linux命令--網路相關
目錄:
1 -- ping
2 -- tcpdump
1、ping
ping使用的是icmp協議,因此可以通過防火牆去禁止或允許icmp協議的開啟間接的允許機器是否可以ping
-c count #ping傳送的次數
-I interface #指定網絡卡
-i time #時間間隔
-s <data_size> ##設定傳送資料包的大小,預設為56位元組,再加上8位元組的ICMP頭,一共是64位元組的ICMP包
-t <time> #生存週期,設定TTL的值,預設為128,常見的有32,64,128,255
例子:
PING baidu.com (220.181.57.216) 56(84) bytes of data.
64 bytes from 220.181.57.216: icmp_seq=1 ttl=128 time=82.3 ms
64 bytes from 220.181.57.216: icmp_seq=2 ttl=128 time=82.4 ms
[[email protected] ~]# ping -I eth1 220.181.57.216
PING 220.181.57.216 (220.181.57.216) from 172.16.1.121 eth1: 56(84) bytes of data.
From 172.16.1.121 icmp_seq=1 Destination Host Unreachable
From 172.16.1.121 icmp_seq=2 Destination Host Unreachable
[[email protected] ~]# ping -c 20 -t 255 -i 2 baidu.com ##ping 20次,間隔2s一次,生存期為255
PING baidu.com (123.125.115.110) 56(84) bytes of data.
64 bytes from 123.125.115.110: icmp_seq=1 ttl=128 time=42.2 ms
64 bytes from 123.125.115.110: icmp_seq=2 ttl=128 time=42.4 ms
2、tcpdump 抓包工具:(獲取網路資料包)
-n 不進行DNS解析
-c Exit after receiving count packets.接到指定的資料包數目後退出命令
-i 網路介面 指定監聽資料包的網路介面
-q 快速輸出
-nn
[[email protected] ~]# tcpdump -n
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
13:36:51.418845 IP 10.0.0.61.52113 > 10.0.0.1.51631: Flags [P.], seq 3571880229:3571880425, ack 2030220423, win 279, length 196
13:36:51.419796 IP 10.0.0.61.52113 > 10.0.0.1.51631: Flags [P.], seq 196:376, ack 1, win 279, length 180
[[email protected] ~]# tcpdump -n -i eth0 -c 2
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
13:43:37.179366 IP 10.0.0.61.52113 > 10.0.0.1.50881: Flags [P.], seq 1511691371:1511691567, ack 3240277309, win 279, length 196
13:43:37.179659 IP 10.0.0.61.52113 > 10.0.0.1.50881: Flags [P.], seq 196:376, ack 1, win 279, length 180
2 packets captured
2 packets received by filter
0 packets dropped by kernel
[[email protected] ~]# tcpdump -q -c 2
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
13:44:11.051390 IP bogon.52113 > bogon.50881: tcp 196
13:44:11.051641 IP bogon.46653 > google-public-dns-a.google.com.domain: UDP, length 39
2 packets captured
9 packets received by filter
0 packets dropped by kernel
[[email protected] ~]# tcpdump -n host 10.0.0.1 -c 2 #監聽所有的10.0.0.1的主機收到和發出的資料包
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
13:45:05.274934 IP 10.0.0.61.52113 > 10.0.0.1.50881: Flags [P.], seq 1512022643:1512022839, ack 3240285681, win 279, length 196
13:45:05.276267 IP 10.0.0.61.52113 > 10.0.0.1.50881: Flags [P.], seq 196:376, ack 1, win 279, length 180
2 packets captured
2 packets received by filter
0 packets dropped by kernel
[[email protected] ~]# tcpdump -n src host 10.0.0.1 -c 2 #監聽所有的10.0.0.1的主機發出的資料包
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
13:46:20.331682 IP 10.0.0.1.50881 > 10.0.0.61.52113: Flags [.], ack 1512026243, win 14960, length 0
13:46:20.384232 IP 10.0.0.1.50881 > 10.0.0.61.52113: Flags [.], ack 149, win 16384, length 0
2 packets captured
2 packets received by filter
0 packets dropped by kernel
[[email protected] ~]# tcpdump -n dst host 10.0.0.1 -c 2 #監聽所有的10.0.0.1的主機收到的資料包
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
13:46:28.977013 IP 10.0.0.61.52113 > 10.0.0.1.50881: Flags [P.], seq 1512028091:1512028287, ack 3240289633, win 279, length 196
13:46:28.977998 IP 10.0.0.61.52113 > 10.0.0.1.50881: Flags [P.], seq 196:376, ack 1, win 279, length 180
2 packets captured
2 packets received by filter
0 packets dropped by kernel
[[email protected] ~]# tcpdump -nn port 52113 -c 2 ##監聽指定埠的資料包
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
13:47:50.761692 IP 10.0.0.61.52113 > 10.0.0.1.50881: Flags [P.], seq 1512138655:1512138851, ack 3240294209, win 279, length 196
13:47:50.763648 IP 10.0.0.61.52113 > 10.0.0.1.50881: Flags [P.], seq 196:376, ack 1, win 279, length 180
2 packets captured
2 packets received by filter
0 packets dropped by kernel
[[email protected] ~]# tcpdump -n icmp ##監聽指定協議(想要看下面的監聽資料,可以使用其他機器ping本機即可)
常見協議:icmp、arp、tcp、udp、ip
[[email protected] ~]# tcpdump -n arp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
13:51:34.052840 ARP, Request who-has 10.0.0.61 (00:0c:29:c6:ed:b9) tell 10.0.0.1, length 46
13:51:34.052850 ARP, Reply 10.0.0.61 is-at 00:0c:29:c6:ed:b9, length 28
多個過濾條件混合使用:
[[email protected] ~]# tcpdump -n ip host 10.0.0.5 and ! 10.0.0.1 ##獲取主機10.0.0.5與除10.0.0.1之外的所有主機通訊的資料包
13:55:23.725868 IP 10.0.0.5.34450 > 192.168.200.3.connlcli: Flags [S], seq 52001552, win 14600, options [mss 1460,sackOK,TS val 304578734 ecr 0,nop,wscale 6], length 0
13:55:23.725875 IP 10.0.0.5.38708 > 192.168.201.100.https: Flags [S], seq 3792685025, win 14600, options [mss 1460,sackOK,TS val 304578735 ecr 0,nop,wscale 6], length 0
[[email protected] ~]# tcpdump -n tcp dst port 80 or src 12.130.132.30 -i eth0
3.、ifconfig (yum -y install net-tools) 臨時生效,重啟網絡卡就失效,在windows上是ipconfig
4、ifup和ifdown 對網絡卡進行啟停
5、route 顯示或管理路由表
-n 不進行DNS解析
[[email protected] ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
172.16.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1003 0 0 eth1
0.0.0.0 10.0.0.2 0.0.0.0 UG 0 0 0 eth0
-ee 顯示詳細的路由資訊
add 新增路由資訊
del 刪除路由資訊
target 指定目標網路或主機
-net 到一個網路的路由,後面接的是一個網路號地址
-host 到一個主機的路由,後面接的是一個主機地址
gw/GW 為發往目標網路/主機的任何分組指定閘道器
dev If 指定有哪個網路裝置出去,後面接eth0等
刪除預設閘道器:
[[email protected] ~]# route del default
[[email protected] ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
172.16.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1003 0 0 eth1
[[email protected] ~]# route add default gw 10.0.0.2
[[email protected] ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
172.16.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1003 0 0 eth1
0.0.0.0 10.0.0.2 0.0.0.0 UG 0 0 0 eth0
[[email protected] ~]# route add -net 192.168.56.0/24 gw 10.0.0.61
[[email protected] ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
172.16.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.56.0 10.0.0.61 255.255.255.0 UG 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1003 0 0 eth1
0.0.0.0 10.0.0.2 0.0.0.0 UG 0 0 0 eth0
[[email protected] ~]#
[[email protected] ~]# route add -host 192.168.2.55 dev eth1 ##配置和刪除主機路由
[[email protected] ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.2.55 0.0.0.0 255.255.255.255 UH 0 0 0 eth1
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
172.16.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.56.0 10.0.0.61 255.255.255.0 UG 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1003 0 0 eth1
0.0.0.0 10.0.0.2 0.0.0.0 UG 0 0 0 eth0
[[email protected] ~]# route add -host 8.8.8.8 dev lo
[[email protected] ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
8.8.8.8 0.0.0.0 255.255.255.255 UH 0 0 0 lo
192.168.2.55 0.0.0.0 255.255.255.255 UH 0 0 0 eth1
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
172.16.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.56.0 10.0.0.61 255.255.255.0 UG 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1003 0 0 eth1
0.0.0.0 10.0.0.2 0.0.0.0 UG 0 0 0 eth0
[[email protected] ~]# route del -host 8.8.8.8 dev lo
[[email protected] ~]# route -n ###與netstat -rn 的輸出是一樣
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.2.55 0.0.0.0 255.255.255.255 UH 0 0 0 eth1
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
172.16.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.56.0 10.0.0.61 255.255.255.0 UG 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1003 0 0 eth1
0.0.0.0 10.0.0.2 0.0.0.0 UG 0 0 0 eth0
6、traceroute追蹤資料傳輸路由狀況(在不同的網段之間可以用來排查是主機的問題還是閘道器的問題)
[[email protected] logs]# traceroute -n www.baidu.com
traceroute to www.baidu.com (163.177.151.110), 30 hops max, 60 byte packets
1 10.0.0.2 0.111 ms 0.091 ms 0.089 ms
2 * * *
3 * * *
4 * * *
5 * * *
[[email protected] logs]# traceroute -In www.baidu.com
traceroute to www.baidu.com (163.177.151.110), 30 hops max, 60 byte packets
1 10.0.0.2 0.113 ms 0.092 ms 0.049 ms
2 * * *
3 * * *
4 * * *
5 * * *