Linux之网络工具-阿里云开发者社区

1 ifconfig：显示网卡信息

[root@localhost proc]# ifconfig

eth0 Link encap:Ethernet HWaddr 00:0C:29:B8:90:BE

inet addr:192.168.154.128 Bcast:192.168.154.255 Mask:255.255.255.0

inet6 addr: fe80::20c:29ff:feb8:90be/64 Scope:Link

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:3847 errors:0 dropped:0 overruns:0 frame:0

TX packets:5152 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1000

RX bytes:326187 (318.5 KiB) TX bytes:882894 (862.2 KiB)

Interrupt:19 Base address:0x2024

2 arp：显示arp条目

[root@localhost proc]# arp

Address HWtype HWaddress Flags Mask Iface

192.168.154.1 ether 00:50:56:c0:00:08 C eth0

192.168.154.2 ether 00:50:56:ec:fe:4a C eth0

192.168.154.254 ether 00:50:56:f5:05:c8 C eth0

3 ethtool：查询和设置网卡参数

[root@localhost proc]# ethtool -P eth0 #查询端口位置

4 netstat：显示和网络相关的信息，网络连接、接口状态、路由信息等

[root@localhost proc]# netstat -r

Kernel IP routing table

Destination Gateway Genmask Flags MSS Window irtt Iface

192.168.154.0 * 255.255.255.0 U 0 0 0 eth0

link-local * 255.255.0.0 U 0 0 0 eth0

default 192.168.154.2 0.0.0.0 UG 0 0 0 eth0

[root@localhost proc]# netstat -anpt

Active Internet connections (servers and established)

Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name

tcp 0 0 0.0.0.0:39709 0.0.0.0:* LISTEN 1643/rpc.statd

tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 2172/mysqld

tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1621/rpcbind

tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 2412/nginx

tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1872/sshd

tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1699/cupsd

tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2289/master

5 ping：测试网络的连通性

[root@localhost proc]# ping -c 5 www.qq.com

PING www.qq.com (120.198.201.156) 56(84) bytes of data.

64 bytes from 120.198.201.156: icmp_seq=1 ttl=128 time=12.9 ms

64 bytes from 120.198.201.156: icmp_seq=2 ttl=128 time=11.0 ms

64 bytes from 120.198.201.156: icmp_seq=3 ttl=128 time=10.4 ms

64 bytes from 120.198.201.156: icmp_seq=4 ttl=128 time=40.8 ms

64 bytes from 120.198.201.156: icmp_seq=5 ttl=128 time=13.5 ms

mtr：mtr命令把ping命令和tracepath命令合成了一个

[root@localhost proc]#mtr www.qq.com

6 lsof：列出系统当前打开的文件（在Linux中一切皆文件）

COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME

init 1 root cwd DIR 8,2 4096 2 /

init 1 root rtd DIR 8,2 4096 2 /

init 1 root txt REG 8,2 153380 1666 /sbin/init

init 1 root mem REG 8,2 41812 4884 /lib/librt-2.12.so

init 1 root mem REG 8,2 146728 4880 /lib/ld-2.12.so

init 1 root mem REG 8,2 1911528 4882 /lib/libc-2.12.so

init 1 root mem REG 8,2 58728 1310 /lib/libnss_files-2.12.so

init 1 root mem REG 8,2 286396 4885 /lib/libdbus-1.so.3.4.0

init 1 root mem REG 8,2 122232 4911 /lib/libgcc_s-4.4.7-20120601.so.1

...

COMMAND：进程的名称

PID：进程标识符

USER：进程所有者

FD：文件描述符，应用程序通过文件描述符识别该文件。如cwd、txt等

TYPE：文件类型，如DIR、REG等

DEVICE：指定磁盘的名称

SIZE：文件的大小

NODE：索引节点（文件在磁盘上的标识）

NAME：打开文件的确切名称

显示某个端口是否被使用

[root@localhost proc]# lsof -i :3306

COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME

mysqld 2172 mysql 3u IPv4 14673 0t0 TCP *:mysql (LISTEN)

显示某个用户的进程打开的文件

[root@localhost proc]# lsof -u mysql

COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME

mysqld 2172 mysql cwd DIR 8,3 4096 2668 /var/lib/mysql

mysqld 2172 mysql rtd DIR 8,2 4096 2 /

mysqld 2172 mysql txt REG 8,6 8064320 5203 /usr/libexec/mysqld

mysqld 2172 mysql mem REG 8,2 40296 4897 /lib/libcrypt-2.12.so

mysqld 2172 mysql mem REG 8,6 942040 670610 /usr/lib/libstdc++.so.6.0.13

mysqld 2172 mysql mem REG 8,2 15496 4901 /lib/libcom_err.so.2.1

mysqld 2172 mysql mem REG 8,2 907576 4902 /lib/libkrb5.so.3.3

mysqld 2172 mysql mem REG 8,2 171484 4900 /lib/libk5crypto.so.3.1

...

7 nslookup：域名解析查询

[root@localhost proc]# nslookup www.qq.com

Server:192.168.154.2

Address:192.168.154.2#53

Non-authoritative answer:

Name:www.qq.com

Address: 120.198.201.156

能实现域名查询的还有另一个命令：dig

[root@localhost proc]# dig www.qq.com

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6 <<>> www.qq.com

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47549

;; flags: qr rd cd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; WARNING: recursion requested but not available

;; QUESTION SECTION:

;www.qq.com.INA

;; ANSWER SECTION:

www.qq.com.5INA120.198.201.156

;; Query time: 11 msec

;; SERVER: 192.168.154.2#53(192.168.154.2)

;; WHEN: Tue May 16 10:53:23 2017

;; MSG SIZE rcvd: 44

8 traceroute：跟踪报文路径，在Windows下为tracert

[root@localhost proc]# traceroute www.qq.com

traceroute to www.qq.com (120.198.201.156), 30 hops max, 60 byte packets

1 192.168.154.2 (192.168.154.2) 0.125 ms 0.106 ms 0.410 ms

2 * * *

3 * * *

4 * * *

5 * * *

6 * * *

7 * * *

8 * * *

9 * * *

在Linux系统中，mtr也可以实现路由跟踪，而且结合了ping的功能，更加强大，但是默认没有安装。

[root@localhost proc]# mtr www.qq.com

9 route：查看路由信息

[root@localhost proc]# route

Kernel IP routing table

Destination Gateway Genmask Flags Metric Ref Use Iface

192.168.154.0 * 255.255.255.0 U 0 0 0 eth0

link-local * 255.255.0.0 U 1002 0 0 eth0

default 192.168.154.2 0.0.0.0 UG 0 0 0 eth0

10 tcpdump：网络报文截获工具

指定端口：

[root@localhost proc]# tcpdump -i eth0

...

11:18:14.179947 IP 192.168.154.1.57827 > 192.168.154.128.ssh: Flags [P.], seq 65:129, ack 253984, win 16425, length 64

11:18:14.180481 IP 192.168.154.128.ssh > 192.168.154.1.57827: Flags [P.], seq 253984:254384, ack 129, win 720, length 400

11:18:14.180845 IP 192.168.154.128.ssh > 192.168.154.1.57827: Flags [P.], seq 254384:254560, ack 129, win 720, length 176

11:18:14.181006 IP 192.168.154.1.57827 > 192.168.154.128.ssh: Flags [.], ack 254560, win 16281, length 0

指定主机，打印发出和收到的报文

[root@localhost proc]# tcpdump host 192.168.154.128

...

11:20:23.429911 IP 192.168.154.128.ssh > 192.168.154.1.57827: Flags [P.], seq 229536:229824, ack 1, win 720, length 288

11:20:23.437865 IP 192.168.154.128.ssh > 192.168.154.1.57827: Flags [P.], seq 229824:230000, ack 1, win 720, length 176

11:20:23.444348 IP 192.168.154.1.57827 > 192.168.154.128.ssh: Flags [.], ack 230000, win 16425, length 0

11:20:23.444371 IP 192.168.154.1.57827 > 192.168.154.128.ssh: Flags [P.], seq 1:65, ack 230000, win 16425, length 64

打印两台主机之间的报文

[root@localhost proc]# tcpdump host 192.168.154.128 and $192.168.154.1$

...

11:22:37.082668 IP 192.168.154.1.57827 > 192.168.154.128.ssh: Flags [.], ack 521392, win 16425, length 0

11:22:37.082893 IP 192.168.154.128.ssh > 192.168.154.1.57827: Flags [P.], seq 521392:521680, ack 209, win 720, length 288

11:22:37.090535 IP 192.168.154.128.ssh > 192.168.154.1.57827: Flags [P.], seq 521680:521856, ack 209, win 720, length 176

11:22:37.092395 IP 192.168.154.1.57827 > 192.168.154.128.ssh: Flags [.], ack 521856, win 16309, length 0

11:22:37.098430 IP 192.168.154.1.57827 > 192.168.154.128.ssh: Flags [P.], seq 209:273, ack 521856, win 16309, length 64

11:22:37.100106 IP 192.168.154.128.ssh > 192.168.154.1.57827: Flags [P.], seq 521856:522256, ack 273, win 720, length 400

打印主机发送的报文

[root@localhost proc]# tcpdump -i eth0 src 192.168.154.128

...

11:26:39.511627 IP 192.168.154.128.ssh > 192.168.154.1.57827: Flags [P.], seq 89264:89440, ack 1, win 720, length 176

11:26:39.517580 IP 192.168.154.128.ssh > 192.168.154.1.57827: Flags [P.], seq 89440:89616, ack 1, win 720, length 176

11:26:39.517883 IP 192.168.154.128.ssh > 192.168.154.1.57827: Flags [P.], seq 89616:89792, ack 1, win 720, length 176

11:26:39.520735 IP 192.168.154.128.ssh > 192.168.154.1.57827: Flags [P.], seq 89792:89968, ack 65, win 720, length 176

打印主机接收的报文

[root@localhost proc]# tcpdump -i eth0 dst 192.168.154.128

...

11:28:01.032800 IP 192.168.154.1.57827 > 192.168.154.128.ssh: Flags [.], ack 8337, win 16141, length 0

11:28:01.233749 IP 192.168.154.1.57827 > 192.168.154.128.ssh: Flags [.], ack 8497, win 16101, length 0

11:28:01.434811 IP 192.168.154.1.57827 > 192.168.154.128.ssh: Flags [.], ack 8657, win 16061, length 0

11:28:01.584687 IP 192.168.154.1.57827 > 192.168.154.128.ssh: Flags [P.], seq 48:112, ack 8817, win 16425, length 64

获取指定主机指定端口接收和发送的报文

[root@localhost proc]# tcpdump tcp port 80 and host 192.168.154.128 -v

12:30:38.368441 IP (tos 0x0, ttl 64, id 16834, offset 0, flags [DF], proto TCP (6), length 40)

192.168.154.128.http > 192.168.154.1.64941: Flags [F.], cksum 0x2e4e (correct), seq 1, ack 2, win 457, length 0

12:30:38.368663 IP (tos 0x0, ttl 64, id 6217, offset 0, flags [DF], proto TCP (6), length 40)

192.168.154.1.64941 > 192.168.154.128.http: Flags [.], cksum 0xefed (correct), ack 2, win 16425, length 0

12:30:38.369111 IP (tos 0x0, ttl 64, id 21138, offset 0, flags [DF], proto TCP (6), length 40)

192.168.154.128.http > 192.168.154.1.64942: Flags [F.], cksum 0x76ed (correct), seq 1, ack 2, win 457, length 0

12:30:38.369321 IP (tos 0x0, ttl 64, id 6218, offset 0, flags [DF], proto TCP (6), length 40)

192.168.154.1.64942 > 192.168.154.128.http: Flags [.], cksum 0x388d (correct), ack 2, win 16425, length 0

11 ss：显示socket状态，比netstat更强大和高效

-l：显示本地监听的所有端口

-t -a：显示所有TCP连接，a为显示所有套接字

-u -a：显示所有UDP连接

-o：显示计时器信息

显示所有ＴＣＰ连接：

[Vpnwjoj@stash ~]$ sudo ss -a -t

[root@localhost proc]# ss

显示所有打开的网络连接端口：

[root@localhost proc]# ss -l

[root@localhost bin]# ss -tnl

State Recv-Q Send-Q Local Address:Port Peer Address:Port

LISTEN 0 128 *:22 *:*

LISTEN 0 100 127.0.0.1:25 *:*

LISTEN 0 100 :::8080 :::*

LISTEN 0 128 :::22 :::*

LISTEN 0 100 ::1:25 :::*

LISTEN 0 1 ::ffff:127.0.0.1:8005 :::*

LISTEN 0 100 :::8009

[root@localhost bin]# ss -o state established '( dport = :ssh or sport = :ssh )'

Netid Recv-Q Send-Q Local Address:Port Peer Address:Port

tcp 0 232 192.168.3.56:ssh 192.168.3.17:59548 timer:(on,375ms,0)

tcp 0 0 192.168.3.56:ssh 192.168.3.17:56614 timer:(keepalive,80min,0)

:::*

匹配本地地址和端口号：

[root@localhost proc]# ss src 192.168.154.128:80

State Recv-Q Send-Q Local Address:Port Peer Address:Port

ESTAB 0 0 192.168.154.128:http 192.168.154.1:65206

ESTAB 0 0 192.168.154.128:http 192.168.154.1:65212

12 nmap：网络探测和安全审核工具

语法：nmap [扫描类型] [选项] 扫描目标

选项：-p：指定扫描的端口

-n：禁用反向DNS解析（可以提高扫描速度）

扫描类型：

-sS, TCP SYN扫描，只向目标发出SYN数据包，如果收到SYN/ACK响应包就认为目标端口正在监听，并立即断开链接，否则会认为目标端口并未开放。

-sT，TCP连接扫描，这是完整的TCP扫描方式，用来建立TCP连接，如果成功则表示目标端口正在监听，否则表示端口并未开放。

-sP ICMP扫描：类似Ping检测快速判断目标主机是否存活。

[root@localhost proc]# nmap 192.168.154.1

Starting Nmap 5.51 ( http://nmap.org ) at 2017-05-16 12:59 CST

Nmap scan report for 192.168.154.1

Host is up (0.00030s latency).

Not shown: 997 filtered ports

PORT STATE SERVICE

135/tcp open msrpc

139/tcp open netbios-ssn

445/tcp open microsoft-ds

MAC Address: 00:50:56:C0:00:08 (VMware)

查看端口是否开启

[root@localhost proc]# nmap -p 22,80 192.168.154.1-10

Starting Nmap 5.51 ( http://nmap.org ) at 2017-05-16 13:00 CST

Nmap scan report for 192.168.154.1

Host is up (0.000065s latency).

PORT STATE SERVICE

22/tcp filtered ssh

80/tcp filtered http

MAC Address: 00:50:56:C0:00:08 (VMware)

Nmap scan report for 192.168.154.2

Host is up (0.00034s latency).

PORT STATE SERVICE

22/tcp closed ssh

80/tcp closed http

MAC Address: 00:50:56:EC:FE:4A (VMware)

查看哪些主机在线：

[root@localhost proc]# nmap -n -sP 192.168.154.0/24

Starting Nmap 5.51 ( http://nmap.org ) at 2017-05-16 13:01 CST

Nmap scan report for 192.168.154.1

Host is up (0.00021s latency).

MAC Address: 00:50:56:C0:00:08 (VMware)

Nmap scan report for 192.168.154.2

Host is up (0.0014s latency).

MAC Address: 00:50:56:EC:FE:4A (VMware)

Nmap scan report for 192.168.154.128

Host is up.

Nmap scan report for 192.168.154.254

Host is up (0.00040s latency).

MAC Address: 00:50:56:F5:05:C8 (VMware)

Nmap done: 256 IP addresses (4 hosts up) scanned in 4.43 seconds

本文转自 zengwj1949 51CTO博客，原文链接:http://blog.51cto.com/zengwj1949/1926177

Linux之网络工具

热门文章

最新文章

相关课程

相关电子书

相关实验场景

推荐镜像