Skip to content

Instantly share code, notes, and snippets.

Show Gist options
  • Save yuchen/60517c5d63e84a24bf0fbaeabfcf9141 to your computer and use it in GitHub Desktop.
Save yuchen/60517c5d63e84a24bf0fbaeabfcf9141 to your computer and use it in GitHub Desktop.
[mac-network-commands] #mac #network #cmd

Mac Network Commands Cheat Sheet

After writing up the presentation for MacSysAdmin in Sweden, I decided to go ahead and throw these into a quick cheat sheet for anyone who’d like to have them all in one place. Good luck out there, and stay salty.

ipconfig & ifconfig

  1. Get an ip address for en0:
ipconfig getifaddr en0
  1. Same thing, but setting and echoing a variable:
ip=`ipconfig getifaddr en0`;  $ip
  1. View the subnet mask of en0:
ipconfig getoption en0 subnet_mask
  1. View the dns server for en0:
ipconfig getoption en0 domain_name_server
  1. Get information about how en0 got its dhcp on:
ipconfig getpacket en1
  1. Renew dhcp leases:
ipconfig set en1 BOOTP && ipconfig set en1 DHCP
ifconfig en1 down && ifconfig en1 up

# Renew a dhcp lease in a script
echo "add State:/Network/Interface/en0/RefreshConfiguration temporary" | sudo scutil
  1. View some network info:
ifconfig en0
  1. Set en0 to have an ip address of 10.10.10.10 and a subnet mask of 255.255.255.0:
ifconfig en0 inet 10.10.10.10 netmask 255.255.255.0

networksetup

  1. Show a list of locations on the computer:
networksetup -listlocations
  1. Obtain the active location the system is using:
networksetup -getcurrentlocation
  1. Create a network location called Work and populate it with information from the active network connection:
networksetup -createlocation Work populate
  1. Delete a network location called Work:
networksetup -deletelocation Work
  1. Switch the active location to a location called Work:
networksetup -switchlocation Work
  1. List all of the network interfaces on the system:
networksetup -listallnetworkservices
  1. Rename the network service called Ethernet to the word Wired:
networksetup -renamenetworkservice Ethernet Wired
  1. Disable a network interface:
networksetup -setnetworkserviceenabled off
  1. Change the order of your network services:
networksetup -ordernetworkservices "Wi-Fi" "USB Ethernet"
  1. Set the interface called Wi-Fi to obtain it if it isn’t already
networksetup -setdhcp Wi-Fi
  1. Configure a manual static ip address:
networksetup -setmanual Wi-Fi 10.0.0.2 255.255.255.0 10.0.0.1
  1. Configure the dns servers for a given network interface:
networksetup -setdnsservers Wi-Fi 10.0.0.2 10.0.0.3
  1. Obtain the dns servers used on the Wi-Fi interface:
networksetup -getdnsservers Wi-Fi

launchctl service

  1. Start the application layer firewall:
launchctl load /System/Library/LaunchDaemons/com.apple.alf.agent.plist

launchctl load /System/Library/LaunchAgents/com.apple.alf.useragent.plist
  1. Stop the application layer firewall:
launchctl unload /System/Library/LaunchAgents/com.apple.alf.useragent.plist

launchctl unload /System/Library/LaunchDaemons/com.apple.alf.agent.plist
  1. Allow an app to communicate outside the system through the application layer firewall:
socketfilterfw -t "/Applications/FileMaker Pro/FileMaker Pro.app/Contents/MacOS/FileMaker Pro"
  1. Start Bojour:
launchctl load -w /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist
  1. Stop Bonjour:
launchctl unload -w /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist

  1. Add a route so that traffic for 10.0.0.0/32 communicates over the 10.0.9.2 network interface:
route -n add 10.0.0.0/32 10.0.9.2
  1. Log bonjour traffic at the packet level:
sudo killall -USR2 mDNSResponder

ping

  1. Put a delay in your pings:
ping -i 5 192.168.210.1
  1. Ping the hostname 5 times and then stop the ping:
ping -c 5 google.com
  1. Flood ping the host:
ping -f localhost
  1. Set the packet size during your ping:
ping -s 100 google.com
  1. Customize the source IP during your ping:
ping -S 10.10.10.11 google.com

traceroute

  1. Trace the path packets go through:
traceroute google.com
  1. Trace the routes without looking up names:
traceroute -n google.com
  1. Trace a route in debug mode:
traceroute -d google.com

netstat

  1. See the routing table of a Mac:
netstat -nr
  1. View information on all sockets:
netstat -at
  1. View network information for ipv6:
netstat -lt
  1. View per protocol network statistics:
netstat -s
  1. View the statistics for a specific network protocol:
netstat -p igmp
  1. Show statistics for network interfaces:
netstat -i

nc

  1. Establish a network connection with www.apple.com:
/usr/bin/nc -v www.apple.com 80
  1. Establish a network connection with gateway.push.apple.com over port 2195
/usr/bin/nc -v -w 15 gateway.push.apple.com 2195
  1. Establish a network connection with feedback.push.apple.com only allowing ipv4
/usr/bin/nc -v -4 feedback.push.apple.com 2196
  1. Setup a network listener on port 2196 for testing:
/usr/bin/nc -l 2196

tcpdump

  1. Capture some packets:
tcpdump -nS
  1. Capture all the packets:
tcpdump -nnvvXS
  1. Capture the packets for a given port:
tcpdump -nnvvXs 548
  1. Capture all the packets for a given port going to a given destination of 10.0.0.48:
tcpdump -nnvvXs 548 dst 10.0.0.48
  1. Capture the packets as above but dump to a pcap file:
tcpdump -nnvvXs 548 dst 10.0.0.48 -w /tmp/myfile.pcap
  1. Read tcpdump (cap) files and try to make them human readable:
tcpdump -qns 0 -A -r /var/tmp/capture.pcap

others

View disk performance:

iostat -d disk0

View network information as it happens (requires ntop to be installed):

ntop

Get information about the airport connection on your system:

/System/Library/PrivateFrameworks/Apple80211.framework/Versions/A/Resources/airport -I

Scan the available Wireless networks:

/System/Library/PrivateFrameworks/Apple80211.framework/Versions/A/Resources/airport -s

Scan port 80 of www.google.com

/System/Library/CoreServices/Applications/Network\ Utility.app/Contents/Resources/stroke www.google.com 80 80

Port scan krypted.com stealthily:

nmap -sS -O krypted.com/24

What binaries have what ports and in what states are those ports:

lsof -n -i4TCP

Make an alias for looking at what has a listener open, called ports:

alias ports='lsof -n -i4TCP | grep LISTEN'

Switch the active location to a location called Work, but also show the GUID of that location so we can make scripties with it laters:

scselect Work

Report back the name of the system:

hostname

Flush the dns cache:

dscacheutil -flushcache

Clear your arp cache:

arp -ad
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment