Linux之网络工具-阿里云开发者社区

1 ifconfig：显示网卡信息

[root@localhost proc]# ifconfig

eth0 Link encap:Ethernet HWaddr 00:0C:29:B8:90:BE

inet addr:192.168.154.128 Bcast:192.168.154.255 Mask:255.255.255.0

inet6 addr: fe80::20c:29ff:feb8:90be/64 Scope:Link

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:3847 errors:0 dropped:0 overruns:0 frame:0

TX packets:5152 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1000

RX bytes:326187 (318.5 KiB) TX bytes:882894 (862.2 KiB)

Interrupt:19 Base address:0x2024

2 arp：显示arp条目

[root@localhost proc]# arp

Address HWtype HWaddress Flags Mask Iface

192.168.154.1 ether 00:50:56:c0:00:08 C eth0

192.168.154.2 ether 00:50:56:ec:fe:4a C eth0

192.168.154.254 ether 00:50:56:f5:05:c8 C eth0

3 ethtool：查询和设置网卡参数

[root@localhost proc]# ethtool -P eth0 #查询端口位置

4 netstat：显示和网络相关的信息，网络连接、接口状态、路由信息等

[root@localhost proc]# netstat -r

Kernel IP routing table

Destination Gateway Genmask Flags MSS Window irtt Iface

192.168.154.0 * 255.255.255.0 U 0 0 0 eth0

link-local * 255.255.0.0 U 0 0 0 eth0

default 192.168.154.2 0.0.0.0 UG 0 0 0 eth0

[root@localhost proc]# netstat -anpt

Active Internet connections (servers and established)

Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name

tcp 0 0 0.0.0.0:39709 0.0.0.0:* LISTEN 1643/rpc.statd

tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 2172/mysqld

tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1621/rpcbind

tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 2412/nginx

tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1872/sshd

tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1699/cupsd

tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2289/master

5 ping：测试网络的连通性

[root@localhost proc]# ping -c 5 www.qq.com

PING www.qq.com (120.198.201.156) 56(84) bytes of data.

64 bytes from 120.198.201.156: icmp_seq=1 ttl=128 time=12.9 ms

64 bytes from 120.198.201.156: icmp_seq=2 ttl=128 time=11.0 ms

64 bytes from 120.198.201.156: icmp_seq=3 ttl=128 time=10.4 ms

64 bytes from 120.198.201.156: icmp_seq=4 ttl=128 time=40.8 ms

64 bytes from 120.198.201.156: icmp_seq=5 ttl=128 time=13.5 ms

mtr：mtr命令把ping命令和tracepath命令合成了一个

[root@localhost proc]#mtr www.qq.com

6 lsof：列出系统当前打开的文件（在Linux中一切皆文件）

COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME

init 1 root cwd DIR 8,2 4096 2 /

init 1 root rtd DIR 8,2 4096 2 /

init 1 root txt REG 8,2 153380 1666 /sbin/init

init 1 root mem REG 8,2 41812 4884 /lib/librt-2.12.so

init 1 root mem REG 8,2 146728 4880 /lib/ld-2.12.so

init 1 root mem REG 8,2 1911528 4882 /lib/libc-2.12.so

init 1 root mem REG 8,2 58728 1310 /lib/libnss_files-2.12.so

init 1 root mem REG 8,2 286396 4885 /lib/libdbus-1.so.3.4.0

init 1 root mem REG 8,2 122232 4911 /lib/libgcc_s-4.4.7-20120601.so.1

...

COMMAND：进程的名称

PID：进程标识符

USER：进程所有者

FD：文件描述符，应用程序通过文件描述符识别该文件。如cwd、txt等

TYPE：文件类型，如DIR、REG等

DEVICE：指定磁盘的名称

SIZE：文件的大小

NODE：索引节点（文件在磁盘上的标识）

NAME：打开文件的确切名称

显示某个端口是否被使用

[root@localhost proc]# lsof -i :3306

COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME

mysqld 2172 mysql 3u IPv4 14673 0t0 TCP *:mysql (LISTEN)

显示某个用户的进程打开的文件

[root@localhost proc]# lsof -u mysql

COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME

mysqld 2172 mysql cwd DIR 8,3 4096 2668 /var/lib/mysql

mysqld 2172 mysql rtd DIR 8,2 4096 2 /

mysqld 2172 mysql txt REG 8,6 8064320 5203 /usr/libexec/mysqld

mysqld 2172 mysql mem REG 8,2 40296 4897 /lib/libcrypt-2.12.so

mysqld 2172 mysql mem REG 8,6 942040 670610 /usr/lib/libstdc++.so.6.0.13

mysqld 2172 mysql mem REG 8,2 15496 4901 /lib/libcom_err.so.2.1

mysqld 2172 mysql mem REG 8,2 907576 4902 /lib/libkrb5.so.3.3

mysqld 2172 mysql mem REG 8,2 171484 4900 /lib/libk5crypto.so.3.1

...

7 nslookup：域名解析查询

[root@localhost proc]# nslookup www.qq.com

Server:192.168.154.2

Address:192.168.154.2#53

Non-authoritative answer:

Name:www.qq.com

Address: 120.198.201.156

能实现域名查询的还有另一个命令：dig

[root@localhost proc]# dig www.qq.com

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6 <<>> www.qq.com

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47549

;; flags: qr rd cd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; WARNING: recursion requested but not available

;; QUESTION SECTION:

;www.qq.com.INA

;; ANSWER SECTION:

www.qq.com.5INA120.198.201.156

;; Query time: 11 msec

;; SERVER: 192.168.154.2#53(192.168.154.2)

;; WHEN: Tue May 16 10:53:23 2017

;; MSG SIZE rcvd: 44

8 traceroute：跟踪报文路径，在Windows下为tracert

[root@localhost proc]# traceroute www.qq.com

traceroute to www.qq.com (120.198.201.156), 30 hops max, 60 byte packets

1 192.168.154.2 (192.168.154.2) 0.125 ms 0.106 ms 0.410 ms

2 * * *

3 * * *

4 * * *

5 * * *

6 * * *

7 * * *

8 * * *

9 * * *

在Linux系统中，mtr也可以实现路由跟踪，而且结合了ping的功能，更加强大，但是默认没有安装。

[root@localhost proc]# mtr www.qq.com

9 route：查看路由信息

[root@localhost proc]# route

Kernel IP routing table

Destination Gateway Genmask Flags Metric Ref Use Iface

192.168.154.0 * 255.255.255.0 U 0 0 0 eth0

link-local * 255.255.0.0 U 1002 0 0 eth0

default 192.168.154.2 0.0.0.0 UG 0 0 0 eth0

10 tcpdump：网络报文截获工具

指定端口：

[root@localhost proc]# tcpdump -i eth0

...

11:18:14.179947 IP 192.168.154.1.57827 > 192.168.154.128.ssh: Flags [P.], seq 65:129, ack 253984, win 16425, length 64

11:18:14.180481 IP 192.168.154.128.ssh > 192.168.154.1.57827: Flags [P.], seq 253984:254384, ack 129, win 720, length 400

11:18:14.180845 IP 192.168.154.128.ssh > 192.168.154.1.57827: Flags [P.], seq 254384:254560, ack 129, win 720, length 176

11:18:14.181006 IP 192.168.154.1.57827 > 192.168.154.128.ssh: Flags [.], ack 254560, win 16281, length 0

指定主机，打印发出和收到的报文

[root@localhost proc]# tcpdump host 192.168.154.128

...

11:20:23.429911 IP 192.168.154.128.ssh > 192.168.154.1.57827: Flags [P.], seq 229536:229824, ack 1, win 720, length 288

11:20:23.437865 IP 192.168.154.128.ssh > 192.168.154.1.57827: Flags [P.], seq 229824:230000, ack 1, win 720, length 176

11:20:23.444348 IP 192.168.154.1.57827 > 192.168.154.128.ssh: Flags [.], ack 230000, win 16425, length 0

11:20:23.444371 IP 192.168.154.1.57827 > 192.168.154.128.ssh: Flags [P.], seq 1:65, ack 230000, win 16425, length 64

打印两台主机之间的报文

[root@localhost proc]# tcpdump host 192.168.154.128 and $192.168.154.1$

...

11:22:37.082668 IP 192.168.154.1.57827 > 192.168.154.128.ssh: Flags [.], ack 521392, win 16425, length 0

11:22:37.082893 IP 192.168.154.128.ssh > 192.168.154.1.57827: Flags [P.], seq 521392:521680, ack 209, win 720, length 288

11:22:37.090535 IP 192.168.154.128.ssh > 192.168.154.1.57827: Flags [P.], seq 521680:521856, ack 209, win 720, length 176

11:22:37.092395 IP 192.168.154.1.57827 > 192.168.154.128.ssh: Flags [.], ack 521856, win 16309, length 0

11:22:37.098430 IP 192.168.154.1.57827 > 192.168.154.128.ssh: Flags [P.], seq 209:273, ack 521856, win 16309, length 64

11:22:37.100106 IP 192.168.154.128.ssh > 192.168.154.1.57827: Flags [P.], seq 521856:522256, ack 273, win 720, length 400

打印主机发送的报文

[root@localhost proc]# tcpdump -i eth0 src 192.168.154.128

...

11:26:39.511627 IP 192.168.154.128.ssh > 192.168.154.1.57827: Flags [P.], seq 89264:89440, ack 1, win 720, length 176

11:26:39.517580 IP 192.168.154.128.ssh > 192.168.154.1.57827: Flags [P.], seq 89440:89616, ack 1, win 720, length 176

11:26:39.517883 IP 192.168.154.128.ssh > 192.168.154.1.57827: Flags [P.], seq 89616:89792, ack 1, win 720, length 176

11:26:39.520735 IP 192.168.154.128.ssh > 192.168.154.1.57827: Flags [P.], seq 89792:89968, ack 65, win 720, length 176

打印主机接收的报文

[root@localhost proc]# tcpdump -i eth0 dst 192.168.154.128

...

11:28:01.032800 IP 192.168.154.1.57827 > 192.168.154.128.ssh: Flags [.], ack 8337, win 16141, length 0

11:28:01.233749 IP 192.168.154.1.57827 > 192.168.154.128.ssh: Flags [.], ack 8497, win 16101, length 0

11:28:01.434811 IP 192.168.154.1.57827 > 192.168.154.128.ssh: Flags [.], ack 8657, win 16061, length 0

11:28:01.584687 IP 192.168.154.1.57827 > 192.168.154.128.ssh: Flags [P.], seq 48:112, ack 8817, win 16425, length 64

获取指定主机指定端口接收和发送的报文

[root@localhost proc]# tcpdump tcp port 80 and host 192.168.154.128 -v

12:30:38.368441 IP (tos 0x0, ttl 64, id 16834, offset 0, flags [DF], proto TCP (6), length 40)

192.168.154.128.http > 192.168.154.1.64941: Flags [F.], cksum 0x2e4e (correct), seq 1, ack 2, win 457, length 0

12:30:38.368663 IP (tos 0x0, ttl 64, id 6217, offset 0, flags [DF], proto TCP (6), length 40)

192.168.154.1.64941 > 192.168.154.128.http: Flags [.], cksum 0xefed (correct), ack 2, win 16425, length 0

12:30:38.369111 IP (tos 0x0, ttl 64, id 21138, offset 0, flags [DF], proto TCP (6), length 40)

192.168.154.128.http > 192.168.154.1.64942: Flags [F.], cksum 0x76ed (correct), seq 1, ack 2, win 457, length 0

12:30:38.369321 IP (tos 0x0, ttl 64, id 6218, offset 0, flags [DF], proto TCP (6), length 40)

192.168.154.1.64942 > 192.168.154.128.http: Flags [.], cksum 0x388d (correct), ack 2, win 16425, length 0

11 ss：显示socket状态，比netstat更强大和高效

-l：显示本地监听的所有端口

-t -a：显示所有TCP连接，a为显示所有套接字

-u -a：显示所有UDP连接

-o：显示计时器信息

显示所有ＴＣＰ连接：

[Vpnwjoj@stash ~]$ sudo ss -a -t

[root@localhost proc]# ss

显示所有打开的网络连接端口：

[root@localhost proc]# ss -l

[root@localhost bin]# ss -tnl

State Recv-Q Send-Q Local Address:Port Peer Address:Port

LISTEN 0 128 *:22 *:*

LISTEN 0 100 127.0.0.1:25 *:*

LISTEN 0 100 :::8080 :::*

LISTEN 0 128 :::22 :::*

LISTEN 0 100 ::1:25 :::*

LISTEN 0 1 ::ffff:127.0.0.1:8005 :::*

LISTEN 0 100 :::8009

[root@localhost bin]# ss -o state established '( dport = :ssh or sport = :ssh )'

Netid Recv-Q Send-Q Local Address:Port Peer Address:Port

tcp 0 232 192.168.3.56:ssh 192.168.3.17:59548 timer:(on,375ms,0)

tcp 0 0 192.168.3.56:ssh 192.168.3.17:56614 timer:(keepalive,80min,0)

:::*

匹配本地地址和端口号：

[root@localhost proc]# ss src 192.168.154.128:80

State Recv-Q Send-Q Local Address:Port Peer Address:Port

ESTAB 0 0 192.168.154.128:http 192.168.154.1:65206

ESTAB 0 0 192.168.154.128:http 192.168.154.1:65212

12 nmap：网络探测和安全审核工具

语法：nmap [扫描类型] [选项] 扫描目标

选项：-p：指定扫描的端口

-n：禁用反向DNS解析（可以提高扫描速度）

扫描类型：

-sS, TCP SYN扫描，只向目标发出SYN数据包，如果收到SYN/ACK响应包就认为目标端口正在监听，并立即断开链接，否则会认为目标端口并未开放。

-sT，TCP连接扫描，这是完整的TCP扫描方式，用来建立TCP连接，如果成功则表示目标端口正在监听，否则表示端口并未开放。

-sP ICMP扫描：类似Ping检测快速判断目标主机是否存活。

[root@localhost proc]# nmap 192.168.154.1

Starting Nmap 5.51 ( http://nmap.org ) at 2017-05-16 12:59 CST

Nmap scan report for 192.168.154.1

Host is up (0.00030s latency).

Not shown: 997 filtered ports

PORT STATE SERVICE

135/tcp open msrpc

139/tcp open netbios-ssn

445/tcp open microsoft-ds

MAC Address: 00:50:56:C0:00:08 (VMware)

查看端口是否开启

[root@localhost proc]# nmap -p 22,80 192.168.154.1-10

Starting Nmap 5.51 ( http://nmap.org ) at 2017-05-16 13:00 CST

Nmap scan report for 192.168.154.1

Host is up (0.000065s latency).

PORT STATE SERVICE

22/tcp filtered ssh

80/tcp filtered http

MAC Address: 00:50:56:C0:00:08 (VMware)

Nmap scan report for 192.168.154.2

Host is up (0.00034s latency).

PORT STATE SERVICE

22/tcp closed ssh

80/tcp closed http

MAC Address: 00:50:56:EC:FE:4A (VMware)

查看哪些主机在线：

[root@localhost proc]# nmap -n -sP 192.168.154.0/24

Starting Nmap 5.51 ( http://nmap.org ) at 2017-05-16 13:01 CST

Nmap scan report for 192.168.154.1

Host is up (0.00021s latency).

MAC Address: 00:50:56:C0:00:08 (VMware)

Nmap scan report for 192.168.154.2

Host is up (0.0014s latency).

MAC Address: 00:50:56:EC:FE:4A (VMware)

Nmap scan report for 192.168.154.128

Host is up.

Nmap scan report for 192.168.154.254

Host is up (0.00040s latency).

MAC Address: 00:50:56:F5:05:C8 (VMware)

Nmap done: 256 IP addresses (4 hosts up) scanned in 4.43 seconds

本文转自 zengwj1949 51CTO博客，原文链接:http://blog.51cto.com/zengwj1949/1926177

Linux之网络工具

热门文章

最新文章

相关课程

相关电子书

相关实验场景

推荐镜像

探索云世界

热门

云计算

大数据

云原生

人工智能

数据库

开发与运维

活动广场

任务中心

训练营

直播

乘风者计划

下载

镜像站

技术资料

Linux之网络工具

热门文章

最新文章

相关课程

相关电子书

相关实验场景

推荐镜像