ip - Network Configuration and Management

1. Introduction

The ip command is a powerful and versatile command-line utility in modern Linux systems, central to the iproute2 suite of tools. It is the designated successor to the older net-tools package, which included well-known but now largely deprecated commands like ifconfig, route, arp, and netstat. The ip command provides a unified and more consistent interface for viewing and manipulating a wide array of network configuration elements, including network interfaces, IP addresses, routing tables, ARP cache entries, network tunnels, and much more.

For system administrators and network engineers, proficiency with the ip command is indispensable for configuring, managing, and troubleshooting network connectivity on Linux systems. Its object-oriented syntax and extensive capabilities make it a more robust and feature-rich tool compared to its predecessors. Whether you’re setting up a new network interface, adjusting routing policies, or debugging connectivity issues, the ip command offers the flexibility and precision needed for modern network management.

2. Basic Syntax

The ip command follows an object-oriented command structure:

# Basic structure of the ip command
$ ip [ OPTIONS ] OBJECT { COMMAND | help }

Let’s break down each component:

• ip: The command itself, invoking the iproute2 utility.
• [ OPTIONS ]: These are global options that affect the overall behavior of the ip command before an object is specified. They are applied to the entire operation.
  • Examples: -s (for statistics), -4 (for IPv4 only), -6 (for IPv6 only), -c (for colorized output), -details (for more detailed output), -json (for JSON output).
• OBJECT: This specifies the type of network component or configuration you want to interact with. The ip command can manage several distinct objects. Key objects include:
  • link: Refers to network interface devices (e.g., eth0, wlan0, lo).
  • address (or addr): Refers to protocol (IP or IPv6) addresses assigned to network devices.
  • route: Refers to entries in the kernel’s routing table.
  • neighbour (or neigh): Refers to entries in the ARP (Address Resolution Protocol for IPv4) or NDISC (Neighbor Discovery Protocol for IPv6) cache, which map Layer 3 (IP) addresses to Layer 2 (MAC) addresses.
  • rule: Refers to rules in the policy routing database.
  • tunnel: Refers to IP tunneling configurations (e.g., GRE, IPIP).
  • maddress: Refers to multicast addresses.
  • mroute: Refers to multicast routing cache entries.
  • netns: Refers to network namespaces.
  • xfrm: Refers to IPsec framework policies and states.
  • And others like l2tp, tcp_metrics, monitor.
• { COMMAND | help }: This specifies the action to perform on the selected OBJECT.
  • COMMAND: Common commands include:
    • show (or list, lst, sh, ls, l): Display information about the object.
    • add: Add a new entry or configuration.
    • delete (or del): Remove an entry or configuration.
    • set: Modify an existing object’s parameters.
    • flush: Remove multiple entries (e.g., flush an ARP cache or all addresses from an interface).
    • get: Retrieve specific information about an object (often used with route).
    • help: Displays help information for the specified OBJECT or a specific COMMAND within an object.
  • Abbreviations: ip is very flexible with abbreviations for objects and commands, as long as the abbreviation is unique. For instance, ip address show can often be shortened to ip a s or even ip a. While convenient for interactive use, full command names are recommended in scripts for clarity and future-proofing.
• Permissions: Most ip commands that modify the system’s network configuration (e.g., adding an IP address, bringing an interface up/down, changing routes) require root privileges or the CAP_NET_ADMIN capability. Viewing commands (like show) can typically be run by regular users. sudo is commonly used to execute administrative ip commands.

3. Core Use Cases with Examples

Below are the core use cases with detailed examples.

3.1 Viewing Network Interface Information (link)

This is fundamental for understanding the state of your network hardware.

3.1.1 Show All Network Interfaces

# Show all network links (interfaces) and their status
$ ip link show
# Abbreviated forms:
# $ ip l
# $ ip link ls

Output (Example):

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 00:1a:2b:3c:4d:5e brd ff:ff:ff:ff:ff:ff
3: wlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether aa:bb:cc:dd:ee:ff brd ff:ff:ff:ff:ff:ff

Detailed Explanation of ip link show Output:

• 1: lo::
  • 1: Interface index number (unique identifier assigned by the kernel).
  • lo: Interface name (loopback interface).
  • <LOOPBACK,UP,LOWER_UP>: Interface flags.
    • LOOPBACK: This is the loopback interface, used for local communication within the host.
    • UP: The interface is administratively enabled (configured to be active).
    • LOWER_UP: The physical layer (or underlying layer for virtual interfaces) is reporting that the link is operational. For physical interfaces, this means a cable is connected and a link partner is detected.
    • Other common flags:
      • BROADCAST: Supports broadcast packets.
      • MULTICAST: Supports multicast packets.
      • NOARP: No ARP protocol is used on this interface.
      • PROMISC: Promiscuous mode is enabled, receiving all packets on the medium.
  • mtu 65536: Maximum Transmission Unit in bytes. The largest packet size that can be transmitted over this interface without fragmentation. For loopback, this is typically very high.
  • qdisc noqueue: Queuing discipline. noqueue means no queuing is performed (typical for loopback). fq_codel (Fair Queueing Controlled Delay) is a common advanced qdisc for Ethernet interfaces to manage congestion.
  • state UNKNOWN: The operational state of the link.
    • UP: The interface is active and ready to transmit/receive.
    • DOWN: The interface is administratively disabled or the physical link is down.
    • UNKNOWN: The state cannot be determined (common for loopback or some virtual interfaces).
    • Other states: NOTPRESENT, LOWERLAYERDOWN, TESTING, DORMANT.
  • mode DEFAULT: Link mode (e.g., DEFAULT, DORMANT).
  • group default: Interface group, useful for administrative grouping.
  • qlen 1000: Transmit queue length, the number of packets that can be queued for transmission.
  • link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00:
    • link/loopback: Type of link layer.
    • 00:00:00:00:00:00: MAC address (all zeros for loopback, as it doesn’t need a real hardware address).
    • brd 00:00:00:00:00:00: Broadcast MAC address (all zeros for loopback).
  • link/ether ... brd ...: For Ethernet interfaces (e.g., eth0, wlan0).
    • link/ether: Indicates an Ethernet link type.
    • 00:1a:2b:3c:4d:5e: The MAC (Media Access Control) address of the interface, a unique hardware identifier.
    • brd ff:ff:ff:ff:ff:ff: The Ethernet broadcast MAC address, used for sending packets to all devices on the segment.

3.1.2 Show a Specific Network Interface

# Show details specifically for the eth0 interface
$ ip link show dev eth0

Output (Example):

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 00:1a:2b:3c:4d:5e brd ff:ff:ff:ff:ff:ff

Use Case: This is useful for quickly checking the status of a specific interface, such as verifying if it’s up or down, checking its MAC address, or confirming its MTU settings.

3.2 Viewing IP Addresses (address or addr)

This object is used to display and manage protocol (IP/IPv6) addresses assigned to network interfaces.

3.2.1 Show IP Addresses for All Interfaces

# Show IP addresses for all interfaces
$ ip address show
# Abbreviated forms:
# $ ip addr
# $ ip a

Output (Example):

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host noprefixroute 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:1a:2b:3c:4d:5e brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.100/24 brd 192.168.1.255 scope global dynamic eth0
       valid_lft 86300sec preferred_lft 86300sec
    inet6 fe80::21a:2bff:fe3c:4d5e/64 scope link 
       valid_lft forever preferred_lft forever

Detailed Explanation of ip address show Output:

• inet 127.0.0.1/8:
  • inet: Indicates an IPv4 address.
  • 127.0.0.1: The IPv4 address, the standard loopback address for local communication.
  • /8: The prefix length (subnet mask in CIDR notation). /8 means 255.0.0.0, indicating a network range of 127.0.0.0 - 127.255.255.255.
  • scope host: The address scope.
    • host: Valid only within this host (e.g., loopback).
    • link: Valid only on this physical link (e.g., IPv6 link-local fe80:: addresses, IPv4 APIPA 169.254.x.x). Not routable beyond the local segment.
    • global: Globally valid and routable (e.g., public IPs, or private IPs intended for routing within an organization).
    • site: (IPv6) Site-local scope (deprecated).
  • lo: The interface this address is bound to.
  • valid_lft forever preferred_lft forever: Lifetime parameters for the address. forever means it doesn’t expire. For DHCP-assigned addresses, these will show actual lease times (in seconds).
    • valid_lft: How long the address is valid.
    • preferred_lft: How long the address is preferred (after this, it might be deprecated but still usable until valid_lft expires).
• inet6 ::1/128:
  • inet6: Indicates an IPv6 address.
  • ::1: The IPv6 loopback address, equivalent to 127.0.0.1 in IPv4.
  • /128: Prefix length for a single host address (no subnet, just one address).
  • noprefixroute: (IPv6) A flag indicating that a route for the on-link prefix should not be automatically added.
• dynamic: (For eth0’s IPv4 address) Indicates the address was likely obtained dynamically, e.g., via DHCP. If statically assigned, this flag might be absent or different.
• brd 192.168.1.255: The broadcast address for the IPv4 subnet, used for sending packets to all devices in the 192.168.1.0/24 network.

3.2.2 Show IP Addresses for a Specific Interface

# Show IP addresses for the eth0 interface
$ ip addr show dev eth0

Output (Example):

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:1a:2b:3c:4d:5e brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.100/24 brd 192.168.1.255 scope global dynamic eth0
       valid_lft 86300sec preferred_lft 86300sec
    inet6 fe80::21a:2bff:fe3c:4d5e/64 scope link 
       valid_lft forever preferred_lft forever

Use Case: This is ideal for checking the IP configuration of a specific interface, such as verifying assigned addresses or troubleshooting connectivity issues.

3.3 Viewing the Routing Table (route)

The routing table dictates how network packets are forwarded to their destinations.

3.3.1 Show All Routing Table Entries

# Show the main IPv4 routing table
$ ip route show
# Abbreviated:
# $ ip r

# Show the main IPv6 routing table
$ ip -6 route show

Output (Example for IPv4):

default via 192.168.1.1 dev eth0 proto dhcp metric 100 
169.254.0.0/16 dev eth0 scope link metric 1000 
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.100 metric 100

Detailed Explanation of ip route show Output:

• default via 192.168.1.1 dev eth0 ...:
  • default (or 0.0.0.0/0): This is the default route, used for any destination not matching a more specific route. It’s the gateway for all external traffic.
  • via 192.168.1.1: The IP address of the next-hop router (gateway).
  • dev eth0: The network interface to use to reach this gateway.
  • proto dhcp: Indicates the route was learned via DHCP. Other protocols include:
    • kernel: For directly connected networks, added automatically by the kernel.
    • static: Manually added by an administrator.
    • boot: Added during system boot (less common).
  • metric 100: A preference value for the route. Lower metrics are generally preferred if multiple routes to the same destination exist.
• 169.254.0.0/16 dev eth0 scope link metric 1000:
  • This is a route for link-local addresses (APIPA, Automatic Private IP Addressing). Traffic to this range stays on the local link and is used when no DHCP server is available.
• 192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.100 ...:
  • 192.168.1.0/24: The destination network prefix, a private IPv4 subnet.
  • dev eth0: The interface connected to this network.
  • proto kernel: This route was automatically added by the kernel because an IP address (192.168.1.100) in this network range is configured on eth0.
  • scope link: The destination is on the local link, meaning no gateway is needed.
  • src 192.168.1.100: The preferred source IP address to use when sending packets to this network via this route.

3.3.2 Show Route to a Specific Destination (get)

This command queries the kernel for the route that would be taken to reach a specific IP address.

# Show how to reach the IP address 8.8.8.8 (Google Public DNS)
$ ip route get 8.8.8.8

Output (Example):

8.8.8.8 via 192.168.1.1 dev eth0 src 192.168.1.100 uid 1000 
    cache

Explanation: This output shows that to reach 8.8.8.8, traffic will go via gateway 192.168.1.1, out interface eth0, using 192.168.1.100 as the source IP. The cache keyword indicates this route is cached for efficiency, and uid 1000 reflects the user ID performing the query (typically only shown with sufficient privileges).

Use Case: This is valuable for diagnosing routing issues, such as determining why packets to a specific destination are failing or being routed unexpectedly.

3.4 Viewing ARP/Neighbour Cache (neighbour or neigh)

Displays the mapping of Layer 3 (IP) addresses to Layer 2 (MAC) addresses for hosts on the local network segment.

# Show the neighbour cache (ARP for IPv4, NDISC for IPv6)
$ ip neighbour show
# Abbreviated:
# $ ip n

Output (Example):

192.168.1.1 dev eth0 lladdr 00:11:22:aa:bb:cc REACHABLE
192.168.1.105 dev eth0 lladdr aa:bb:cc:11:22:dd STALE
fe80::211:22ff:feaa:bbcc dev eth0 lladdr 00:11:22:aa:bb:cc router STALE

Detailed Explanation of ip neighbour show Output:

• 192.168.1.1: The IP address of the neighbor (e.g., the gateway).
• dev eth0: The local interface through which this neighbor is reached.
• lladdr 00:11:22:aa:bb:cc: The Link-Layer Address (MAC address) of the neighbor.
• REACHABLE: The state of the neighbor entry.
  • PERMANENT: Manually added static entry, not subject to timeouts or updates.
  • REACHABLE: Neighbor is confirmed to be reachable based on recent communication.
  • STALE: Reachability is unknown, but the entry is still considered valid. Will attempt to verify on next use.
  • DELAY: Waiting for confirmation after sending a probe.
  • PROBE: Actively probing the neighbor to confirm reachability.
  • FAILED: Neighbor is considered unreachable after failed probes.
  • INCOMPLETE: Address resolution is in progress (e.g., ARP request sent, no reply yet).
• router: (IPv6) Indicates this neighbor is known to be a router, useful for Neighbor Discovery Protocol (NDISC).

Use Case: This is essential for troubleshooting local network connectivity issues, such as verifying that the gateway or other devices are reachable at the link layer.

4. Key Options Explained (with Examples)

This section covers additional options and commands for manipulating network objects beyond the core use cases. Modifying commands usually require sudo. Examples here are distinct from those in Section 3 to avoid duplication.

4.1 Global Options (Apply to ip Command Itself)

4.1.1 -s, --stats, --statistics

Purpose: Display more detailed statistics. Can be used multiple times (e.g., -ss) for increased verbosity.

Syntax: $ ip -s OBJECT COMMAND [ARGUMENTS]

Use Case: Getting detailed packet counts (RX/TX bytes, packets, errors, dropped packets), and other operational statistics for network interfaces, useful for performance monitoring or diagnosing network issues.

# Show link information for eth0 with statistics
$ ip -s link show dev eth0

Output (Example):

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 00:1a:2b:3c:4d:5e brd ff:ff:ff:ff:ff:ff
    RX:  bytes  packets  errors  dropped overrun mcast   
      12345678   10000      0       0       0       500
    TX:  bytes  packets  errors  dropped carrier collsns 
       8765432    8000      0       0       0       0

# Show even more detailed statistics for eth0
$ ip -ss link show dev eth0

Output (Example, Abbreviated):

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 00:1a:2b:3c:4d:5e brd ff:ff:ff:ff:ff:ff
    RX: bytes    packets  errors  dropped  overrun  mcast
        12345678  10000    0       0        0        500
    RX errors: length   crc     frame   fifo    missed
               0        0       0       0       0
    TX: bytes    packets  errors  dropped  carrier  collsns
        8765432   8000     0       0        0        0
    TX errors: aborted  fifo    window  heartbeat
               0        0       0       0

Explanation:

• RX: Received statistics (bytes received, packets received, errors, dropped packets, overruns, multicast packets).
• TX: Transmitted statistics (bytes sent, packets sent, errors, dropped packets, carrier issues, collisions).
• -ss: Adds detailed error breakdowns (e.g., CRC errors, FIFO overflows), which are critical for diagnosing hardware or driver issues.

4.1.2 -4, --family inet (or -f inet)

Purpose: Restrict operations or display to the IPv4 address family.

Syntax: $ ip -4 OBJECT COMMAND [ARGUMENTS]

Use Case: Viewing only IPv4 addresses or routes when both IPv4 and IPv6 are configured, simplifying output in mixed environments.

# Show only IPv4 addresses assigned to all interfaces
$ ip -4 addr show

Output (Example):

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    inet 192.168.1.100/24 brd 192.168.1.255 scope global dynamic eth0
       valid_lft 86300sec preferred_lft 86300sec

4.1.3 -6, --family inet6 (or -f inet6)

Purpose: Restrict operations or display to the IPv6 address family.

Syntax: $ ip -6 OBJECT COMMAND [ARGUMENTS]

Use Case: Viewing only IPv6 addresses or routes, useful in IPv6-only environments or for isolating IPv6 troubleshooting.

# Show only IPv6 addresses
$ ip -6 addr show

Output (Example):

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    inet6 ::1/128 scope host noprefixroute 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    inet6 fe80::21a:2bff:fe3c:4d5e/64 scope link 
       valid_lft forever preferred_lft forever

4.1.4 -0, -o, --oneline

Purpose: Output each record on one line, replacing line feeds with backslashes (\) and other whitespace with spaces. Useful for parsing by scripts.

Syntax: $ ip -o OBJECT COMMAND [ARGUMENTS]

Use Case: Processing ip command output programmatically, such as in shell scripts or automation tools.

# Show IPv4 addresses in a compact, one-line-per-address format
$ ip -4 -o addr show

Output (Example):

1: lo    inet 127.0.0.1/8 scope host lo       valid_lft forever preferred_lft forever
2: eth0    inet 192.168.1.100/24 brd 192.168.1.255 scope global dynamic eth0       valid_lft 86000sec preferred_lft 86000sec

4.1.5 -c[=WHEN], --color[=WHEN]

Purpose: Enable or control colored output. WHEN can be always, auto (default - color if output is a terminal), or never.

Syntax: $ ip -c OBJECT COMMAND [ARGUMENTS]

Use Case: Enhancing readability in the terminal, especially when reviewing complex outputs. Most systems enable auto by default.

# Force colored output for link show (useful if piping to 'less -R')
$ ip -color=always link show

Output: (Colors not shown in text, but interface names, states, and flags would be highlighted in a terminal.)

4.1.6 -r, --resolve

Purpose: Use the system’s name resolver (DNS) to print hostnames instead of IP addresses where possible.

Syntax: $ ip -r OBJECT COMMAND [ARGUMENTS]

Use Case: Making output like the neighbor cache or routing table more human-readable if IPs have DNS entries, though it may slow down output due to DNS lookups.

# Show neighbour cache, attempting to resolve IPs to hostnames
# This requires that the IPs in your cache have reverse DNS (PTR) records or local /etc/hosts entries.
$ ip -r neigh show

Output (Example if 192.168.1.1 resolves to gateway.example.com):

gateway.example.com (192.168.1.1) dev eth0 lladdr 00:11:22:aa:bb:cc REACHABLE

4.1.7 -j, --json

Purpose: Display output in JSON (JavaScript Object Notation) format.

Syntax: $ ip -j OBJECT COMMAND [ARGUMENTS]

Use Case: For programmatic consumption of ip command output by applications or scripts that can parse JSON, such as monitoring tools or configuration management systems.

# Show link information for eth0 in JSON format
$ ip -j link show dev eth0

Output (Example, Abbreviated):

[
   {
      "ifindex": 2,
      "ifname": "eth0",
      "flags": [ "BROADCAST", "MULTICAST", "UP", "LOWER_UP" ],
      "mtu": 1500,
      "qdisc": "fq_codel",
      "operstate": "UP",
      "link_type": "ether",
      "address": "00:1a:2b:3c:4d:5e",
      "broadcast": "ff:ff:ff:ff:ff:ff"
   }
]

4.1.8 -p, --pretty (Used with -j or --json)

Purpose: When used with -j or --json, it formats the JSON output in a more human-readable, pretty-printed (indented) way.

Syntax: $ ip -j -p OBJECT COMMAND [ARGUMENTS]

Use Case: Improving readability of JSON output for manual inspection or debugging.

# Show link information for eth0 in pretty JSON format
$ ip -j -p link show dev eth0

Output (Example):

[
    {
        "ifindex": 2,
        "ifname": "eth0",
        "flags": [
            "BROADCAST",
            "MULTICAST",
            "UP",
            "LOWER_UP"
        ],
        "mtu": 1500,
        "qdisc": "fq_codel",
        "operstate": "UP",
        "link_type": "ether",
        "address": "00:1a:2b:3c:4d:5e",
        "broadcast": "ff:ff:ff:ff:ff:ff"
    }
]

4.1.9 -br, --brief

Purpose: Provide a brief, tabular output for some commands, notably ip addr show and ip link show.

Syntax: $ ip -br OBJECT COMMAND [ARGUMENTS]

Use Case: Getting a quick, summarized overview of interfaces and their primary addresses, ideal for rapid status checks.

# Brief address listing
$ ip -br addr show

Output (Example):

lo               UNKNOWN        127.0.0.1/8 ::1/128
eth0             UP             192.168.1.100/24 fe80::21a:2bff:fe3c:4d5e/64
wlan0            DOWN

4.1.10 -details

Purpose: Show more detailed information about the object.

Syntax: $ ip -details OBJECT COMMAND [ARGUMENTS]

Use Case: Getting extended attributes, settings, or statistics not shown by default, such as VLAN information or additional link properties.

# Show detailed link information for eth0, including things like vlan info if applicable
$ ip -details link show dev eth0

Output (Example, if eth0 has VLAN settings):

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 00:1a:2b:3c:4d:5e brd ff:ff:ff:ff:ff:ff
    vf 0     link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff, vlan 100, spoof checking off, link-state auto, trust off

4.1.11 -N, --numeric

Purpose: Output numeric host addresses instead of trying to resolve them to symbolic hostnames.

Syntax: $ ip -N OBJECT COMMAND [ARGUMENTS]

Use Case: When you specifically want to see IP addresses and avoid DNS lookups (which can be slow or misleading), ensuring consistent numeric output.

# Show neighbour cache with numeric IPs only
$ ip -N neigh show

Output (Example):

192.168.1.1 dev eth0 lladdr 00:11:22:aa:bb:cc REACHABLE

4.2 ip link: Managing Network Interfaces

This object is used to display and modify network interfaces (also called links or devices).

4.2.1 ip link set dev DEVICE { up | down }

Purpose: Bring a network interface DEVICE online (up) or take it offline (down). Requires sudo.

Syntax: $ sudo ip link set dev eth0 up

Use Case: Enabling or disabling network interfaces for configuration, troubleshooting, or power saving, such as isolating a faulty interface or preparing for reconfiguration.

# Bring interface wlan0 down (disable it)
$ sudo ip link set dev wlan0 down

Output (Verification):

# Verify its state (should show STATE DOWN)
$ ip link show dev wlan0
3: wlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether aa:bb:cc:dd:ee:ff brd ff:ff:ff:ff:ff:ff

# Bring wlan0 interface up (enable it)
$ sudo ip link set dev wlan0 up

Output (Verification):

# Verify its state again (should show STATE UP, if connection is successful)
$ ip link show dev wlan0
3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DORMANT group default qlen 1000
    link/ether aa:bb:cc:dd:ee:ff brd ff:ff:ff:ff:ff:ff

4.2.2 ip link set dev DEVICE mtu NUMBER

Purpose: Set the Maximum Transmission Unit (MTU) in bytes for DEVICE. Requires sudo.

Syntax: $ sudo ip link set dev eth0 mtu 1492

Use Case: Adjusting MTU for specific network requirements like PPPoE (often 1492), VPNs, or to enable jumbo frames (e.g., mtu 9000) on networks that support them. Incorrect MTU can lead to fragmentation or connectivity issues.

# Check current MTU for eth0
$ ip link show dev eth0

Output (Example):

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 00:1a:2b:3c:4d:5e brd ff:ff:ff:ff:ff:ff

# Set MTU to 1400 for eth0
$ sudo ip link set dev eth0 mtu 1400

Output (Verification):

# Verify new MTU
$ ip link show dev eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1400 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 00:1a:2b:3c:4d:5e brd ff:ff:ff:ff:ff:ff

# Set it back to a common default (Ethernet)
$ sudo ip link set dev eth0 mtu 1500

4.2.3 ip link set dev DEVICE address MAC_ADDRESS

Purpose: Change the MAC address (hardware address) of DEVICE. Requires sudo. The interface usually needs to be down first.

Syntax: $ sudo ip link set dev eth0 address 00:11:22:33:44:55

Use Case: MAC address spoofing (for privacy or to bypass MAC filtering, use ethically), or in some virtualization scenarios where a specific MAC is required.

# Note current MAC address
$ ip link show dev eth0

Output (Example):

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 00:1a:2b:3c:4d:5e brd ff:ff:ff:ff:ff:ff

# Bring eth0 down first
$ sudo ip link set dev eth0 down

# Change MAC address (use a valid unicast MAC)
$ sudo ip link set dev eth0 address 00:1A:2B:3C:4D:66

# Bring eth0 up
$ sudo ip link set dev eth0 up

Output (Verification):

# Verify new MAC address
$ ip link show dev eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 00:1a:2b:3c:4d:66 brd ff:ff:ff:ff:ff:ff

4.2.4 ip link set dev DEVICE name NEW_NAME

Purpose: Rename a network interface DEVICE to NEW_NAME. Requires sudo. The interface must typically be down.

Syntax: $ sudo ip link set dev eth0 name lan_interface

Use Case: Giving interfaces more descriptive or consistent names across systems, such as renaming eth0 to lan0 for clarity in multi-interface setups.

# Bring eth0 down
$ sudo ip link set dev eth0 down

# Rename eth0 to internal_lan (requires sudo)
$ sudo ip link set dev eth0 name internal_lan

# Bring new interface name up
$ sudo ip link set dev internal_lan up

Output (Verification):

# Verify (old eth0 should be gone, internal_lan should exist)
$ ip link show dev internal_lan
2: internal_lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 00:1a:2b:3c:4d:5e brd ff:ff:ff:ff:ff:ff

$ ip link show dev eth0
Device "eth0" does not exist.

4.2.5 ip link set dev DEVICE promisc { on | off }

Purpose: Enable (on) or disable (off) promiscuous mode for DEVICE. In promiscuous mode, the interface passes all frames it sees on the network segment to the CPU, not just frames addressed to its own MAC address or broadcast/multicast. Requires sudo.

Syntax: $ sudo ip link set dev eth0 promisc on

Use Case: Network sniffing and monitoring (e.g., with tcpdump or Wireshark, though these tools often enable it themselves), or for network intrusion detection systems.

# Enable promiscuous mode on eth0
$ sudo ip link set dev eth0 promisc on

Output (Verification):

# Check flags (should include PROMISC)
$ ip link show dev eth0
2: eth0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 00:1a:2b:3c:4d:5e brd ff:ff:ff:ff:ff:ff

# Disable promiscuous mode
$ sudo ip link set dev eth0 promisc off

Output (Verification):

$ ip link show dev eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 00:1a:2b:3c:4d:5e brd ff:ff:ff:ff:ff:ff

4.2.6 ip link add LINK_NAME type LINK_TYPE [ ARGUMENTS... ]

Purpose: Add a new virtual network interface. LINK_TYPE specifies the kind of virtual interface. Common types include:

• bridge: A software network bridge.
• vlan: An 802.1Q VLAN interface.
• veth: A virtual Ethernet pair (often used with containers/namespaces).
• vxlan: Virtual Extensible LAN.
• macvlan, ipvlan: Create virtual interfaces with their own MAC/IP addresses on top of a physical interface.
• dummy: A simple dummy interface.

Requires sudo.

Syntax (Bridge Example): $ sudo ip link add name br0 type bridge

Use Case: Creating virtual network infrastructure for containers, virtual machines, network segmentation with VLANs, or testing environments.

# Add a new bridge interface named br0
$ sudo ip link add name br0 type bridge

# Bring the bridge up
$ sudo ip link set dev br0 up

# Add an existing physical interface (e.g., eth0) to the bridge
# First, ensure eth0 has no IP and is up
$ sudo ip addr flush dev eth0
$ sudo ip link set dev eth0 up
$ sudo ip link set dev eth0 master br0 # Add eth0 to br0

Output (Verification):

# Verify bridge
$ ip link show dev br0
4: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/ether 00:1a:2b:3c:4d:5e brd ff:ff:ff:ff:ff:ff

# Verify eth0 is part of the bridge
$ ip link show dev eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master br0 state UP mode DEFAULT group default qlen 1000
    link/ether 00:1a:2b:3c:4d:5e brd ff:ff:ff:ff:ff:ff

4.2.7 ip link delete dev DEVICE

Purpose: Delete a (usually virtual) network interface DEVICE. Requires sudo.

Syntax: $ sudo ip link delete dev br0

Use Case: Removing previously created virtual interfaces like bridges, VLANs, or veth pairs when they are no longer needed.

# Before deleting a bridge, remove member interfaces and bring it down
$ sudo ip link set dev eth0 nomaster # Remove eth0 from bridge
$ sudo ip link set dev br0 down

# Delete the bridge interface br0
$ sudo ip link delete dev br0

Output (Verification):

# Verify it's gone
$ ip link show dev br0
Device "br0" does not exist.

4.3 ip address (or addr): Managing IP Addresses

Used to display and manage IP addresses assigned to network interfaces.

4.3.1 ip address add ADDRESS/PREFIX_LEN [broadcast BROADCAST_ADDR] [label LABEL] dev DEVICE

Purpose: Add a new IP ADDRESS with a PREFIX_LEN (CIDR notation, e.g., /24) to DEVICE. Requires sudo.

Syntax: $ sudo ip address add 192.168.1.150/24 dev eth0

Optional Arguments:

• broadcast BROADCAST_ADDR: Explicitly set the broadcast address. Often calculated automatically if omitted (e.g., broadcast + tells the kernel to set it).
• label LABEL: Assign a label to the address (e.g., eth0:0). Useful for compatibility with older tools or for identifying secondary addresses.

Use Case: Assigning static IP addresses or adding secondary IP addresses to an interface, such as for hosting multiple services on different IPs.

# Add a primary IP address to eth0
$ sudo ip address add 10.0.0.5/24 broadcast 10.0.0.255 dev eth0 label eth0:static

# Add a secondary IP address to the same interface
$ sudo ip address add 10.0.0.6/24 dev eth0 label eth0:secondary

Output (Verification):

# Verify
$ ip addr show dev eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:1a:2b:3c:4d:5e brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.5/24 brd 10.0.0.255 scope global eth0:static
       valid_lft forever preferred_lft forever
    inet 10.0.0.6/24 scope global secondary eth0:secondary
       valid_lft forever preferred_lft forever

4.3.2 ip address delete ADDRESS/PREFIX_LEN dev DEVICE

Purpose: Delete an IP ADDRESS from DEVICE. Requires sudo.

Syntax: $ sudo ip address del 10.0.0.5/24 dev eth0

Use Case: Removing statically assigned or unwanted IP addresses, such as correcting a misconfiguration.

# Remove the secondary IP address we added
$ sudo ip address delete 10.0.0.6/24 dev eth0

Output (Verification):

# Verify
$ ip addr show dev eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:1a:2b:3c:4d:5e brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.5/24 brd 10.0.0.255 scope global eth0:static
       valid_lft forever preferred_lft forever

4.3.3 ip address flush dev DEVICE

Purpose: Remove (flush) all IP addresses from a specific DEVICE. Requires sudo. Use with extreme caution, as this can disconnect the interface from the network if it’s the primary address.

Syntax: $ sudo ip address flush dev eth0

Use Case: Quickly clearing all IP configurations from an interface, perhaps before reconfiguring it or decommissioning it.

# Create a dummy interface for safe testing
$ sudo ip link add dummy0 type dummy
$ sudo ip link set dev dummy0 up
$ sudo ip address add 172.16.0.1/24 dev dummy0
$ sudo ip address add 172.16.0.2/24 dev dummy0

Output (Before Flush):

# Shows 172.16.0.1 and 172.16.0.2
$ ip addr show dev dummy0
3: dummy0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
    link/ether 12:34:56:78:9a:bc brd ff:ff:ff:ff:ff:ff
    inet 172.16.0.1/24 scope global dummy0
       valid_lft forever preferred_lft forever
    inet 172.16.0.2/24 scope global secondary dummy0
       valid_lft forever preferred_lft forever

# Flush all addresses from dummy0
$ sudo ip address flush dev dummy0

Output (After Flush):

# Verify (no inet addresses should be listed for dummy0)
$ ip addr show dev dummy0
3: dummy0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
    link/ether 12:34:56:78:9a:bc brd ff:ff:ff:ff:ff:ff

# Clean up dummy interface
$ sudo ip link delete dev dummy0

4.4 ip route: Managing the Routing Table

Used to display and modify the IP routing table, which determines how packets are sent to different network destinations.

4.4.1 ip route add DESTINATION_NETWORK/PREFIX via GATEWAY_IP [dev DEVICE] [metric METRIC]

Purpose: Add a new static route to the routing table. Requires sudo.

Syntax: $ sudo ip route add 10.10.0.0/16 via 192.168.1.254 dev eth0

Parameters:

• DESTINATION_NETWORK/PREFIX: The network you want to reach.
• via GATEWAY_IP: The IP address of the next-hop router.
• dev DEVICE: (Optional but recommended) The outgoing interface.
• metric METRIC: (Optional) A preference value for the route (lower is more preferred).

Use Case: Manually defining paths to networks not reachable via the default gateway, or for specific routing policies, such as directing traffic to a VPN.

# Add a route to the network 172.16.0.0/12 via gateway 192.168.1.1 out of eth0
$ sudo ip route add 172.16.0.0/12 via 192.168.1.1 dev eth0

Output (Verification):

# Verify (the new route should appear)
$ ip route show
default via 192.168.1.1 dev eth0 proto dhcp metric 100 
172.16.0.0/12 via 192.168.1.1 dev eth0 
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.100 metric 100

4.4.2 ip route delete DESTINATION_NETWORK/PREFIX [via GATEWAY_IP] [dev DEVICE]

Purpose: Delete a static route from the routing table. Requires sudo.

Syntax: $ sudo ip route del 10.10.0.0/16

Use Case: Removing manually added or obsolete routes, such as when a network topology changes.

# Delete the route to 172.16.0.0/12 we just added
$ sudo ip route delete 172.16.0.0/12 via 192.168.1.1 dev eth0

Output (Verification):

# Verify (the route should be gone)
$ ip route show
default via 192.168.1.1 dev eth0 proto dhcp metric 100 
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.100 metric 100

4.4.3 Adding/Changing the Default Gateway

Purpose: Set or modify the default gateway, a special route (destination 0.0.0.0/0 or default).

Syntax: $ sudo ip route add default via 192.168.1.254 dev eth0

Use Case: Setting or changing the primary router for all outbound internet traffic or traffic to unknown networks.

# Add a default gateway (if one doesn't exist or to replace an existing one)
# Replace 192.168.1.254 with your actual gateway IP and eth0 with your interface
$ sudo ip route add default via 192.168.1.254 dev eth0

Output (Verification):

$ ip route show
default via 192.168.1.254 dev eth0 
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.100 metric 100

# To change/replace an existing default gateway, it’s often better to delete the old one first
$ sudo ip route del default
$ sudo ip route add default via 192.168.1.254 dev eth0

4.4.4 ip route flush [SELECTOR...]

Purpose: Remove (flush) routes matching the SELECTOR. Requires sudo.

Syntax: $ sudo ip route flush cache (clears the routing cache)

Use Case: Clearing specific routes or the entire routing cache (use with caution), such as resolving stale routing information.

# WARNING: Flushing all routes can disconnect your machine.
# This example flushes routes for a specific interface (less risky if it’s not primary)
$ sudo ip route flush dev eth1
# To flush the entire routing cache (can help if routes seem stale):
$ sudo ip route flush cache

Output (Verification): (Output depends on remaining routes; use ip route show to confirm.)

4.5 ip neighbour (or neigh): Managing the Neighbour Cache (ARP/NDISC)

Used to display and manipulate the ARP (for IPv4) or NDISC (for IPv6) cache, which maps IP addresses to MAC addresses on the local network segment.

4.5.1 ip neighbour add ADDRESS lladdr MAC_ADDRESS dev DEVICE nud STATE

Purpose: Add a static entry to the neighbour cache. Requires sudo.

Syntax: $ sudo ip neigh add 192.168.1.50 lladdr 11:22:33:aa:bb:cc dev eth0 nud permanent

Parameters:

• ADDRESS: The IP address of the neighbor.
• lladdr MAC_ADDRESS: The Link-Layer (MAC) address.
• dev DEVICE: The local interface.
• nud STATE: Neighbor Unreachability Detection state. Common states:
  • permanent: The entry will not be garbage collected and will not be overwritten by dynamic updates.
  • reachable: The entry is considered valid and reachable.
  • stale: The entry is valid but its reachability needs to be confirmed.

Use Case: Creating static ARP entries for specific hosts, sometimes for security reasons (to prevent ARP spoofing for critical servers) or in specific network configurations where dynamic ARP might be problematic.

# Add a permanent static ARP entry for server 192.168.1.200 with MAC 00:de:ad:be:ef:00
$ sudo ip neigh add 192.168.1.200 lladdr 00:de:ad:be:ef:00 dev eth0 nud permanent

Output (Verification):

# Verify
$ ip neigh show dev eth0 | grep 192.168.1.200
192.168.1.200 dev eth0 lladdr 00:de:ad:be:ef:00 PERMANENT

4.5.2 ip neighbour delete ADDRESS dev DEVICE

Purpose: Delete an entry (usually a static one) from the neighbour cache. Requires sudo.

Syntax: $ sudo ip neigh del 192.168.1.50 dev eth0

Use Case: Removing incorrect or no longer needed static ARP entries.

# Delete the static ARP entry we added for 192.168.1.200
$ sudo ip neigh delete 192.168.1.200 dev eth0

Output (Verification):

# Verify (it should be gone, or revert to a dynamic state if the host is active and responds to ARP)
$ ip neigh show dev eth0 | grep 192.168.1.200

4.5.3 ip neighbour flush dev DEVICE

Purpose: Clear (flush) all dynamic entries from the neighbour cache for a specific DEVICE. Permanent entries are not removed by flush. Requires sudo.

Syntax: $ sudo ip neigh flush dev eth0

Use Case: Troubleshooting ARP/NDISC issues by forcing a rediscovery of neighbors on the local network segment.

# Flush the dynamic ARP cache entries for eth0
$ sudo ip neigh flush dev eth0

Output (Verification):

# Verify (dynamic entries will be gone, permanent ones remain; cache will repopulate as traffic flows)
$ ip neigh show dev eth0
192.168.1.200 dev eth0 lladdr 00:de:ad:be:ef:00 PERMANENT

4.6 ip rule: Managing Policy Routing Rules

Policy routing allows for more complex routing decisions based on criteria other than just the destination IP address (e.g., source IP, interface, firewall mark).

4.6.1 ip rule show (or list)

Purpose: Display the current routing policy database (RPDB) rules.

Syntax: $ ip rule show

Use Case: Inspecting advanced routing configurations, such as source-based routing setups.

$ ip rule show

Output (Example, Typical Default):

0:      from all lookup local 
32766:  from all lookup main 
32767:  from all lookup default

Explanation:

• 0: Priority of the rule (lower number = higher priority).
• from all: Selector (matches any source).
• lookup local: Action - if matched, consult the local routing table (contains routes for loopback and local interface addresses).
• lookup main: Consult the main routing table (the one shown by ip route show).
• lookup default: Consult the default routing table (often empty unless specifically configured).

4.6.2 ip rule add [RULE_SPECIFICATION] table TABLE_ID prio PRIORITY

Purpose: Add a new policy routing rule. Requires sudo.

Syntax: $ sudo ip rule add from 192.168.2.0/24 table my_custom_table prio 1000

Use Case: Implementing source-based routing, routing traffic from specific interfaces through different gateways, etc. This is an advanced topic requiring a custom routing table to be defined first.

# Add a rule: traffic FROM network 10.1.1.0/24 should use routing table 100
# (Assuming table 100 is already populated with routes via 'ip route add ... table 100')
$ sudo ip rule add from 10.1.1.0/24 lookup 100 prio 500

Output (Verification):

# Verify
$ ip rule show
0:      from all lookup local 
500:    from 10.1.1.0/24 lookup 100 
32766:  from all lookup main 
32767:  from all lookup default

4.6.3 ip rule delete [RULE_SPECIFICATION] table TABLE_ID prio PRIORITY

Purpose: Delete a policy routing rule. Requires sudo.

Syntax: $ sudo ip rule del from 192.168.2.0/24 table my_custom_table prio 1000

Use Case: Removing previously added policy routing rules when they are no longer needed.

# Delete the rule we added
$ sudo ip rule del from 10.1.1.0/24 lookup 100 prio 500

Output (Verification):

$ ip rule show
0:      from all lookup local 
32766:  from all lookup main 
32767:  from all lookup default

4.7 ip tunnel: Managing IP Tunnels

Used for creating and managing various types of IP tunnels (e.g., IPIP, GRE, SIT for IPv6-in-IPv4).

4.7.1 ip tunnel add NAME mode TUNNEL_MODE remote REMOTE_IP local LOCAL_IP [dev PHY_DEVICE]

Purpose: Add a new tunnel interface. Requires sudo.

Syntax (GRE Tunnel Example): $ sudo ip tunnel add gre0 mode gre remote 203.0.113.10 local 198.51.100.20 ttl 255 dev eth0

Use Case: Creating VPN-like connections or encapsulating traffic between networks, such as connecting two remote LANs.

# On Server A (e.g., local IP 1.1.1.1, remote IP 2.2.2.2)
$ sudo ip tunnel add tun0 mode ipip remote 2.2.2.2 local 1.1.1.1 dev eth0
$ sudo ip link set dev tun0 up
$ sudo ip addr add 10.0.0.1/24 dev tun0

Output (Verification on Server A):

# Verify tunnel interface
$ ip link show dev tun0
4: tun0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1480 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/ipip 1.1.1.1 peer 2.2.2.2

$ ip addr show dev tun0
4: tun0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1480 qdisc noqueue state UNKNOWN group default qlen 1000
    link/ipip 1.1.1.1 peer 2.2.2.2
    inet 10.0.0.1/24 scope global tun0
       valid_lft forever preferred_lft forever

Note: A corresponding setup on Server B (remote 1.1.1.1, local 2.2.2.2, IP 10.0.0.2/24) would allow communication over the tunnel.

4.7.2 ip tunnel show

Purpose: Display existing tunnel configurations.

$ ip tunnel show

Output (Example):

tun0: ip/ip  remote 2.2.2.2  local 1.1.1.1  dev eth0  ttl 255

4.7.3 ip tunnel delete NAME

Purpose: Delete a tunnel interface. Requires sudo.

$ sudo ip tunnel delete tun0

Output (Verification):

$ ip link show dev tun0
Device "tun0" does not exist.

4.8 ip netns: Managing Network Namespaces

Network namespaces provide isolated network stacks (interfaces, routes, firewall rules) within a single kernel, extensively used by containerization technologies like Docker.

4.8.1 ip netns list

Purpose: List all existing network namespaces.

Syntax: $ sudo ip netns list

$ sudo ip netns list

Output (Example):

mynetns1
testns

4.8.2 ip netns add NAMESPACE_NAME

Purpose: Add (create) a new network namespace. Requires sudo.

Syntax: $ sudo ip netns add mynetns1

$ sudo ip netns add testns

Output (Verification):

$ sudo ip netns list
testns

4.8.3 ip netns exec NAMESPACE_NAME COMMAND...

Purpose: Execute a COMMAND within the specified NAMESPACE_NAME. Requires sudo.

Syntax: $ sudo ip netns exec mynetns1 ip link show

Use Case: Configuring interfaces or running processes within an isolated network environment, such as setting up a container’s network.

# Create a namespace
$ sudo ip netns add testns

# List interfaces inside the namespace (will only show 'lo' initially, and it’s down)
$ sudo ip netns exec testns ip link show

Output (Before Activation):

1: lo: <LOOPBACK> mtu 65536 qdisc noqueue state DOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

# Bring up the loopback interface inside the namespace
$ sudo ip netns exec testns ip link set dev lo up

Output (Verification):

# Verify inside the namespace
$ sudo ip netns exec testns ip link show dev lo
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

4.8.4 ip netns delete NAMESPACE_NAME

Purpose: Delete an existing network namespace. Requires sudo.

Syntax: $ sudo ip netns delete mynetns1

$ sudo ip netns delete testns

Output (Verification):

$ sudo ip netns list

(Empty output if no other namespaces exist)

4.9 ip monitor [OBJECT_LIST]

Purpose: Continuously monitor and display network state changes for specified objects (e.g., link, address, route) or all.

Syntax: $ ip monitor all or $ ip monitor link address

Use Case: Real-time network troubleshooting, observing dynamic network events (DHCP assignments, link state changes), such as monitoring interface flaps or IP assignments.

# Monitor all link and address changes. Press Ctrl+C to stop.
$ ip monitor link address

Output (Example, if eth0 goes down in another terminal):

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 00:1a:2b:3c:4d:5e brd ff:ff:ff:ff:ff:ff
[LINK]2: eth0: <BROADCAST,MULTICAST> mtu 1500 qdisc fq_codel state DOWN mode DEFAULT group default qlen 1000
    link/ether 00:1a:2b:3c:4d:5e brd ff:ff:ff:ff:ff:ff

5. Combining Options

Global options can often be combined with object-specific commands for more refined output or operations. Here are some practical examples:

5.1 Detailed Statistics for a Specific Interface

# Shows link eth0 with very detailed statistics (due to double -s)
$ ip -s -s link show dev eth0

Output (Example, Abbreviated):

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 00:1a:2b:3c:4d:5e brd ff:ff:ff:ff:ff:ff
    RX: bytes    packets  errors  dropped  overrun  mcast
        12345678  10000    0       0        0        500
    RX errors: length   crc     frame   fifo    missed
               0        0       0       0       0
    TX: bytes    packets  errors  dropped  carrier  collsns
        8765432   8000     0       0        0        0

5.2 Adding an IPv4-Only Default Route

# Adds an IPv4 default route
$ sudo ip -4 route add default via 10.0.0.1

Output (Verification):

$ ip -4 route show
default via 10.0.0.1 dev eth0
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.100

5.3 Brief, Colored Address Listing

# Shows a brief, colored list of IP addresses
$ ip -br -c addr show

Output (Example): (Colors not shown in text)

lo               UNKNOWN        127.0.0.1/8 ::1/128
eth0             UP             192.168.1.100/24 fe80::21a:2bff:fe3c:4d5e/64
wlan0            DOWN

5.4 JSON Output for Local Routing Table

# Shows the local routing table in JSON pretty-printed format
$ ip -j -p route show table local

Output (Example):

[
    {
        "dst": "127.0.0.0/8",
        "dev": "lo",
        "scope": "host",
        "protocol": "kernel",
        "type": "local"
    },
    {
        "dst": "192.168.1.100",
        "dev": "eth0",
        "scope": "host",
        "protocol": "kernel",
        "type": "local"
    }
]

5.5 Detailed Namespace Interface Check

# Executes ip link show veth_guest inside the myns namespace, showing details and stats
$ sudo ip -details -stats netns exec myns ip link show veth_guest

Output (Example, if veth_guest exists in myns):

3: veth_guest: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
    link/ether 52:54:00:12:34:56 brd ff:ff:ff:ff:ff:ff
    RX: bytes  packets  errors  dropped overrun mcast
        1024     10       0       0       0      0
    TX: bytes  packets  errors  dropped carrier collsns
        2048     20       0       0       0      0

6. Handling Special Cases

6.1 Permissions

• Description: As stated, most commands that change the network configuration (e.g., add, delete, set link up/down) require root privileges (use sudo). Viewing commands (show, list, get) generally do not.
• Example: Attempting to add an IP address without sudo will result in a permission error:

$ ip addr add 10.0.0.5/24 dev eth0
RTNETLINK answers: Operation not permitted

# Correct usage with sudo
$ sudo ip addr add 10.0.0.5/24 dev eth0

6.2 Interface Naming

• Description: Modern Linux systems often use “predictable network interface names” (e.g., enp0s3, wlp2s0) instead of the older eth0, wlan0. Always use the actual interface names as shown by ip link show for your system to avoid errors.
• Example: If your system uses enp0s3 instead of eth0:

$ ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 00:1a:2b:3c:4d:5e brd ff:ff:ff:ff:ff:ff

# Use the correct name
$ sudo ip link set dev enp0s3 up

6.3 Persistence of Configuration

• Description: Changes made with the ip command (e.g., adding IP addresses, static routes, or bringing links up/down) are typically not persistent across reboots by default. To make network configurations permanent, you must use your Linux distribution’s specific network management tools or configuration files:
  • NetworkManager: Use nmcli (command-line) or graphical network settings tools.
  • systemd-networkd: Configure .network and .link files in /etc/systemd/network/.
  • Debian/Ubuntu (ifupdown - older systems): Edit /etc/network/interfaces.
  • RHEL/CentOS/Fedora (NetworkManager or older initscripts): Edit files in /etc/sysconfig/network-scripts/ (e.g., ifcfg-eth0) or use nmcli.
• Example (Temporary Change):

$ sudo ip addr add 192.168.1.150/24 dev eth0
# This IP will be lost on reboot unless saved via a network manager

6.4 Abbreviated Commands

• Description: While ip allows significant abbreviation (e.g., ip a for ip address show, ip r for ip route show, ip l for ip link show), using the full command names is recommended in scripts for clarity and to avoid ambiguity if new subcommands are added in future versions.
• Example:

# Abbreviated (works interactively)
$ ip a
# Full command (recommended for scripts)
$ ip address show

6.5 Net-tools vs. iproute2

• Description: The ip command is part of iproute2. If you are accustomed to older net-tools commands:
  • ifconfig functionality is covered by ip addr and ip link.
  • route functionality is covered by ip route.
  • arp functionality is covered by ip neigh.
  • netstat -r is similar to ip route.
  • netstat -i is similar to ip -s link.
  • netstat -antp (for listening sockets) is better replaced by ss -antp (ss is another tool from iproute2).

7. Frequently Asked Questions (FAQ)

Below are answers to common questions about the ip command, including popular queries from forums, with detailed examples.

7.1 How do I just see my IP address?

# Lists IPs for all interfaces
$ ip addr show
# Abbreviated
$ ip a

Output (Example):

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    inet 192.168.1.100/24 brd 192.168.1.255 scope global dynamic eth0
       valid_lft 86300sec preferred_lft 86300sec

# Filter for a specific interface (e.g., eth0)
$ ip addr show dev eth0

# For a concise, brief output
$ ip -br addr show

Output (Example):

lo               UNKNOWN        127.0.0.1/8 ::1/128
eth0             UP             192.168.1.100/24 fe80::21a:2bff:fe3c:4d5e/64
wlan0            DOWN

# To get only the IPv4 address of eth0 (using shell tools for parsing)
$ ip -4 addr show dev eth0 | grep -oP 'inet K[d.]+'

Output (Example):

192.168.1.100

7.2 How do I bring a network interface up or down?

# Bring interface up
$ sudo ip link set dev eth0 up

# Bring interface down
$ sudo ip link set dev eth0 down

Output (Verification after down):

$ ip link show dev eth0
2: eth0: <BROADCAST,MULTICAST> mtu 1500 qdisc fq_codel state DOWN mode DEFAULT group default qlen 1000
    link/ether 00:1a:2b:3c:4d:5e brd ff:ff:ff:ff:ff:ff

7.3 How do I add or remove an IP address from an interface?

# Add an IP address
$ sudo ip address add 192.168.1.150/24 dev eth0

# Remove an IP address
$ sudo ip address delete 192.168.1.150/24 dev eth0

Output (Verification after add):

$ ip addr show dev eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    inet 192.168.1.150/24 scope global eth0
       valid_lft forever preferred_lft forever

7.4 How do I set or change my default gateway?

# First, you might need to delete an existing default route (if one exists)
$ sudo ip route del default
# Then add the new one
$ sudo ip route add default via 192.168.1.254 dev eth0

Output (Verification):

$ ip route show
default via 192.168.1.254 dev eth0 
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.100

7.5 Why is ifconfig deprecated or not found on my modern Linux system?

The net-tools package (which includes ifconfig, route, arp) is considered legacy. The iproute2 suite (with the ip command) provides more powerful, consistent, and feature-rich functionality and is the standard on modern Linux distributions. You might need to install net-tools (e.g., sudo apt install net-tools) if you absolutely need ifconfig for compatibility with old scripts, but learning ip is recommended due to its superior capabilities and ongoing support.

7.6 Are changes made by the ip command permanent?

No, not by default. Changes to IP addresses, routes, link states, etc., made with ip are typically lost on reboot. Permanent configuration requires using your distribution’s specific network management tools (e.g., NetworkManager via nmcli, systemd-networkd via configuration files, or traditional methods like /etc/network/interfaces on Debian/Ubuntu or /etc/sysconfig/network-scripts/ifcfg-* on RHEL/CentOS).

Example (Temporary Change):

$ sudo ip addr add 192.168.1.150/24 dev eth0
# This IP will disappear after reboot unless made permanent

7.7 How can I see network traffic statistics (packets, errors)?

# Use -s to see basic statistics
$ ip -s link show dev eth0

Output (Example):

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 00:1a:2b:3c:4d:5e brd ff:ff:ff:ff:ff:ff
    RX:  bytes  packets  errors  dropped overrun mcast   
      12345678   10000      0       0       0       500
    TX:  bytes  packets  errors  dropped carrier collsns 
       8765432    8000      0       0       0       0

# Use -ss for even more detail
$ ip -ss link show dev eth0

For advanced real-time traffic analysis, consider tools like iftop, nload, iptraf-ng, or packet sniffers like tcpdump or Wireshark.

7.8 What does scope link vs. scope global vs. scope host mean for an IP address?

• scope global: The address is globally valid and routable (e.g., a public IP or a private IP on your main LAN intended for routing).
• scope link: The address is only valid on the local network segment (link) the interface is directly connected to. It’s not meant to be routed beyond that link (e.g., IPv6 link-local addresses like fe80::..., or IPv4 APIPA 169.254.x.x).
• scope host: The address is only valid within the host itself (e.g., the loopback address 127.0.0.1 or ::1).

Example Output:

$ ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    inet 127.0.0.1/8 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    inet 192.168.1.100/24 scope global eth0
    inet6 fe80::21a:2bff:fe3c:4d5e/64 scope link

7.9 How do I manage network namespaces with ip?

The ip netns object is used for managing network namespaces, which are fundamental for containerization.

# Create a namespace
$ sudo ip netns add mynamespace

# Run commands within a namespace
$ sudo ip netns exec mynamespace ip link set lo up

# List namespaces
$ sudo ip netns list

Output (Example):

mynamespace

# Delete a namespace
$ sudo ip netns delete mynamespace

7.10 What is the difference between ip link set dev eth0 promisc on and promiscuous mode in Wireshark/tcpdump?

• ip link set dev eth0 promisc on: Directly instructs the kernel to put the network interface card (NIC) eth0 into promiscuous mode. This means the NIC hardware will pass all network frames it sees on the wire to the operating system, not just frames addressed to its own MAC address or broadcast/multicast addresses. Requires sudo.

$ sudo ip link set dev eth0 promisc on

• Wireshark/tcpdump: When starting a capture, these tools typically request the operating system to put the capture interface into promiscuous mode for the duration of the capture. They achieve a similar effect (the NIC being in promiscuous mode) for the purpose of capturing all traffic on the segment, but they manage it temporarily and automatically.

Key Difference: The ip command sets promiscuous mode persistently until turned off, while Wireshark/tcpdump enable it only during capture sessions.

7.11 The output of ip is too verbose. How can I get a summary?

# Use the -br (--brief) option for a concise tabular output
$ ip -br addr show

Output (Example):

lo               UNKNOWN        127.0.0.1/8 ::1/128
eth0             UP             192.168.1.100/24 fe80::21a:2bff:fe3c:4d5e/64
wlan0            DOWN

# Pipe the output to tools like grep, awk, or jq (if using -json output) to filter
$ ip addr show dev eth0 | grep inet

Output (Example):

    inet 192.168.1.100/24 brd 192.168.1.255 scope global dynamic eth0
    inet6 fe80::21a:2bff:fe3c:4d5e/64 scope link

7.12 How can I find out which process is using a network port?

The ip command itself doesn’t directly show process-to-port mappings. For this, use ss (another tool from iproute2, replacing netstat) or lsof.

# Show TCP, UDP, listening, numeric ports, and process names
$ sudo ss -tulnp

Output (Example):

Netid  State      Recv-Q Send-Q  Local Address:Port   Peer Address:Port   Process
tcp    LISTEN     0      128     127.0.0.1:22        0.0.0.0:*           users:(("sshd",pid=1234,fd=3))
udp    UNCONN     0      0       0.0.0.0:68          0.0.0.0:*           users:(("dhclient",pid=5678,fd=6))

# Check a specific port (e.g., 22)
$ sudo lsof -i :22

Output (Example):

COMMAND  PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
sshd    1234 root    3u  IPv4  12345      0t0  TCP localhost:ssh (LISTEN)

7.13 How do I check if my network interface supports IPv6?

# Show IPv6 addresses for an interface
$ ip -6 addr show dev eth0

Output (Example, IPv6 Supported):

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    inet6 fe80::21a:2bff:fe3c:4d5e/64 scope link 
       valid_lft forever preferred_lft forever

Explanation: If no inet6 lines appear, IPv6 might be disabled on the interface or system-wide (check /proc/sys/net/ipv6/conf/all/disable_ipv6).

7.14 How do I test connectivity after changing network settings?

# Ping a known IP (e.g., Google DNS) to test connectivity
$ ping -c 4 8.8.8.8

Output (Example):

PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=117 time=15.2 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=117 time=14.9 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=117 time=15.0 ms
64 bytes from 8.8.8.8: icmp_seq=4 ttl=117 time=15.1 ms

Note: Use ip route get 8.8.8.8 to confirm the route before pinging.

8. Conclusion

The ip command, part of the iproute2 suite, is the modern standard for network configuration and inspection on Linux systems. Its consistent object-based syntax provides a unified and powerful way to manage interfaces (link), IP addresses (addr), routing tables (route), ARP/NDISC entries (neigh), network namespaces (netns), tunnels (tunnel), and more. While its output can be dense, options for filtering by address family (-4, -6), increasing verbosity (-s, -details), and formatting (-json, -pretty, -br) significantly aid in its usability. For system administrators and network engineers working with Linux, proficiency with the ip command is indispensable for both daily tasks and advanced troubleshooting. It’s crucial to remember that direct ip command changes are often not persistent across reboots; permanent configuration requires using distribution-specific network management tools.

9. ip Command: Reference Table of Key Options

Common Global Options for ip: