Terminal Command Reference
The Terminal is SimNet's core interaction surface. Different devices in SimNet expose different commands—just like people in different roles carry different toolkits. A router has router commands, and a server has its own server tools.
This page groups commands by device type, so you can quickly find what's available on a particular device.
Quick lookup
At any point in the terminal, type help to list every command available on the current device. To check the syntax of a specific command, append --help to its name.
Universal Commands (All Devices)
No matter which device you're on—PC, Router, Server, or Switch—these commands always work. Think of them as the basic apps installed on everyone's phone.
help
Lists every command available on the current device along with a short description.
Syntax: help
Description: Whenever you forget a command, just type help. Since each device has a different command set, the output of help changes accordingly—SSH into a router and run help, and you'll see the router-specific commands.
--help
Shows the syntax and a usage summary for a command.
Syntax: <command> --help
Example:
simnet@pc1:~$ ping --help
Usage: ping [-c count] <host>
Send ICMP ECHO_REQUEST to network hostsDescription: SimNet does not provide a standalone man command. To check syntax, simply append --help to the command you're interested in, for example tcpdump --help, ssh --help, or ping --help.
clear
Clears all text from the terminal screen.
Syntax: clear
Description: When the screen gets cluttered, clear gives you a fresh start. Your command history is preserved—you can still press the up arrow to recall previous commands. The keyboard shortcut Ctrl+L does the same thing.
ssh
Connect to another device and switch the terminal's active target.
Syntax: ssh <device-id>
Example:
simnet@pc1:~$ ssh router1
simnet@router1:~$Description: In the real world, SSH (Secure Shell) is the standard tool for remotely logging into servers. In SimNet, it lets you "hop" onto another device so you can see its network configuration and run device-specific commands. For details, see SSH device switching.
exit
Leave the current SSH session and return to the previous device.
Syntax: exit
Description: If you're already at the bottom level (your player device), exit does nothing. If you've SSH'd through several hops, each exit peels back one layer.
ping
Send an ICMP Echo Request to a host to test network connectivity.
Syntax: ping [-c count] <host>
Example:
simnet@pc1:~$ ping -c 3 10.0.0.1
PING 10.0.0.1 56(84) bytes of data.
64 bytes from 10.0.0.1: icmp_seq=1 ttl=64 time=20 ms
64 bytes from 10.0.0.1: icmp_seq=2 ttl=64 time=20 ms
64 bytes from 10.0.0.1: icmp_seq=3 ttl=64 time=20 ms
--- 10.0.0.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 60msDescription: -c 3 means send only 3 packets. Ping is the first tool you reach for in network diagnostics—like calling someone to confirm "Hello, are you there?" If the ping fails, the other side might be offline, or there could be a problem somewhere along the network path.
ip addr
Show the configuration of network interfaces, including IP and MAC addresses.
Syntax: ip addr [show <iface>]
Example:
simnet@pc1:~$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP
link/ether aa:bb:cc:00:00:02 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.2/24 brd 10.0.0.255 scope global eth0Description: lo is the loopback interface—every machine has one, and it points back at itself. eth0 is an Ethernet interface; the address after link/ether is its MAC, and the one after inet is its IP. /24 indicates a subnet mask of 255.255.255.0.
arp -a
Show the ARP (Address Resolution Protocol) table, which lists known IP-to-MAC address mappings.
Syntax: arp [-a]
Example:
simnet@pc1:~$ arp -a
Address HWtype HWaddress Flags Iface
10.0.0.1 ether aa:bb:cc:00:00:01 C eth0
10.0.0.3 ether aa:bb:cc:00:00:03 C eth0Description: The ARP table is like an address book—it records which IP address belongs to which network card. In the Flags column, C means a dynamically learned entry, while M means a manually configured static entry.
tcpdump stop
Stop an ongoing packet capture and display the captured packets.
Syntax: tcpdump stop
Example:
simnet@pc1:~$ tcpdump -i eth0
tcpdump: listening on eth0...
Use 'tcpdump stop' to collect results.
simnet@pc1:~$ tcpdump stop
tcpdump: 2 packet(s) captured:
1 ARP pc1 > switch1 ARP Request
2 ARP switch1 > pc1 ARP ReplyDescription: When you start a continuous capture with tcpdump or tshark (i.e., without -c), you end it and see the results by running the matching stop form, such as tcpdump stop or tshark stop.
Flag Submission (Handled by the UI)
After you solve a challenge, submit your answer through the flag submission UI on the page.
How to use: Type the flag into the submission field in the top-right corner of the page or inside the challenge panel.
Example: Enter FLAG{arp_poisoning_detected} in the UI and submit; the system will immediately tell you whether it's correct.
Router Commands
A router is the network's intersection—it decides which direction a packet should travel. When you SSH into a router, you can view and modify its routing table.
ip route
Show or modify the routing table.
Syntax:
ip route— Show all routesip route add <network> via <gateway>— Add a routeip route add <network> dev <interface>— Add a route through the specified interface
Example:
simnet@router1:~$ ip route
default via 10.0.0.1 dev eth0 proto static
10.0.0.0/24 dev eth0 proto kernel scope link src 10.0.0.1
192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.1simnet@router1:~$ ip route add 172.16.0.0/24 dev eth2
Route added: 172.16.0.0/24 dev eth2Description: The routing table is like a "directions table" that tells each packet which way to go. The default route is the fallback path—when no more specific route matches, the packet follows this one. In Network Repair challenges, you'll often need to add the missing route on a router.
show interfaces
Show the status of every network interface on the router.
Syntax: show interfaces
Example:
simnet@router1:~$ show interfaces
Interface Status IP Address MAC Address
eth0 UP 10.0.0.1/24 aa:bb:cc:00:01:00
eth1 UP 192.168.1.1/24 aa:bb:cc:00:01:01
eth2 DOWN — aa:bb:cc:00:01:02Description: A router usually has several interfaces, each connected to a different subnet. UP means the interface is enabled; DOWN means it's disabled. If you notice an interface that is DOWN, that might be where the problem lies.
Server Commands
A server is a device that provides services—it might run a web server, a DNS server, or other services. You'll need to manage those services to fix problems or capture flags.
systemctl
Inspect or manage system services.
Syntax:
systemctl status <service>— Check service statussystemctl start <service>— Start a servicesystemctl stop <service>— Stop a service
Example:
simnet@dns-server:~$ systemctl status dns
● dns.service - DNS Server
Loaded: loaded
Active: inactive (dead)simnet@dns-server:~$ systemctl start dns
● dns.service - DNS Server
Active: active (running)Description: systemctl is the standard tool for managing services on Linux. Think of it as a restaurant manager deciding which counters are open for business. In Network Repair challenges, you may need to restart a failed service.
service
A simpler alternative to systemctl, used to start or stop services.
Syntax:
service <name> start— Start a serviceservice <name> stop— Stop a serviceservice <name> status— Check status
Example:
simnet@dns-server:~$ service dns start
Starting DNS server... OKDescription: service is the older command form, but many administrators are used to it. In SimNet, service dns start and systemctl start dns do the same thing.
cat
Display the contents of a file.
Syntax: cat <file>
Example:
simnet@web-server:~$ cat /etc/nginx/nginx.conf
server {
listen 80;
server_name flag.simnet.local;
root /var/www/html;
}Description: cat is short for "concatenate," but its most common use is simply to view file contents. On a server, you can use it to read config files and understand how a service is set up. Sometimes flags are hidden inside files, too.
Client Commands (Client / PC)
The PC is your player device and the starting point for most challenges. The signature client-side commands are those that initiate network requests—asking servers for data.
curl
Send an HTTP/HTTPS request, just like visiting a web page in a browser, but from the command line.
Syntax: curl [options] <url>
Example:
simnet@pc1:~$ curl http://10.0.0.3/flag
<html><body>FLAG{http_basics}</body></html>simnet@pc1:~$ curl https://10.0.0.3/flag
<html><body>FLAG{encrypted_flag}</body></html>Description: Think of a URL as a letter—you're telling curl, "Go to this address and bring something back." Using http:// means sending it as plain text (like a postcard); using https:// means sending it encrypted (like a sealed envelope). In Transmission Defense challenges, switching to HTTPS is the key to staying out of eavesdroppers' reach.
wget
Download a file from the given URL; functionally similar to curl.
Syntax: wget <url>
Example:
simnet@pc1:~$ wget http://10.0.0.3/secret.txt
Downloading... done.
Contents: FLAG{file_retrieved}Description: wget stands for "Web Get." The difference from curl is that wget is typically used to download files, whereas curl is more often used to test APIs or inspect responses. In SimNet, both work for grabbing a flag.
nslookup
Query DNS (Domain Name System) records to translate a domain name into an IP address.
Syntax: nslookup <domain>
Example:
simnet@pc1:~$ nslookup flag.simnet.local
Server: 10.0.0.10
Address: 10.0.0.10#53
Name: flag.simnet.local
Address: 10.0.0.3Description: DNS is the network world's phone book—you give it a name (a domain), and it gives you back a phone number (an IP). If an attacker tampers with DNS, the IP you look up might point to a fake server.
Security Tools
In the real world, these tools fall into the categories of security reconnaissance and offense. Inside SimNet's safe simulated environment, you can study how they work without worry.
Note
These tools are for educational use only. Using them on real networks without authorization is illegal.
tcpdump
Capture and display packets passing through a network interface. One of the most-used tools for security analysts.
Syntax: tcpdump [-i iface] [-nn] [-c count] [-d device] [filter]
Example:
simnet@pc1:~$ tcpdump -i eth0 -c 5
tcpdump: listening on eth0
1 ARP pc1 > switch1 ARP Request: Who has 10.0.0.1?
2 ARP switch1 > pc1 ARP Reply: 10.0.0.1 is at aa:bb:cc:00:00:01
3 IPv4 pc1 > server1 ICMP Echo Request
4 IPv4 server1 > pc1 ICMP Echo Reply
5 TCP pc1 > server1 SYN seq=1000
5 packet(s) capturedDescription: -i eth0 selects the interface to listen on, -nn skips name resolution, and -c 5 automatically stops after capturing 5 packets. -d device is a SimNet-specific flag that captures packets on a named device without needing to SSH into it. If you omit -c, you'll need to use tcpdump stop to end the capture.
tshark
A network protocol analyzer—the command-line version of Wireshark. In SimNet it behaves identically to tcpdump.
Syntax: tshark [-i iface] [-c count] [filter]
Example:
simnet@pc1:~$ tshark -i eth0 -c 3
tshark: listening on eth0
1 ARP pc1 > switch1 ARP Request
2 ARP switch1 > pc1 ARP Reply
3 IPv4 pc1 > server1 ICMP Echo Request
3 packet(s) capturedDescription: In the real world, tshark can dissect more protocol-layer detail than tcpdump. In SimNet the two are functionally identical—learn one and you've learned the other.
nmap
Scan a target host's ports and services. Like walking around a building to see which windows are open.
Syntax: nmap [-p ports] [-sV] <host>
Example:
simnet@pc1:~$ nmap -p 80,443 10.0.0.3
Starting Nmap scan on 10.0.0.3
PORT STATE SERVICE
80/tcp open http
443/tcp closed https
Nmap done: 1 host scannedDescription: -p 80,443 limits the scan to ports 80 and 443. -sV enables service version detection. open means something is listening on that port; closed means the port is shut. Nmap is the Swiss Army knife of security reconnaissance.
arpspoof
Launch an ARP spoofing attack that tricks a target device into treating you as the gateway, allowing you to intercept its traffic.
Syntax: arpspoof [-i iface] -t <target> <gateway>
Example:
simnet@pc1:~$ arpspoof -i eth0 -t 10.0.0.3 10.0.0.1
arpspoof: poisoning 10.0.0.3 → pretending to be 10.0.0.1
Sending forged ARP replies...Description: This command forges ARP replies that tell the target, "The gateway's MAC address is mine." Traffic the target intended to send to the gateway then arrives at you instead—this is the classic Man-in-the-Middle attack.
Defense Tools
These tools help you fend off attacks and protect the security of your communications. They show up heavily in the Transmission Defense category of challenges.
For details, see Defense tools.
arp -s
Add a static ARP entry to defend against ARP spoofing.
Syntax: arp -s <ip> <mac>
Example:
simnet@pc1:~$ arp -s 192.168.1.1 aa:bb:cc:dd:ee:01
Static ARP entry added: 192.168.1.1 → aa:bb:cc:dd:ee:01Description: A static ARP entry cannot be overwritten by forged ARP replies—it's like writing a contact in ink in your address book. No matter how many fake ARP packets an attacker sends, your device will ignore them.
tls enable
Enable TLS encryption so that subsequent HTTP connections are automatically upgraded to HTTPS.
Syntax: tls enable
Description: Once enabled, your curl and wget requests travel over a TLS-encrypted channel. Even if a man-in-the-middle intercepts the packets, they'll see only ciphertext. The alternative is to use https:// directly in the URL.
dns verify
Verify whether a DNS resolution result has been tampered with.
Syntax: dns verify <domain>
Example:
simnet@pc1:~$ dns verify flag.simnet.local
⚠ DNS response mismatch detected!
Expected: 10.0.0.3
Got: 10.0.0.99 (possible DNS spoofing)Description: If an attacker has tampered with the DNS response, dns verify will flag it. It's like double-checking the address in Google Maps before you head out, just to make sure no one swapped it on you.
Other System Commands
A handful of basic filesystem and environment commands.
pwd
Show the path of the current working directory.
Syntax: pwd
Description: pwd is short for "Print Working Directory." It tells you which folder you're currently standing in.
ls
List the files and subdirectories in a directory.
Syntax: ls [-la] [dir]
Description: -l shows detailed information; -a includes hidden files. Spot a suspicious file? Open it with cat.
echo
Print text to the terminal.
Syntax: echo <text>
Description: Handy when paired with variables. For example, echo $MY_VAR reveals the value of a variable.
set
Set an environment variable.
Syntax: set <name> <value>
Example:
simnet@pc1:~$ set TARGET 10.0.0.3
TARGET=10.0.0.3Description: Once set, you can reference it in other commands as $TARGET. When you find yourself typing the same IP over and over, stashing it in a variable saves a lot of effort.
env
Show every environment variable currently set.
Syntax: env
Description: Can't remember what you exported earlier? Run env to see the list.
Command Quick Reference
| Command | Available On | Purpose |
|---|---|---|
help | All | List available commands |
<command> --help | All | View command syntax |
clear | All | Clear the screen |
ssh | All | Connect to another device |
exit | All | Return to the previous device |
ping | All | Test connectivity |
ip addr | All | View network interfaces |
arp -a | All | View the ARP table |
tcpdump stop | All | Stop a packet capture |
ip route | Router | View/modify the routing table |
show interfaces | Router | View interface status |
systemctl | Server | Manage system services |
service | Server | Manage services (simplified) |
cat | Server / PC | Read a file |
curl | PC | Send HTTP requests |
wget | PC | Download a file |
nslookup | PC | Perform a DNS lookup |
tcpdump | PC | Capture packets |
tshark | PC | Capture packets (Wireshark-style) |
nmap | PC | Scan ports |
arpspoof | PC | Launch an ARP spoofing attack |
arp -s | PC | Configure a static ARP entry |
tls enable | PC | Enable TLS encryption |
dns verify | PC | Verify DNS resolution |