Network Tools

Mac-specific networking CLIs. macOS is a BSD descendant — most of its networking tools share heritage with FreeBSD, not Linux's iproute2 stack. Knowing which command does what (and where the syntax diverges from Linux) saves a lot of "why doesn't ip route work?" frustration.

Analogy

The macOS networking CLI is like running a French kitchen with German tools. Both kitchens cook good food — but the Frenchman's whisk is shaped slightly differently from the German's, the chef's knife is held lower on the handle, and the oven temperatures are in Celsius rather than Fahrenheit. If you trained on Linux, your muscle memory will steer you wrong half the time. Learn the local tools by name; learn the BSD/macOS-specific flags by sight.

The four CLIs you need

Almost all macOS networking work goes through one of:

Tool	Layer	Use it for
networksetup	Preferences-pane equivalent	Per-service config (Wi-Fi, Ethernet) — DNS, IP, proxy, on/off
scutil	SystemConfiguration database	Query the runtime state — DNS chain, hostname, reachability
ifconfig / route	BSD-style classic	Raw interface state, routing table
wdutil (modern) / airport (legacy)	Wi-Fi diagnostics	Signal, BSSID, channel, security

Plus the diagnostic-side: dig, nslookup, host, ping, traceroute — same as on Linux.

networksetup — Network preferences in shell form

networksetup exposes everything the Network preferences pane does, scriptably. The most-used invocations:

# what services exist?
networksetup -listallnetworkservices
# An asterisk (*) denotes that a network service is disabled.
# Wi-Fi
# Thunderbolt Ethernet

# get full status of one
networksetup -getinfo Wi-Fi
# DHCP Configuration
# IP address: 192.168.1.42
# Subnet mask: 255.255.255.0
# Router: 192.168.1.1
# Wi-Fi ID: aa:bb:cc:dd:ee:ff

# DNS — the most common edit
networksetup -setdnsservers Wi-Fi 1.1.1.1 1.0.0.1
networksetup -setdnsservers Wi-Fi empty   # restore DHCP-provided

# Toggle Wi-Fi radio
networksetup -setairportpower en0 off
networksetup -setairportpower en0 on

# Proxy settings
networksetup -setwebproxy Wi-Fi proxy.example.com 8080
networksetup -setwebproxystate Wi-Fi off

# Search domains
networksetup -setsearchdomains Wi-Fi corp.example.com

The "service name" (Wi-Fi, Ethernet) is what you see in System Settings → Network. Different from the BSD interface name (en0, en1) which ifconfig uses.

scutil — the SystemConfiguration interrogator

scutil reads from (and with sudo, writes to) macOS's runtime SystemConfiguration database — the same one networksetup ultimately edits. Useful for understanding what's actually being used right now:

# Show the DNS resolver chain — including per-domain split DNS
scutil --dns
#
# DNS configuration
#
# resolver #1
#   nameserver[0] : 1.1.1.1
#   nameserver[1] : 1.0.0.1
#   if_index : 14 (en0)
#   flags    : Request A records, Request AAAA records
#   reach    : 0x00020002 (Reachable,Directly Reachable Address)
#
# resolver #2
#   domain   : corp.example.com
#   nameserver[0] : 10.0.0.5
#   ...

# Show effective proxy config
scutil --proxy

# Show network reachability info
scutil --nwi

# Hostname stuff
scutil --get LocalHostName     # Bonjour name (.local)
scutil --get HostName          # configured hostname
scutil --get ComputerName      # display name
sudo scutil --set HostName myhost

scutil --dns is the right answer when "why is dig returning a different result than nslookup on this machine?" — it shows the full resolver chain including VPN-injected resolvers and per-domain rules.

airport / wdutil — Wi-Fi diagnostics

The classic tool, airport, lives at:

/System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport

You'd typically symlink it to your PATH:

sudo ln -s /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport /usr/local/bin/airport

Then:

airport -I                      # info on the current connection
# agrCtlRSSI: -60                ← signal strength in dBm (closer to 0 is better)
# agrCtlNoise: -90
# state: running
# op mode: station
# lastTxRate: 866
# maxRate: 866
# lastAssocStatus: 0
# 802.11 auth: open
# link auth: wpa2-psk
# BSSID:                          ← MAC address of the AP
# SSID: MyNetwork
# MCS: 9
# guardInterval: 800
# NSS: 2
# channel: 36,80                  ← 80MHz channel, primary 36

airport -s                      # scan for nearby networks
# SSID            BSSID              RSSI CHANNEL HT CC SECURITY
# MyNetwork       aa:bb:cc:dd:ee:ff  -60  36,80   Y  US WPA2(PSK/AES/AES)
# Coffee_Shop     11:22:33:44:55:66  -75  6       Y  US NONE

airport is deprecated in modern macOS (Sonoma+) but still works in scripts. The recommended replacement is wdutil:

sudo wdutil info
# WIFI
#     MAC Address                   : aa:bb:cc:dd:ee:ff
#     SSID                          : MyNetwork
#     ...much richer output...

wdutil info is the new "everything I want to know about Wi-Fi" command. It needs sudo.

ifconfig and route — BSD-style classics

Linux's ip command unified address management, link state, and routing. macOS still uses the older trio: ifconfig for interfaces, route for routing, netstat -nr for the routing table.

# Interface state
ifconfig en0
# en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
#     ether aa:bb:cc:dd:ee:ff
#     inet 192.168.1.42 netmask 0xffffff00 broadcast 192.168.1.255
#     ...

# All interfaces
ifconfig -a

# Routing table
netstat -nr
# Internet:
# Destination        Gateway            Flags        Netif
# default            192.168.1.1        UGScg        en0
# 127                127.0.0.1          UCS          lo0

# Get a specific route
route -n get default
# route to: default
# destination: default
# gateway: 192.168.1.1
# interface: en0

# Add / delete a static route (sudo required)
sudo route -n add 10.0.0.0/8 192.168.1.99
sudo route delete 10.0.0.0/8

The Linux equivalents (don't run these on macOS; they don't exist):

Linux	macOS
ip addr show	ifconfig -a
ip link set en0 up	ifconfig en0 up
ip route show	netstat -nr
ip route get default	route -n get default
ip route add 10.0.0.0/8 via 192.168.1.99	sudo route -n add 10.0.0.0/8 192.168.1.99

The functions are the same; the commands differ.

DNS cache — flushing it

macOS caches DNS at two layers:

1. mDNSResponder — the system-wide DNS resolver daemon. Caches positive AND negative results.
2. dscacheutil — Directory Service cache. Caches user/group lookups, also DNS via getaddrinfo.

After changing /etc/hosts or DNS settings, flush both:

sudo dscacheutil -flushcache
sudo killall -HUP mDNSResponder

If you only flush one, you'll get inconsistent behaviour — ping and dig might show different results.

For diagnostic queries that bypass the cache:

dig @1.1.1.1 example.com    # hit a specific nameserver, ignore local resolver

arp — the L2 cache

arp -a                  # show the ARP table
# (192.168.1.1) at aa:bb:cc:dd:ee:ff on en0 ifscope
# (192.168.1.42) at aa:bb:cc:dd:ee:ff on en0 ifscope permanent

sudo arp -d 192.168.1.99   # delete a stale ARP entry
sudo arp -da               # delete all dynamic entries

tcpdump — packet capture

sudo tcpdump -i en0 -n 'host example.com'
# captures packets to/from example.com
sudo tcpdump -i en0 -n 'port 443 and host www.google.com'
sudo tcpdump -i any -w capture.pcap         # write to a file for Wireshark

The macOS tcpdump is the same one you'd find on Linux; one of the few tools that works identically.

A diagnostic flow

When the network is misbehaving:

# 1. Is anything up?
networksetup -listallhardwareports         # do I have hardware?
ifconfig en0 | grep "status:"              # is the interface up?

# 2. Do I have an IP?
ipconfig getifaddr en0
ifconfig en0 | grep inet                   # IPv4 + IPv6 addresses

# 3. Can I reach the gateway?
route -n get default
ping -c 3 $(route -n get default | awk '/gateway/ { print $2 }')

# 4. DNS?
scutil --dns | head -20                    # what resolvers am I using?
dig +short example.com
dig +short @1.1.1.1 example.com            # bypass local resolver

# 5. Internet?
ping -c 3 1.1.1.1                          # reach a known IP
ping -c 3 google.com                       # works only if DNS works

That sequence isolates almost any common failure to one of: interface, DHCP, gateway, DNS, internet.

What to internalise

• macOS uses BSD-style tools — ifconfig, route, netstat -nr. Linux's ip family doesn't exist here.
• networksetup for per-service config; scutil for runtime state inspection.
• airport (deprecated) → wdutil info for Wi-Fi diagnostics.
• DNS cache flush is a two-step: dscacheutil -flushcache AND killall -HUP mDNSResponder.
• Service name (Wi-Fi) ≠ interface name (en0) — keep both in mind when scripting.