Imagine this — you’re inside a Linux system (legally, of course — we’re ethical hackers here), and your goal is to know more about the environment you’re operating in. What’s the system architecture? Who’s the current user? What’s the IP address? Which interfaces are live? These aren’t just boring sysadmin tasks — they’re the first steps of Information Gathering in Linux, which is the foundation of most hacking and auditing tasks.
In the last article/video, we explored the find command in depth. You now know how to locate files scattered across the filesystem like a digital detective. But what if you want to learn more about the system itself — the machine, the user, the network?
That’s where today’s article kicks in. In this part of the Linux Basics For Hackers in Hindi series, we’ll explore the most useful commands for gathering system information. Think of it as scanning the room before making your next move. And trust me, this is the kind of info that’ll come in handy again and again.
Let’s brew some coffee (or maybe just mentally sip one), and get started. ☕
Current User Identification: whoami and id
The first thing I usually want to know when I get access to a system is “Who am I?” (Not in a philosophical sense, haha.)
whoami
This simple command tells you the currently logged-in user:
whoami
If you’re logged in as root, it will say so. If it’s some random user, you’ll know. This is very helpful when you’re doing privilege escalation.
id
If you want more detailed user information, use id:
id
This will output ( probably ):
uid=1000(kali) gid=1000(kali) groups=1000(kali),24(cdrom),25(floppy),...
You get:
- UID (User ID)
- GID (Group ID)
- All groups the user belongs to
This is valuable when you’re checking group-level permissions. (For example, if the user belongs to the docker or sudo group.)
System Identity: hostname and uname
Once you know the user, the next logical step is to know what system you’re inside.
hostname
hostname
This prints the name of the system. It could be something like kali, ubuntu, or webserver001. It’s basic, but useful when you’re auditing multiple machines.
If you want to change it (for local testing):
sudo hostname new-name
uname
Now we go deeper:
uname -a
This gives you a snapshot of the kernel version, architecture, and system name. Here’s what each flag does:
-s= Kernel name-n= Hostname-r= Kernel release-v= Kernel version-m= Machine hardware name-p= Processor type-i= Hardware platform-o= Operating system
But most of us just use uname -a to get everything in one go.
Why it matters: Kernel version is useful for checking if the machine is vulnerable to known kernel exploits. Tools like searchsploit often work based on this.
Network Interface Details: ifconfig and ip
Once we know about the user and system, we turn to network info. That’s how we know where the machine sits and how it communicates.
ifconfig
This command is like the OG network interface checker.
ifconfig
It gives you details like:
- IP address (inet)
- MAC address (ether)
- MTU size
- Packet statistics
But here’s the catch — on newer systems, ifconfig might be deprecated.
So, we use…
ip (Modern Replacement)
ip a
This is equivalent to ifconfig, but more modern and powerful.
ip ashows IP addressesip rshows routing tablesip linkshows network interfaces
If you’re into ethical hacking, you’ll find yourself using ip more often than ifconfig because of better formatting and flexibility.
Active Connections and Listening Ports: netstat
Want to see what connections are alive and kicking? This command’s for you.
netstat -tulpn
Let’s break that down:
-t= TCP connections-u= UDP connections-l= Only show listening ports-p= Show process ID and name-n= Show numerical addresses (skip DNS lookup)
You’ll get output like:
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1234/sshd
This tells you which services are running and on what ports. Super helpful during reconnaissance.
If you’re on a newer system, try:
ss -tulpn
It’s faster and cleaner. We’ll dive deeper into ss in the next article/video — that’s where we’ll talk about active sockets, processes, and more.
Putting It All Together: Why Does This Matter?
You might wonder, “Isn’t this stuff kind of… basic?”
Sure, it seems that way. But knowing the basics well is what separates script kiddies from real ethical hackers. These commands help you:
- Understand the target system
- Detect potential vulnerabilities
- Build context before launching advanced tools
- Work on post-exploitation phases
- Run clean, quick audits during assessments
And the best part? These are native tools — no installation needed.
Bonus Tips (Because You Deserve It)
- To check uptime and load:
uptime
- For disk usage overview:
df -h
- For memory info:
free -h
These aren’t strictly part of today’s topic, but they often go hand-in-hand during audits and recon.
Conclusion
We covered a solid set of commands today that form the backbone of Information Gathering in Linux. From identifying the user to mapping the network interfaces, each tool gives you a slice of the system’s identity.
In the next article, we’ll keep building on this foundation with Part-2 of System Information, where we talk about ss, ps, who, and w. These will help you track users, processes, and network sockets — real gold when doing active monitoring or pentesting.
Stay curious, stay caffeinated, and keep hacking ethically — because that’s how you grow. ☕
FAQs
What is Information Gathering in Linux?
It’s the phase where hackers or security pros collect data about a system’s architecture, users, network interfaces, and services. It’s crucial for planning attacks or audits.
What is the difference between whoami and id?whoami shows your current username, while id gives detailed info about UID, GID, and group memberships.
Is ifconfig outdated?
Yes, in many distros it’s deprecated. Use ip a instead — it’s more modern and detailed.
How to check open ports on Linux?
Use netstat -tulpn or the newer ss -tulpn to view listening ports and associated services.
Can I use these commands on all Linux distros?
Yes, most commands are universal. However, some (like ifconfig) might require installing the net-tools package.
Enjoyed the read? Don’t forget to share it with your hacker buddy and leave a comment if you learned something new!
