Skip to Content

10 Underrated Linux Commands That Deserve More Attention

In recent months, I’ve encountered numerous articles with titles such as “20 Linux Commands You Should Know” or “Linux Survival Guide.”

However, I’ve observed that most of these articles target beginners and cover basic commands like ls or echo.

Considering that my audience likely already has a grasp of these foundational commands, this article takes a different approach.

Instead, I have compiled and will present a curated cheat sheet of commands that I personally rely on daily in my job.

This collection includes commands that are not just for beginners. They are more advanced and can help you become better at managing a Linux system.

These commands can also make your work more efficient.

ss and netstat — what ports is that process using?

netstat is an old tool and has largely been replaced by ss in most distributions. In my first sysadmin job, I learned these command line flags which I always use:

ss -ntaupe

  • n lists processes using numeric addresses (eg, IP addresses instead of DNS names)
  • t lists TCP connections
  • a lists all connections — listening and established
  • u lists UDP connections
  • shows the process using the socket — probably the most useful
  • e shows some extended information, like the uid.


Using “ss” command:

ss -peanut

This command will display all TCP (t) listening (l) and established (e) connections, along with the associated process information (p).

ss -peanut | grep <process_id>

By filtering the output with grep, you can narrow down the results to the desired process. Replace <process_id> with the actual process ID of the target process. 

When using the commands “ss”  to find processes listening on a port, the output can be quite extensive.

A shorter and commonly used combination of flags for this purpose is “-ntpl”.

For instance, to specifically locate processes listening on a port, the command “ss -ntpl” can be used.

sudo root@howtouselinux: ss -ntpl
State  Recv-Q Send-Q Local Address:Port  Peer Address:PortProcess
LISTEN 0      64 *
LISTEN 0      64 *
LISTEN 0      4096*    users:(("rpc.statd",pid=2811,fd=10))
LISTEN 0      5  *    users:(("ecbd",pid=2767,fd=5))
LISTEN 0      50 *    users:(("smbd",pid=2770,fd=54))

Shell Job control in Linux

Shell job control provides useful features such as foreground (fg), background (bg), and jobs to manage running applications.

During my work, I frequently switch between a text editor and log files.

When using tools like vim or less to read log files, I often utilize Ctrl+Z to send the current application to the background, allowing me to focus on something else.

In case I need to recall what processes are currently running, the “jobs” command provides a list of active jobs.

To bring a backgrounded application back to the foreground, I simply use “fg <jobnumber>”. 

These capabilities save me the hassle of opening multiple SSH connections and enhance my productivity.

nc openssl strace command in Linux

The “nc” command, also known as netcat, is a versatile tool for easily connecting to remote ports and performing network debugging tasks. Check more on how to check remote port status in 6 ways.

nc can establish network connections by specifying a host and port. For example:

nc 80

This connects to the web server on on port 80. You can use it for debugging and manual interaction with network services.

nc can be used to scan for open ports on a remote host by attempting to connect to various ports. For example:

nc -z -v -n 20-80

This scans ports 20 through 80 on and reports which ports are open.

To listen for incoming connections, you can use nc without specifying a remote host:

nc -l -p 12345

When it comes to investigating x509 certificates, “openssl” is a valuable tool.

By using commands like “openssl x509 -in foo.cert -text -noout”, you can extract detailed information from certificates.

This is particularly useful for checking certificate expiration dates and conducting similar analyses.

OpenSSL allows you to verify if a certificate is currently valid by checking its expiration date and against a Certificate Authority (CA) chain.

openssl verify certificate.pem

You can use OpenSSL to verify the entire certificate chain by providing both the certificate and the CA bundle.

openssl verify -CAfile ca-bundle.pem certificate.pem

OpenSSL can be used to test SSL/TLS connections to a server and inspect the server’s certificate.

openssl s_client -connect

“strace” is a powerful utility for tracing system calls made by processes, such as fopen or flock. It provides insights into the specific system-level operations being executed.

“strace” works by attaching to a running process or launching a new one, and then intercepting and logging the system calls that the process makes to the kernel.

These system calls include operations such as file I/O (e.g., open, read, write, close), process management (e.g., fork, execve, exit), and more.

To use “strace,” you typically run it followed by the command you want to trace. For example:

strace -o output.txt ls -l /tmp

In this example, “strace” traces the ls -l /tmp command and logs the output to a file called “output.txt.” You can then analyze the “output.txt” file to see the system calls made by the “ls” command.

“strace” offers a wide range of options for customization. You can filter the types of system calls to trace, follow child processes, and even attach to already running processes. The options allow you to tailor the tracing to your specific needs.

dd iptables dig command in Linux

The “dd” command is a handy tool for direct writing and copying of data to storage devices.

Interestingly, “dd” stands for “converting and copying” files, but it couldn’t be named “cc” due to the already existing C compiler. Check more about how to use dd command to test storage performance

Here’s the basic usage of the dd command:

dd if=input_file of=output_file [options]

if: This specifies the input file or device from which dd reads data.
of: This specifies the output file or device to which dd writes data.

You can use dd to create an empty file of a specific size like this:

dd if=/dev/zero of=newfile bs=1M count=10

This command creates a new file called newfile filled with zeros, and it’s 10 MB in size (bs stands for block size, and count specifies the number of blocks).

Important Notes:

  • Be extremely cautious when using the dd command, especially with block devices. Using it incorrectly can lead to data loss.
  • Double-check the source and destination paths to avoid overwriting important data.


When it comes to managing firewall rules, I prefer using “iptables” directly instead of firewalld.

While firewalld can be useful, I find it to be an overly complex user interface layered on top of netfilter.

By writing iptables rules directly, such as opening a port using “iptables -A INPUT -p tcp –dport 1337 -s -j ACCEPT”, I find the process more convenient and straightforward.

To handle multiple domains and interact with DNS effectively, I rely on “dig”. This simple yet powerful tool allows me to quickly run DNS queries and retrieve valuable information about domain names. Learn more about how to use dig command

To query for the IPv4 address (A record) of a domain, simply provide the domain name as an argument:


This command will return the IPv4 address associated with “”