Working with Linux regularly, I have come across a set of tools that I now use almost every day. These commands help me understand what is happening in the system, fix problems faster, and keep an eye on logs and hardware. Over time, they have saved me a lot of effort, especially when something goes wrong or I need to dig deeper into system behavior. Whether you are just starting out or already comfortable with the terminal, having a few reliable tools in your bucket makes a big difference. In this article, I am sharing some of the ones I find most useful, along with examples and how I usually use them. Hopefully, they will come in handy for you too whether you are troubleshooting a service, checking kernel logs, or just trying to figure out why something is not working as expected.
I will start with the tools I use most frequently.
NOTE: Some of them might not be tools but still you will interact with these keywords while using these tools as well as linux.
journalctl – View logs from systemd services (modern replacement for dmesg in many systems)
journalctl is used to view logs collected by the systemd journal service. It’s a powerful replacement for traditional log commands like dmesg, offering filtering by service, time, priority, and more. It provides persistent logs across reboots if configured.
Example: journalctl -u ssh.service #shows the log messages related to the SSH service
Use Case: Diagnosing boot issues, monitoring service errors, or checking startup logs after a system crash.
It is also useful for tailing live logs: journalctl -f works like tail -f for real-time monitoring of system logs.
dmesg – View kernel ring buffer messages (boot logs, hardware, drivers)
dmesg displays messages from the kernel ring buffer, capturing low-level system activity such as boot logs, hardware detection, kernel panics, and driver output. It’s often used for diagnosing hardware and kernel-related issues immediately after boot or during runtime.
- Example: dmesg | grep usb – Shows logs related to USB devices.
- Use Case: Investigating kernel boot logs, driver load failures, hardware connection issues, and analyzing kernel panics or crashes.
- Real-time monitoring:
dmesg -w follows new kernel messages as they appear, similar to tail -f.
dmesg vs. journalctl
journalctl requires systemd, so it may not be available on older or minimal distros.
Scope:
-> dmesg shows only kernel messages.
-> journalctl shows all system logs, including kernel, services, user applications, and boot logs.
Persistence:
-> dmesg logs are not persistent and are cleared on reboot.
-> journalctl logs are persistent across reboots (if /var/log/journal is set up).
Timestamps:
-> dmesg timestamps are relative (time since boot).
-> journalctl provides human-readable absolute timestamps.
Filtering and Querying:
-> dmesg supports basic filtering with grep.
-> journalctl allows advanced filtering by service, time range, priority, user, etc.
System Compatibility:
-> dmesg works on any Linux system, including embedded or minimal systems.
/proc filesystem – Inspect real-time kernel/system information
The /proc filesystem is a virtual directory that provides live kernel and process information. It doesn’t store real files but exposes system internals.
Example: /proc/cpuinfo shows CPU details; /proc/meminfo displays memory usage.
Use Case: System monitoring tools rely on /proc to gather stats like CPU usage or memory status.
Developers and sysadmins can use it for troubleshooting.
For example, /proc/[pid]/status gives insights into a process’s state, memory, and I/O usage. It’s essential for low-level system diagnostics.
uname -a – View kernel version and system info
uname -a prints detailed system information including the kernel version, hostname, architecture, and OS. It is a quick and handy command to verify system details.
Example: Output like Linux myhost 5.15.0-92-generic x86_64 shows the kernel version and architecture.
Use Case: Useful when checking compatibility of software or kernel modules, or when reporting system details for support or debugging.
Individual flags like -r (kernel version) or -m (machine architecture) can be used selectively for scripting or automation.
lshw – Detailed information on all hardware
lshw lists detailed hardware information such as CPU, memory, storage, buses, and more. It must be run as root to access full information.
Example: sudo lshw -short gives a summarized hardware overview.
Use Case: Verifying installed RAM modules, checking SSD model, or identifying network card chipsets.
It is helpful for inventory management, troubleshooting hardware compatibility, or system upgrades.
Unlike tools like lscpu, lshw offers a full view of the hardware tree structure.
lsblk, blkid, fdisk, parted – Disk and partition management tools
These tools help manage disks and partitions.
- lsblk lists block devices.
- blkid shows UUIDs and types of filesystems.
- fdisk and parted are interactive tools to create, delete, and manage partitions.
Example: lsblk shows /dev/sda1, /dev/sdb, etc.
Use Case: When adding new storage, formatting drives, or setting up dual boot systems.
fdisk works well for MBR disks; parted supports both MBR and GPT.
These tools are crucial during OS installation or disk troubleshooting.
strace – Trace system calls and signals of a process
strace intercepts and logs system calls made by a process, helping developers and sysadmins debug program behavior or performance issues.
Example: strace -e openat ./app shows file access attempts by the program.
Use Case: Diagnosing why a program fails to open a file, checking syscall usage, or investigating permissions errors.
It’s especially valuable when source code is unavailable or logs don’t reveal enough.
strace helps trace execution paths and understand interactions between user programs and the Linux kernel.
ip – Replacement for ifconfig; manage IP addresses, routes, and links
ip is a powerful modern command that replaces ifconfig for managing network interfaces, IP addresses, routing, and more. It’s part of the iproute2 package and offers detailed and structured outputs.
Example: ip addr show lists all IP addresses; ip route add adds a new route.
Use Case: Configuring static IPs, managing routing tables, or enabling/disabling interfaces (ip link set eth0 down).
It is preferred in modern systems due to better scripting support and more comprehensive control over networking compared to legacy tools.
ifconfig – Legacy tool to configure network interfaces
ifconfig is an older tool used for configuring and displaying network interfaces. Though mostly replaced by ip, it is still present on many systems for basic tasks.
Example: ifconfig eth0 up brings the interface up, ifconfig alone lists active interfaces.
Use Case: Useful in legacy environments or simple setups to assign IPs or check connectivity status.
It lacks support for modern features like multiple IPs per interface or advanced routing. In newer distributions, it may be deprecated or not installed by default.
nmcli – Command-line tool for NetworkManager
nmcli is a command-line utility to interact with the NetworkManager daemon, often used in desktop or laptop environments. It manages Wi-Fi, Ethernet, VPNs, and more.
Example: nmcli device wifi list shows nearby Wi-Fi networks; nmcli con up my-wifi connects to a saved network.
Use Case: Managing connections on headless systems, scripting network configuration, or debugging connectivity.
It is especially useful for configuring dynamic networks without a GUI and integrates well with NetworkManager’s configurations.
iwconfig – Configure wireless interfaces
iwconfig is a tool specifically designed to manage wireless interfaces, similar to ifconfig but for Wi-Fi settings.
Example: iwconfig wlan0 essid “MyWiFi” sets the network name, and iwconfig wlan0 displays signal strength and quality.
Use Case: Useful for managing low-level wireless settings in systems without NetworkManager.
While now largely replaced by iw (more modern), iwconfig is still simple and effective for embedded systems or routers needing direct Wi-Fi control.
ip link, ip addr, ip route – View and manipulate network configurations
These ip subcommands manage specific aspects of the network.
- ip link controls interface state (ex – up/down).
- ip addr manages IP addresses.
- ip route configures routing tables.
Example: ip route show shows current routes; ip link set eth0 up activates an interface.
Use Case: Admins use these commands to bring interfaces online, set IPs, or define gateway routes in automated scripts or troubleshooting sessions.
They are modular, replacing older tools like route and ifconfig.
netstat / ss – Display open ports and network socket statistics
netstat is an older command-line tool for viewing network connections, routing tables, and port usage. ss is its modern, faster replacement.
Example: ss -tuln shows listening TCP/UDP ports.
Use Case: Checking for open ports, diagnosing which services are listening or communicating, or troubleshooting firewall rules.
ss provides more detailed output and is faster on modern systems. For example, ss -p shows which process is using a port, ideal for resolving port conflicts.
tcpdump, wireshark – Network packet capture and analysis
Both tools are used to capture and analyze network traffic.
- tcpdump is command-line based, used in servers or headless systems.
- wireshark offers a GUI with filtering and visualization.
Example: tcpdump -i eth0 port 80 captures HTTP traffic on eth0.
Use Case: Debugging complex network issues, identifying packet loss or malicious traffic, and performance tuning.
Wireshark is favored in-depth protocol analysis, while tcpdump is great for lightweight, real-time capture in production.
nmap – Network scanner for security auditing
nmap is a widely used tool for network scanning and security auditing. It discovers hosts, open ports, services, and even operating systems.
Example: nmap -sS 192.168.1.0/24 scans all hosts in a subnet using a stealth SYN scan.
Use Case: Identifying vulnerabilities, auditing firewall configurations, or mapping networks during penetration testing.
It also supports scripting (nmap -sC) for advanced analysis. System administrators and security professionals use nmap to maintain secure and well-documented networks.
modprobe / insmod / rmmod – Load/unload kernel modules (drivers)
These commands are used to manage Linux kernel modules (device drivers).
- modprobe is the most versatile, resolving dependencies automatically.
- insmod inserts a single module manually.
- rmmod removes a module from the kernel.
Example: modprobe snd_hda_intel loads the audio driver; rmmod usb_storage removes a USB module.
Use Case: Temporarily enable or disable drivers, test kernel modules during development, or fix hardware issues by reloading drivers.
modprobe is preferred in production, while insmod/rmmod are more low-level and used in debugging or embedded contexts.
lsmod – List currently loaded modules
lsmod displays all active kernel modules currently loaded into the system. It reads from /proc/modules and shows module names, sizes, and dependencies.
Example: Running lsmod might show i915, indicating the Intel graphics driver is active.
Use Case: Useful for checking if a specific driver is loaded, troubleshooting hardware issues, or verifying successful module insertion via modprobe.
It’s a basic diagnostic tool for kernel module status, especially helpful when device drivers are suspected to be missing or improperly loaded.
lsusb – Show USB devices
lsusb displays information about USB buses and the devices connected to them. It lists vendor and product IDs, device names, and class info.
Example: lsusb output might show Bus 001 Device 004: ID 046d:c534 Logitech USB Receiver.
Use Case: Diagnose if USB devices (cameras, storage, etc.) are recognized, or to identify device types for driver installation.
It’s essential when debugging hotplug issues, verifying device recognition in embedded systems, or when writing custom USB device rules with udev.
udev – Persistence Rules
udev rules ensure consistent naming and behavior for devices across reboots or plug-in events. They reside in /etc/udev/rules.d/ and match device properties like vendor IDs or serial numbers.
Example: A rule like SUBSYSTEM==”usb”, ATTR{idVendor}==”1234″, SYMLINK+=”my_usb” creates /dev/my_usb for a specific USB device.
Use Case: Crucial for robotics, embedded systems, and servers where device names must stay fixed (ex – mapping /dev/ttyUSB0 to a GPS module).
Persistence rules prevent device misconfiguration when multiple similar devices are connected simultaneously.
top, htop – Process monitoring and system resource usage
top is a built-in Linux utility that displays real-time process and system resource usage like CPU, memory, and load average.
htop is an enhanced, user-friendly alternative with a colorful UI, mouse support, and easier navigation.
Example: Run top to see CPU usage of all running processes; use htop to filter and kill processes interactively.
Use Case: Monitoring system health, identifying CPU- or memory-hungry processes, or troubleshooting performance bottlenecks.
htop is particularly useful on modern systems or servers where quick visual diagnostics are helpful.
ping, traceroute – Network reachability
ping is a simple tool used to check if a computer or device on a network is reachable. It works by sending a small message to the target device, and then waiting to receive a reply. When the target responds, ping measures how long it took for the message to go there and back, showing you the response time.
traceroute goes a step further. Instead of just checking if a device is reachable, it shows the full route your data takes to get there. When you run traceroute google.com, it lists all the routers and network devices (called “hops”) between your computer and Google’s server. This helps you see the exact path your data follows across the internet or local network. If there is a slowdown or failure at any point, traceroute can help identify where the problem is happening.
Example: ping 8.8.8.8 tests connectivity to Google DNS.
traceroute traces the path packets take to a destination, listing all hops.
Example: traceroute google.com shows the intermediate routers.
Use Case: Diagnose network outages, latency issues, or route problems. ping helps verify if a device is online, while traceroute is used to locate where communication breaks or slows down across the network path.
ethtool -t – Run cable tests on supported NICs
ethtool -t runs built-in self-tests (including cable diagnostics) on supported Ethernet network interfaces.
Example: ethtool -t eth0 performs offline diagnostics like loopback or cable tests.
Use Case: Hardware-level diagnostics to identify cable faults, bad NICs, or misconfigured physical connections.
Essential for server maintenance or embedded systems where physical networking problems are suspected. Not all NICs support this test; support depends on the driver and hardware.
.bashrc – Per-user Bash config (aliases, exports, etc.)
.bashrc is executed for non-login interactive Bash shells (like when you open a new terminal tab). It is used to define aliases, functions, environment variables, and shell settings.
Example: Add alias ll=’ls -lah’ in .bashrc for convenience.
Use Case: Customize shell behavior per user. Useful for developers who frequently use custom paths or shortcuts.
To apply changes immediately: source ~/.bashrc.
.bash_profile / .profile – Login shell config (for login sessions)
.bash_profile (or .profile on some systems) runs once at login (ex – SSH or TTY login). It’s typically used to set environment variables or launch window managers.
Example: export PATH=$PATH:$HOME/bin in .bash_profile.
Use Case: Setup environment for login shells. Often, .bash_profile sources .bashrc to unify settings across login and non-login shells.
.zshrc – Zsh equivalent of .bashrc
.zshrc is the configuration file for the Zsh shell, equivalent to .bashrc for Bash. It is used to define aliases, set environment variables, customize the prompt, and configure plugins (ex – Oh My Zsh).
Example: alias gs=’git status’ in .zshrc.
Use Case: Users switching to Zsh (often for its features and visuals) use .zshrc to tailor their environment. Reload changes with source ~/.zshrc.
alias – Create command shortcuts
alias defines short names for longer commands.
Example: alias cls=’clear’ makes typing faster.
Aliases are often added to .bashrc or .zshrc.
Use Case: Simplify repetitive commands like alias gs=’git status’.
To view all current aliases, run alias.
unalias – Remove defined aliases
unalias deletes an alias temporarily or permanently.
Example: unalias ll removes the ll shortcut in the current session.
Use Case: Useful for testing or undoing unwanted aliases.
To remove permanently, delete the alias from .bashrc or equivalent file.
export – Set environment variables
export defines environment variables that child processes can inherit.
Example: export PATH=$PATH:/opt/tools adds /opt/tools to the system path.
Use Case: Required for setting environment variables that programs or scripts need (ex – export EDITOR=nano).
Persist them by adding to .bashrc or .bash_profile.
env – Show current environment variables
env prints the environment variables available to the shell.
Example: env | grep PATH filters only the PATH variable.
Use Case: Check variable settings before running software that depends on them.
Also used to launch a command with modified variables:
env VAR=value command.
source – Reload shell files or scripts
source runs a script in the current shell instead of spawning a new one.
Example: source ~/.bashrc applies config changes without restarting the terminal.
Use Case: Useful during development or after editing config files like .bashrc or .zshrc.
It’s also helpful for running environment setup scripts.
crontab – Schedule recurring jobs (ex – backups, scripts)
crontab is used to schedule recurring tasks (like running scripts or backups) at specified times. Each user can have their own crontab file.
Example:
crontab -e opens the crontab editor.
To run a script every day at 2 AM:
0 2 * * * /home/user/backup.sh
Use Case: Automating system maintenance, sending emails, syncing data, etc.
List scheduled jobs using crontab -l. Crontab uses 5 fields: minute, hour, day, month, weekday.
/etc/cron.* – System-wide scheduled jobs (hourly, daily, etc.)
System-wide cron jobs can be placed in /etc/cron.hourly/, /etc/cron.daily/, /etc/cron.weekly/, or /etc/cron.monthly/.
These directories contain scripts that run at predefined intervals.
Example: Placing cleanup.sh in /etc/cron.daily/ runs it daily.
Use Case: Admins use this for maintenance tasks like log rotation, updates, and cleanups.
It’s managed by root and does not require time format configuration—scripts simply run at fixed times defined by system cron.
at – Schedule a one-time job
The at command schedules a job to run once at a specified time.
Example: echo “shutdown -h now” | at 11:30 schedules a shutdown at 11:30.
Use Case: Ideal for one-time tasks like reminders, delayed script runs, or shutdowns.
View scheduled jobs with atq, and remove them using atrm.
Unlike cron, at is not for recurring jobs.
anacron – Cron-like tool that runs jobs even if the system was off
anacron ensures periodic jobs (daily, weekly, etc.) run even if the system was off when the job was originally scheduled.
Example: If a daily job is missed due to shutdown, anacron runs it when the system boots next.
Use Case: Suitable for laptops and desktops that are not always on.
Config is in /etc/anacrontab.
It complements cron by guaranteeing jobs don’t get skipped.
supervisord – Process control system for long-running apps
supervisord is a process manager that keeps applications running and restarts them if they fail. It’s often used for custom scripts or daemons.
Example: In supervisord.conf, define a program:
[program:myapp]
command=/usr/bin/python3 /home/user/app.py
autostart=true
autorestart=trueUse Case: Ideal for Python apps, web servers, or background workers. Use supervisorctl to start, stop, or view status of managed processes.
systemctl – Start/stop/monitor services (systemd)
systemctl is the primary interface to control system services in systemd-based systems.
Example: systemctl start nginx, systemctl enable myservice, systemctl status sshd.
Use Case: Manage services, check logs (journalctl), configure startup behavior, and reload daemons.
It replaces older tools like service and is used in most modern Linux distributions (ex – Ubuntu 16.04+).
tmux – Modern terminal multiplexer (split panes, sessions)
tmux is a more modern alternative to screen, allowing window/pane management and session persistence.
Example:
tmux # Start session
Ctrl+B " # Split pane horizontally
Ctrl+B D # Detach
tmux attach # ReattachUse Case: Great for multitasking in a single terminal window, organizing workflows, or managing multiple servers.
autostart – Desktop environment auto-start config (ex – .config/autostart/)
For graphical environments, you can add .desktop files in ~/.config/autostart/ to auto-launch applications on login.
Example: (myapp.desktop):
[Desktop Entry]
Type=Application
Exec=/home/user/myapp.sh
Name=My AppUse Case: Start GUI apps, tray utilities, or user scripts automatically in XFCE, GNOME, KDE, etc.
~/bin/ – Personal user scripts folder (add to PATH)
~/bin/ is a common directory to store user-created scripts and tools. By adding it to your PATH, you can run those scripts from anywhere.
Example:
mkdir ~/bin
echo 'echo Hello!' > ~/bin/hello
chmod +x ~/bin/hello
export PATH=$HOME/bin:$PATHUse Case: Store custom utilities like backup scripts, dev helpers, or aliases. Keeps your tools organized and avoids modifying system directories.
Functions in .bashrc – Define custom shell functions
You can define shell functions in .bashrc to simplify repeated command sequences.
Example:
tailerr()
{
tail -f /var/log/syslog | grep ERROR;
}After reloading .bashrc, you can run tailerr directly.
Use Case: Encapsulate long commands or logic (ex – Git shortcuts, logging, monitoring commands) into readable, reusable functions.
bash -x script.sh – Debug shell script execution
When you run a shell script using bash -x script.sh, it starts the script in debug mode. This means the shell shows each command it runs before actually running it. This helps you see exactly what the script is doing step-by-step.
Example: if you run bash -x install.sh, the terminal will display every command in the script with a + sign in front, like + echo "Installing...". This way, you can follow the flow of the script and understand how it works
bash -x install.shUse Case: Essential for debugging issues in large or complex bash scripts, especially with loops, conditionals, or function calls.
which, type, command – Locate or identify command behavior
These tools are used to investigate how the shell resolves a command—whether it’s an alias, function, built-in, or external binary.
which <command>
which helps you find where a program lives on your computer. For example, if you type which python, it might show /usr/bin/python, which means that is where the actual Python program is located. Anotherwords, which does not tell you if the command you typed is actually an alias or some special shortcut.
type <command>
type gives more information by telling you what kind of command it is. For instance, if you type type ls, it might say ls is aliased to 'ls --color=auto', which means ls is a shortcut to another command. If you type type cd, it might say cd is a shell builtin, meaning cd is built into the shell itself, not a separate program. So, type is more useful than which because it shows whether a command is an alias, a function, a builtin, or an external program.
command <command>
command lets you run the real command directly, ignoring any aliases or functions that might replace it. For example, if ls is aliased to show colors but you want the original ls without colors, you can run command ls. This is useful when you want to be sure you are running the actual program and not a modified version.
If you have any doubts we can discuss it in the comment section…
THANK YOU !