linux中网络相关命令总结-白红宇

linux中网络相关命令总结

阅读量：6588 次

发布时间：2019-06-24

本文共 12048 字，大约阅读时间需要 40 分钟。

关于网关配置详情可查看博文

查看DNS服务器

cat /etc/resolv.conf ; generated by /sbin/dhclient-scriptoptions rotate timeout:1nameserver 183.60.83.19nameserver 183.60.82.98

ping 使用的是icmp协议，ping -c3 -i2 -s512 www.baidu.com

c 表示次数

i 表示间隔

s 表示发数据包的大小

curl测试

[root@www ~]# curl -I api.mch.weixin.qq.com         HTTP/1.1 302 Moved Temporarily        Server: nginx        Date: Mon, 16 Apr 2018 03:55:45 GMT        Content-Type: text/html        Content-Length: 154        Connection: keep-alive        Keep-Alive: timeout=8        Location: http://wx.gtimg.com/core/404.htmlcurl -o /dev/null -4 -v -s -w %{time_namelookup}:%{time_connect}:%{time_starttransfer}:%{time_total}"\n" 'https://api.mch.weixin.qq.com/orderquery'

1.获取页面内容

不加任何选项使用 curl 时，默认会发送 GET 请求来获取链接内容到标准输出。

显示 HTTP 头
如果我们只想要显示 HTTP 头，而不显示文件内容，可以使用 -I 选项：
curl -I

3.通过 curl 自带的 -o/-O 选项将内容保存到文件中。

-o（小写的 o）：结果会被保存到命令行中提供的文件名

-O（大写的 O）：URL 中的文件名会被用作保存输出的文件名

curl -o index.html

curl -O

同时下载多个文件
我们可以使用 -o 或 -O 选项来同时指定多个链接
curl -o page1.html -o page2.html

查看域名解析

[root@www ~]# dig api.weixin.qq.com; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6_8.3 <<>> api.weixin.qq.com;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1691;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0;; QUESTION SECTION:;api.weixin.qq.com.     IN  A;; ANSWER SECTION:api.weixin.qq.com.  372 IN  A   182.254.106.119;; Query time: 0 msec;; SERVER: 183.60.83.19#53(183.60.83.19);; WHEN: Mon Mar 12 15:51:54 2018;; MSG SIZE  rcvd: 51

查看域名解析还有一个命令 nslookup

[root@www ~]# nslookup > www.qq.comServer:     183.60.83.19Address:    183.60.83.19#53Non-authoritative answer:Name:   www.qq.comAddress: 180.163.26.39

trace

通过trace确认对应的路由节点，时间比较长或者（*）表示网络故障点，以星号表示的，可能是防火墙封掉了ICMP的返回信息，所以我们得不到什么相关的数据包返回数据。

trceroute www.qq.com linux上检查各个路由节点的情况（到达目的地址，所要经过的路由网关节点）

tracert -d www.qq.com 这个是用于win上的检查跟踪路由

-n 显示IP地址，不查主机名,比如

traceroute -n www.baidu.com (输出内容比较简洁)

[root@www ~]# traceroute api.mch.weixin.qq.comtraceroute to api.mch.weixin.qq.com (182.254.33.35), 30 hops max, 60 byte packets 1  10.112.81.1 (10.112.81.1)  6.059 ms  6.156 ms  6.221 ms 2  10.112.254.104 (10.112.254.104)  9.140 ms  9.137 ms  9.327 ms 3  10.200.135.73 (10.200.135.73)  1.059 ms  1.162 ms  1.047 ms 4  182.254.127.52 (182.254.127.52)  6.378 ms 182.254.127.51 (182.254.127.51)  6.898 ms 182.254.127.52 (182.254.127.52)  6.144 ms 5  * * * 6  * * * 7  * * * 8  * * * 9  * * *10  * * *11  * * *12  * * *13  * * *14  * * *15  * * *

输出需要确认有一列的时间超过3s才有参考意义

对于有HTTP服务的主机，可以用参数设置traceroute使用TCP协议进行探测，就可以获得最终节点：

-I --icmp Use ICMP ECHO for tracerouting

-T --tcp Use TCP SYN for tracerouting

-p port --port=port

[root@www ~]# traceroute -T -n -p 80 baidu.comtraceroute to baidu.com (220.181.57.216), 30 hops max, 60 byte packets 1  10.112.81.2  7.427 ms  7.556 ms  7.662 ms 2  10.112.254.106  9.547 ms  9.631 ms  9.715 ms 3  10.200.135.73  5.395 ms  5.399 ms  5.410 ms 4  14.18.199.58  2.477 ms  2.476 ms 14.18.199.78  2.186 ms 5  * 14.119.117.133  2.142 ms * 6  113.96.7.194  10.794 ms 183.60.112.5  6.716 ms 113.96.7.198  10.530 ms 7  113.108.208.213  7.904 ms  7.900 ms  8.019 ms 8  202.97.65.53  43.571 ms 202.97.65.205  40.436 ms 202.97.65.101  39.845 ms 9  * * 180.149.159.14  44.081 ms10  * * *11  * * *12  220.181.17.94  42.861 ms 220.181.17.22  43.363 ms 220.181.182.34  43.457 ms13  * * *14  220.181.57.216  44.007 ms  42.132 ms *

mtr

结合ping nslookup tracert 来判断网络的相关特性，通过mtr确认对应的路由节点丢包情况

[root@www ~]# mtr -r api.mch.weixin.qq.comHOST: www                         Loss%   Snt   Last   Avg  Best  Wrst StDev  1. 10.112.81.1                   0.0%    10    2.9   2.6   1.5   5.5   1.5  2. 10.112.254.104                0.0%    10    1.9   2.9   1.7  11.3   3.0  3. 10.200.135.73                 0.0%    10    1.1   1.1   1.0   1.2   0.1  4. 182.254.127.51                0.0%    10    6.5   6.5   6.4   6.7   0.1  5. ???                          100.0    10    0.0   0.0   0.0   0.0   0.0  6. 10.238.119.42                10.0%    10   30.6  26.1  10.3  39.8   9.6  7. 182.254.33.35                 0.0%    10    5.2   5.2   5.1   5.2   0.0

其中说明：

-c –report-cycles COUNT

-n 不用主机解释

-c 发送多少个数据包

-r --report 结果显示，并不动态显示。

-i 表示间隔时间

第一列:显示的是IP地址和本机域名，这点和tracert很像

第二列:是显示的每个对应IP的丢包率

第三列:snt:10 设置每秒发送数据包的数量，默认值是10 可以通过参数 -c来指定。

第四列:显示的最近一次的返回时延

第五列:是平均值这个应该是发送ping包的平均时延

第六列:是最好或者说时延最短的

第七列:是最差或者说时延最常的

第八列:是标准偏差

模拟网络抓包

一台机器上面ping 139.199.160.55

另一台机器上面tcpdump监听

[root@www ~]# tcpdump -n icmp -i eth0 and src 59.37.125.48tcpdump: verbose output suppressed, use -v or -vv for full protocol decodelistening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes17:12:14.780171 IP 59.37.125.48 > 172.16.0.11: ICMP echo request, id 5479, seq 1, length 6417:12:15.771386 IP 59.37.125.48 > 172.16.0.11: ICMP echo request, id 4099, seq 2, length 6417:12:16.772649 IP 59.37.125.48 > 172.16.0.11: ICMP echo request, id 4111, seq 3, length 6417:12:17.774895 IP 59.37.125.48 > 172.16.0.11: ICMP echo request, id 4121, seq 4, length 6417:12:18.776877 IP 59.37.125.48 > 172.16.0.11: ICMP echo request, id 4125, seq 5, length 6417:12:19.780618 IP 59.37.125.48 > 172.16.0.11: ICMP echo request, id 5684, seq 6, length 646 packets captured6 packets received by filter0 packets dropped by kernel

tcpdump -i eth0 -nnX port 21

选项：

-i 指定网卡接口

-nn 将数据包中的域名与服务转为ip和端口

-X 以十六进制和ASCII码的显示数据包内容

port 指定监听端口

[root@www ~]# tcpdump -i eth0 -nnX port 21tcpdump: verbose output suppressed, use -v or -vv for full protocol decodelistening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes17:54:08.047349 IP 59.37.125.48.3128 > 172.16.0.11.21: Flags [S], seq 913042176, win 8192, options [mss 1412,nop,wscale 0,nop,nop,sackOK], length 0    0x0000:  4500 0034 01f4 4000 3106 e35f 3b25 7d30  E..4..@.1.._;%}0    0x0010:  ac10 000b 0c38 0015 366b eb00 0000 0000  .....8..6k......    0x0020:  8002 2000 bd1e 0000 0204 0584 0103 0300  ................    0x0030:  0101 0402                                ....17:54:08.047378 IP 172.16.0.11.21 > 59.37.125.48.3128: Flags [S.], seq 3851070068, ack 913042177, win 14600, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0    0x0000:  4500 0034 0000 4000 4006 d653 ac10 000b  E..4..@.@..S....    0x0010:  3b25 7d30 0015 0c38 e58a aa74 366b eb01  ;%}0...8...t6k..    0x0020:  8012 3908 13cf 0000 0204 05b4 0101 0402  ..9.............    0x0030:  0103 0307

nmap 主机扫描工具：主机探测，端口扫描，版本检测，系统检测等

1、用Nmap扫描特定IP地址

[root@www ~]# nmap 127.0.0.1Starting Nmap 5.51 ( http://nmap.org ) at 2018-03-12 09:43 CSTNmap scan report for localhost (127.0.0.1)Host is up (0.000012s latency).Not shown: 995 closed portsPORT     STATE SERVICE22/tcp   open  ssh23/tcp   open  telnet25/tcp   open  smtp80/tcp   open  http3306/tcp open  mysqlNmap done: 1 IP address (1 host up) scanned in 0.17 seconds

2.端口扫描 nmap -p1,12,22,34,254 127.0.0.1

[root@www ~]# nmap -p1-50 127.0.0.1Starting Nmap 5.51 ( http://nmap.org ) at 2018-03-12 09:46 CSTNmap scan report for localhost (127.0.0.1)Host is up (0.0000050s latency).Not shown: 47 closed portsPORT   STATE SERVICE22/tcp open  ssh23/tcp open  telnet25/tcp open  smtpNmap done: 1 IP address (1 host up) scanned in 0.06 seconds

3.扫描一个段的主机在线状况(对目标进行Ping检测)

nmap -sP 139.199.160.0/24

[root@www ~]# nmap -sP 139.199.160.55-68Starting Nmap 5.51 ( http://nmap.org ) at 2018-03-12 09:57 CSTNmap scan report for 139.199.160.55Host is up (0.0033s latency).Nmap scan report for 139.199.160.56Host is up (0.015s latency).Nmap scan report for 139.199.160.57Host is up (0.0070s latency).Nmap scan report for 139.199.160.58Host is up (0.014s latency).Nmap scan report for 139.199.160.59

4.万能开关扫描

[root@www ~]# nmap -A 127.0.0.1Starting Nmap 5.51 ( http://nmap.org ) at 2018-03-15 15:52 CSTNmap scan report for localhost (127.0.0.1)Host is up (0.000036s latency).Not shown: 996 closed portsPORT   STATE SERVICE VERSION22/tcp open  ssh     OpenSSH 5.3 (protocol 2.0)| ssh-hostkey: 1024 2d:f8:06:ea:aa:3e:22:9b:bf:c7:ce:c5:dc:69:e6:78 (DSA)|_2048 2e:3f:af:53:07:5a:fc:cf:09:a3:ac:27:39:1d:d5:e8 (RSA)23/tcp open  telnet  Linux telnetd25/tcp open  smtp    Postfix smtpd80/tcp open  http    Apache httpd 2.2.34 ((Unix) DAV/2)| http-methods: Potentially risky methods: TRACE|_See http://nmap.org/nsedoc/scripts/http-methods.html|_http-title: Site doesn't have a title (text/html).No exact OS matches for host (If you know what OS is running on it, see http://nmap.org/submit/ ).TCP/IP fingerprint:OS:SCAN(V=5.51%D=3/15%OT=22%CT=1%CU=36121%PV=N%DS=0%DC=L%G=Y%TM=5AAA265C%P=OS:x86_64-redhat-linux-gnu)SEQ(SP=106%GCD=1%ISR=108%TI=Z%CI=Z%II=I%TS=A)SEQOS:(SP=106%GCD=4%ISR=108%TI=Z%CI=Z%II=I%TS=A)OPS(O1=MFFD7ST11NW7%O2=MFFD7STOS:11NW7%O3=MFFD7NNT11NW7%O4=MFFD7ST11NW7%O5=MFFD7ST11NW7%O6=MFFD7ST11)WIN(OS:W1=FFCB%W2=FFCB%W3=FFCB%W4=FFCB%W5=FFCB%W6=FFCB)ECN(R=Y%DF=Y%T=40%W=FFD7OS:%O=MFFD7NNSNW7%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(OS:R=N)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T5(R=Y%DF=Y%T=40%W=0%S=ZOS:%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=YOS:%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R=Y%DF=N%T=40%IPL=164%UN=0%RIOS:PL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=40%CD=S)Network Distance: 0 hopsService Info: Host:  www.localdomain; OS: LinuxOS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .Nmap done: 1 IP address (1 host up) scanned in 17.85 seconds

分析网络连接里面，正在连接的所有IP连接数，计数，连接状态数分析

[root@www ~]# netstat -an |awk '/^tcp/ {++S[$NF]} END {for(key in S) print S[key],key }' 2 ESTABLISHED2 LISTEN[root@www ~]# netstat -an |grep ^tcp |awk -F '[ :]+' '/^tcp/ {print $6}'|sort|uniq -c      2 0.0.0.0      1 169.254.0.15      1 169.254.0.55      1 59.37.125.48[root@www ~]# netstat -an |awk -F '[ :]+' '/^tcp/ {++S[$6]} END {for (key in S) print S[key] ,key}'|sort1 169.254.0.551 59.37.125.482 0.0.0.0

分析http服务，日志IP的访问次数，计数

去重uniq命令使用示例

[root@www ~]# cat a.txt 10.0.0.210.0.0.210.0.0.210.0.0.410.0.0.510.0.0.510.0.0.8[root@www ~]# uniq a.txt 10.0.0.210.0.0.410.0.0.510.0.0.8[root@www ~]# uniq -c a.txt       3 10.0.0.2      1 10.0.0.4      2 10.0.0.5      1 10.0.0.8

sort排序使用示例（n数字排序，r倒序排序, t指定分割符号，k指定排序的列）

[root@www ~]# sort -n a.txt 10.0.0.210.0.0.210.0.0.210.0.0.410.0.0.510.0.0.510.0.0.8[root@www ~]# sort -nr a.txt 10.0.0.810.0.0.510.0.0.510.0.0.410.0.0.210.0.0.210.0.0.2[root@www ~]# cat b.txt 10.0.0.2  d10.0.0.2  s10.0.0.2  t10.0.0.4  a10.0.0.5  z10.0.0.5  g10.0.0.8  c[root@www ~]# sort -t " " -k 2 b.txt 10.0.0.4  a10.0.0.8  c10.0.0.2  d10.0.0.5  g10.0.0.2  s10.0.0.2  t10.0.0.5  z

sort综合使用案例：对最后两位Ip进行排序，（逗号连接的是字段，点号连接的是字符）

[root@www ~]# cat c.txt 10.0.1.2  d10.0.0.213  s10.0.6.11  t10.0.0.4  a10.0.4.54  z10.0.9.6  g10.0.2.82  c[root@www ~]# sort -n -t. -k3,3 -k4.1,4.3 c.txt 10.0.0.4  a10.0.0.213  s10.0.1.2  d10.0.2.82  c10.0.4.54  z10.0.6.11  t10.0.9.6  g

awk分析处理日志

[root@www ~]# cat a.log ://www.baidu.com/://www.baidu.com/://www.taobao.com/http://news.sina.com.cn/://www.baidu.com/http://news.sina.com.cn/://www.baidu.com/http://www.qq.com/://www.baidu.com/https://www.bilibili.com/http://news.sina.com.cn/http://news.sina.com.cn/[root@www ~]# awk -F "/" {'print $3'} a.log |sort |uniq -c|sort -r      5 www.baidu.com      4 news.sina.com.cn      1 www.taobao.com      1 www.qq.com      1 www.bilibili.com[root@www ~]# awk -F "/" '{++S[$3]} END {for (key in S) print S[key],key} ' a.log |sort -r5 www.baidu.com4 news.sina.com.cn1 www.taobao.com1 www.qq.com1 www.bilibili.com[root@www ~]# awk '/^tcp/ {print $NF}'  netstat.log |sort |uniq -c      2 ESTABLISHED      2 LISTEN[root@www ~]# awk '/^tcp/ {++S[$NF]} END {for(key in S) print S[key],key }' netstat.log 2 ESTABLISHED2 LISTEN

补充

常见私有地址

10.0.0.0/8 (10.0.0.0 到 10.255.255.255)

172.16.0.0/12 (172.16.0.0 到 172.31.255.255)

192.168.0.0/16 (192.168.0.0 到 192.168.255.255)

169.254.0.0/16 (169.254.0.0 到 169.254.255.255)