Top 7 Network Commands You Should Know

Command lines offer a set of powerful network commands that go far beyond what graphical tools provide, allowing you to diagnose connectivity problems, trace data paths, inspect configurations, and even uncover security vulnerabilities. Network commands give you the ability to quickly pinpoint issues, optimize performance, and maintain control over complex network environments.

What are network commands?

Network commands are specialized text-based instructions you enter into your system’s command-line interface to diagnose, configure and troubleshoot network connections. These powerful tools give you direct access to networking functions without navigating through graphical interfaces.

The command-line interface varies depending on your operating system. Windows users typically access the Command Prompt or PowerShell, while Linux and macOS users work with Terminal. Regardless of platform, mastering these commands significantly improves your ability to manage networks efficiently.

The top 7 best network commands you should know

The best network commands can significantly slash the time you spend on troubleshooting issues. These seven tools form the core toolkit for any network administrator or IT professional. Each command serves a specific diagnostic purpose, from basic connectivity testing to advanced security scanning.

These commands work across most operating systems with minor syntax variations. Windows, Linux and macOS all support these fundamental networking tools, though the exact implementation might differ slightly.

ping

The ping command tests basic connectivity between your device and a target host. When you send a ping, your system transmits ICMP echo request packets to the destination and measures how long it takes to receive a response. This tool helps determine if a device is reachable across the network.

Here’s how to use the ping command:

• Basic connectivity test: Type ping followed by the hostname or IP address (e.g., ping 192.168.1.1 or ping google.com). The command returns response time in milliseconds, packet loss percentage and TTL values.
• Continuous monitoring (Windows): Add the -t flag (e.g., ping -t google.com).
• Continuous monitoring (Linux/macOS): Simply run ping without additional parameters.

tracert/traceroute

The tracert (Windows) or traceroute (Linux/macOS) command reveals the path packets take to reach their destination. This command maps the route through the internet, showing each hop and identifying where delays or failures occur.

Here’s how to use the tracert/traceroute command:

• Trace route: Run tracert google.com (Windows) or traceroute google.com (Linux/macOS). The command displays each router your data passes through, along with round-trip times for each hop.

Pay attention to points where response times increase or where packets are dropped, as these often indicate bottlenecks or failures.

ipconfig/ifconfig

The ipconfig (Windows) or ifconfig (Linux/macOS) command displays your current network configuration details, including IP address, subnet mask and default gateway.

Here’s how to use the ipconfig/ifconfig command:

• Basic configuration: Type ipconfig (Windows) or ifconfig (Linux/macOS).
• Comprehensive information: Use ipconfig /all (Windows) or ifconfig -a (Linux/macOS) to show additional details like DNS server addresses, DHCP lease information and MAC addresses.

Modern Linux Alternative

Most modern Linux distributions now use the ip command (e.g., ip a or ip addr). While ifconfig is widely recognized, the ip utility is more powerful for managing routing and tunnels in contemporary environments.

An APIPA address (169.254.x.x) indicates DHCP failures, while duplicate IP addresses cause intermittent connectivity issues.

netstat

Netstat provides a view of all active network connections and listening ports on your system. This command helps you identify which applications are communicating over the network, detect unwanted connections and monitor network traffic patterns.

Here’s how to use the netstat command:

• View all connections and listening ports: Execute netstat -an to view all connections and listening ports in numerical form. The output shows local and foreign addresses along with their current state (ESTABLISHED, LISTENING, etc.).
• Additional details (Windows): Add the -b flag to see which programs own specific connections (e.g., netstat -anb).
• Additional details (Linux): Use netstat -anp to see which programs own specific connections.

nslookup

The nslookup command queries DNS servers to retrieve information about domain names and IP addresses. When websites or network resources become unreachable, DNS resolution problems are often the culprit. Nslookup helps you verify DNS functionality and troubleshoot name resolution issues.

Here’s how to use the nslookup command:

• Basic lookup: Type nslookup followed by a domain name or IP address. The command returns the corresponding IP address or hostname, along with information about which DNS server provided the answer.
• Interactive mode: For more advanced DNS troubleshooting, enter interactive mode by typing nslookup without parameters, then use commands like set type=mx to query specific DNS record types.

arp

The Address Resolution Protocol (ARP) command displays and modifies your system’s ARP cache, which maps IP addresses to physical MAC addresses on your local network. This mapping is necessary for proper communication between devices on the same network segment.

Here’s how to use the arp command:

• View ARP table: Run arp -a to display your current ARP table, showing all known IP-to-MAC address mappings. (This helps identify duplicate IP addresses, unauthorized devices or potential ARP spoofing attacks.)
• Add static ARP entry: Manually add static ARP entries using arp -s [IP address] [MAC address].
• Remove ARP entry: Remove entries with arp -d [IP address].

nmap

Nmap (Network Mapper) is a comprehensive network scanning tool that discovers hosts and services on your network. Unlike the previous commands, which come pre-installed on most systems, you’ll need to download nmap separately. This powerful utility performs port scanning, OS detection, service identification, and vulnerability assessment.

To scan a single host, use nmap [IP address]. For scanning entire networks, use CIDR notation like nmap 192.168.1.0/24.

Nmap offers numerous scanning techniques for different scenarios. Try these essential scan types:

• Quick scan: nmap -T4 -F [target]
• Comprehensive scan: nmap -sS -sU -T4 -A -v [target]
• OS detection: nmap -O [target]
• Service version detection: nmap -sV [target]
• Vulnerability scanning: nmap –script vuln [target]

Important: Never run nmap against a network you do not own or have explicit permission to audit. Unauthorized scanning can trigger Intrusion Detection Systems (IDS) and may violate corporate security policies or local laws.

Quick Reference: Network Command Cheat Sheet

Using network commands for efficient network management

Integrating these network commands into your daily workflow strengthens your network management capabilities. When you combine multiple commands, you gain comprehensive insights that isolated tools cannot provide.

For example, after discovering connectivity issues with ping, use tracert to identify the bottleneck, then netstat to check if the relevant services are listening.

Bridging the gap: From connectivity to data protection

While network commands help you reach a server, they are only the first step. Once connectivity is verified, IT professionals must ensure the data on those endpoints is secure and recoverable.

• Server Maintenance: After using ping to confirm a server is live, ensure your protection strategy is active. Many admins ask, “How reliable is Windows Server backup?” While it is a solid starting point, enterprise environments often require dedicated backup and recovery software to meet strict RTO and RPO goals.
• Infrastructure Strategy: A robust network requires a plan for when things go wrong. Do you know the major difference between a backup plan and a recovery plan? A backup plan focuses on data redundancy, while a recovery plan outlines the exact steps to restore operations after a failure.
• The 3-2-1 Rule: Always follow the 3-2-1 rule of backups: keep three copies of your data, on two different media types, with one copy kept offsite.

Managing remote endpoints

Commands like ipconfig help you identify local IP addresses, but for remote or mobile workforces, you need Mobile Device Management (MDM). A mobile device management system allows you to push configurations and security policies without manual command-line intervention.

Common mistakes and how to avoid them

Even experienced administrators make mistakes when using network commands. One common error is misinterpreting command output, particularly with tools like tracert where packet loss at intermediate hops doesn’t necessarily indicate problems. Some routers intentionally deprioritize ICMP traffic, causing misleading results. Always verify findings with multiple commands before taking action.

Another frequent mistake is overlooking network security implications. Commands like nmap can trigger intrusion detection systems or violate acceptable use policies when run against networks without proper authorization. Always obtain permission before scanning networks you don’t own. Be cautious with commands that modify network configurations (like arp -s or ipconfig /release) as incorrect usage can disrupt connectivity. Test these commands in controlled environments before applying them to production systems to prevent unintended outages.

Supercharge your network management

NinjaOne’s endpoint management software supports command-line arguments and provides features such as monitoring and alerting, software deployment, and patch management. Sign up for a free trial today.