for setting up reverse shells. Run nc -zv HOST PORT for a basic connectivity check.
Last updated: July 2026. Reviewed by the 3University editorial team.


