Why should I prefer ss over netstat in this skill?

ss provides faster, more granular visibility into sockets and is the recommended modern alternative to netstat. In this skill you’ll see ss used for listening ports, active connections, and state filtering while netstat is shown for compatibility.

How do I capture traffic without disrupting production services?

Use tcpdump with precise filters (e.g., tcpdump -i eth0 port 80 or tcpdump -i any -w capture.pcap) and limit capture duration or packet count. Run captures with non-privileged filters when possible and store captures to a file for later analysis.

What’s the difference between testing DNS with dig, nslookup, and host?

dig is script-friendly and shows detailed DNS records and timing, nslookup is an older interactive tool, and host provides a concise lookup. For production checks, use dig for authoritative queries (dig @server domain) and cross-verify with host or nslookup.

How can I verify a route change immediately after applying it?

Run ip route show to confirm the new route is present, verify reachability with ping or traceroute, and check the path with mtr or traceroute -T to see the hop sequence.

network-tools

Scanned

linux network diagnosis netstat ss curl

npx machina-cli add skill chaterm/terminal-skills/network-tools --openclaw

Files (1)

SKILL.md

4.6 KB

Network Tools and Diagnostics

Overview

Linux network diagnostics, port scanning, traffic analysis and other tool usage skills.

Network Configuration

View Configuration

# IP address
ip addr
ip a
ifconfig                            # Legacy command

# Routing table
ip route
route -n
netstat -rn

# DNS configuration
cat /etc/resolv.conf
systemd-resolve --status

Configure Network

# Temporary IP configuration
ip addr add 192.168.1.100/24 dev eth0
ip addr del 192.168.1.100/24 dev eth0

# Enable/Disable interface
ip link set eth0 up
ip link set eth0 down

# Add route
ip route add 10.0.0.0/8 via 192.168.1.1
ip route del 10.0.0.0/8

Connectivity Testing

ping

ping hostname
ping -c 4 hostname                  # Send 4 packets
ping -i 0.2 hostname                # 0.2 second interval
ping -s 1000 hostname               # Specify packet size

traceroute

traceroute hostname
traceroute -n hostname              # Don't resolve hostnames
traceroute -T hostname              # Use TCP
mtr hostname                        # Real-time trace

DNS Query

nslookup hostname
dig hostname
dig +short hostname
dig @8.8.8.8 hostname               # Specify DNS server
host hostname

Ports and Connections

ss Command (Recommended)

# Listening ports
ss -tlnp                            # TCP listening
ss -ulnp                            # UDP listening
ss -tlnp | grep :80

# All connections
ss -tanp                            # TCP connections
ss -s                               # Statistics

# Filter
ss -t state established
ss -t dst 192.168.1.1
ss -t sport = :80

netstat Command

netstat -tlnp                       # TCP listening
netstat -ulnp                       # UDP listening
netstat -anp                        # All connections
netstat -s                          # Statistics

lsof Network

lsof -i                             # All network connections
lsof -i :80                         # Specific port
lsof -i tcp                         # TCP connections
lsof -i @192.168.1.1                # Specific host

HTTP Tools

curl

# Basic request
curl http://example.com
curl -I http://example.com          # Headers only
curl -v http://example.com          # Verbose output

# POST request
curl -X POST -d "data=value" http://example.com
curl -X POST -H "Content-Type: application/json" -d '{"key":"value"}' http://example.com

# Download
curl -O http://example.com/file.zip
curl -o output.zip http://example.com/file.zip

# Authentication
curl -u user:pass http://example.com
curl -H "Authorization: Bearer token" http://example.com

wget

wget http://example.com/file.zip
wget -c http://example.com/file.zip # Resume download
wget -r http://example.com          # Recursive download
wget --mirror http://example.com    # Mirror site

Packet Capture

tcpdump

# Basic capture
tcpdump -i eth0
tcpdump -i any

# Filter
tcpdump -i eth0 port 80
tcpdump -i eth0 host 192.168.1.1
tcpdump -i eth0 'tcp port 80 and host 192.168.1.1'

# Save/Read
tcpdump -i eth0 -w capture.pcap
tcpdump -r capture.pcap

# Display content
tcpdump -i eth0 -A port 80          # ASCII
tcpdump -i eth0 -X port 80          # Hexadecimal

Traffic Monitoring

# Real-time traffic
iftop
iftop -i eth0

# By process
nethogs
nethogs eth0

# Bandwidth test
iperf3 -s                           # Server
iperf3 -c server_ip                 # Client

Common Scenarios

Scenario 1: Troubleshoot Port Usage

# Check port usage
ss -tlnp | grep :8080
lsof -i :8080

# Find process and handle
kill -9 PID
# Or
fuser -k 8080/tcp

Scenario 2: Test Service Connectivity

# TCP port test
nc -zv hostname 80
telnet hostname 80

# HTTP service test
curl -I http://hostname
curl -w "HTTP Code: %{http_code}\nTime: %{time_total}s\n" -o /dev/null -s http://hostname

Scenario 3: Network Performance Diagnosis

# Latency test
ping -c 100 hostname | tail -1

# Route analysis
mtr --report hostname

# Bandwidth test
iperf3 -c server -t 30

Troubleshooting

Problem	Solution
Network unreachable	`ping`, `traceroute`, check routing
DNS resolution failed	`dig`, `nslookup`, check resolv.conf
Port unreachable	`ss -tlnp`, check firewall
Connection timeout	`mtr`, `tcpdump` packet capture
Insufficient bandwidth	`iftop`, `iperf3` test

Source

git clone https://github.com/chaterm/terminal-skills/blob/main/linux/network-tools/SKILL.mdView on GitHub

Overview

This skill bundles practical Linux network diagnostics workflows: viewing and configuring interface state and routes, querying DNS, testing connectivity, inspecting open ports and active connections, performing HTTP requests, and capturing or monitoring traffic. You’ll use a mix of modern commands (ss, ip) and traditional ones (netstat, ifconfig) to quickly identify misconfigurations, firewall blocks, DNS issues, or service outages.

How This Skill Works

You run targeted commands against the host’s network stack to reveal current state (IP addresses, routing, DNS). Outputs are parsed and filtered to isolate problems (e.g., open ports, established connections, DNS responses). The skill demonstrates using ip, ss, netstat, and lsof for visibility; curl and dig/nslookup/host for validation; and tcpdump/iftop/nethogs/iperf3 for traffic analysis and throughput measurements.

When to Use It

After making interface or routing changes to verify state
When a service isn’t reachable on a expected port or host
When DNS resolution behaves unexpectedly or you need authoritative answers
When you need to measure latency or bandwidth to a target
When you need to capture traffic for forensic debugging or performance tuning

Quick Start

View current interface and routing state: ip addr; ip route; cat /etc/resolv.conf
Test connectivity and DNS: ping; traceroute; dig + short; dig @server; nslookup; host
Inspect ports and connections: ss -tlnp; ss -tanp; lsof -i; netstat -tlnp
Observe HTTP/service behavior and transfer data: curl -I; curl -v; curl -u or -H for auth; tcpdump for capture

Best Practices

Prefer ss over netstat for current-state insight and filtering
Validate DNS in multiple ways (dig/nslookup/host) and against a known server (dig @8.8.8.8)
Always verify both IPv4 and IPv6 where applicable (ip -6 addr, ping -6)
Use precise tcpdump filters (tcpdump -i eth0 port 80 and tcp) and capture size with -c or -w; run as root when necessary
Keep non-disruptive checks first (read-only queries) before making changes to interfaces or routes

Example Use Cases

Scenario 1: Troubleshoot Port Usage ``` ss -tlnp | grep :8080 lsof -i :8080 # If you must, terminate the offender process kill -9 PID # Or gracefully fuser -k 8080/tcp ```
Scenario 2: Test Service Connectivity ``` nc -zv hostname 80 # If nc isn’t available, try telnet (TCP) telnet hostname 80 curl -I http://hostname curl -w "HTTP Code: %{http_code}\nTime: %{time_total}s\n" -o /dev/null -s http://hostname ```
Scenario 3: DNS Resolution and Validation ``` dig example.com dig @8.8.8.8 example.com nslookup example.com host example.com ``"Scenario 4: Routing and Reachability Check ``` ip route show ip route add 10.0.0.0/8 via 192.168.1.1 ip route show ```
Scenario 5: Traffic Capture and Analysis ``` tcpdump -i eth0 port 80 -w http_capture.pcap tcpdump -r http_capture.pcap -A port 80 iftop -i eth0 nethogs eth0 iperf3 -s iperf3 -c server_ip -t 30 ```
Scenario 6: DNS and Service Observation with curl ``` curl -I http://example.com curl http://example.com -w "Time: %{time_total}s\n" -o /dev/null -s ```

Frequently Asked Questions

Add this skill to your agents

Related Skills

shell-scripting

chaterm/terminal-skills

Bash Shell 脚本编写

troubleshooting

chaterm/terminal-skills

性能问题排查

tcp-ip

chaterm/terminal-skills

TCP/IP 网络诊断与排查

file-operations

chaterm/terminal-skills

Linux file and directory operations

process-management

chaterm/terminal-skills

Linux process management and control

user-permissions

chaterm/terminal-skills

Linux user and permission management