记录一些Linux下,常用的网络命令。

ping

使用ping命令,可以测试本机到目标主机的网络连通性。
ping命令,向目标主机发送icmp echo请求包,然后等待目标主机的icmp reply响应包。
ping命令的输出,包含每次请求的往返时间,最后显示统计信息,丢包率,最大/最小/平均的往返时间。

root@localhost:~# ping -c 5 www.baidu.com
PING www.wshifen.com (45.113.192.102) 56(84) bytes of data.
64 bytes from 45.113.192.102 (45.113.192.102): icmp_seq=1 ttl=60 time=0.743 ms
64 bytes from 45.113.192.102 (45.113.192.102): icmp_seq=2 ttl=60 time=0.681 ms
64 bytes from 45.113.192.102 (45.113.192.102): icmp_seq=3 ttl=60 time=5.49 ms
64 bytes from 45.113.192.102 (45.113.192.102): icmp_seq=4 ttl=60 time=0.623 ms
64 bytes from 45.113.192.102 (45.113.192.102): icmp_seq=5 ttl=60 time=0.620 ms

--- www.wshifen.com ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4025ms

ping命令基于ICMP协议,是IP协议的上层协议。ICMP在IP报文后加入了新的内容,这些内容包括:

  • 类型:即 ICMP 的类型, 其中 ping 的请求类型为 0,应答为 8。
  • 代码:进一步划分 ICMP 的类型, 用来查找产生错误的原因。
  • 校验和:用于检查错误的数据。
  • 标识符:通过标识符来确认是谁发送的控制协议,可以是进程 ID。
  • 序列号:唯一确定的一个报文,前面 ping 名字执行后显示的 icmp_seq 就是这个值。

traceroute

traceroute是另一个基于icmp协议的命令。ping仅仅记录数据包从本机目标主机的往返时间。traceroute记录本机到目标主机间,数据包经过的所有路由器,和本地到路由器往返时间。

root@localhost:~# traceroute www.google.com
traceroute to www.google.com (74.125.68.104), 30 hops max, 60 byte packets
 1  103.3.60.3 (103.3.60.3)  0.532 ms  0.635 ms  0.774 ms
 2  139.162.0.9 (139.162.0.9)  0.449 ms  0.440 ms 139.162.0.13 (139.162.0.13)  0.415 ms
 3  139.162.0.18 (139.162.0.18)  0.416 ms  0.418 ms 72.14.242.208 (72.14.242.208)  23.004 ms
 4  74.125.242.34 (74.125.242.34)  1.107 ms 72.14.242.208 (72.14.242.208)  0.900 ms  0.898 ms
 5  74.125.242.35 (74.125.242.35)  11.488 ms 72.14.232.220 (72.14.232.220)  2.185 ms 216.239.57.38 (216.239.57.38)  1.724 ms
 6  72.14.232.222 (72.14.232.222)  1.848 ms 72.14.236.242 (72.14.236.242)  3.849 ms 66.249.95.248 (66.249.95.248)  1.407 ms
 7  216.239.35.165 (216.239.35.165)  3.385 ms 216.239.51.20 (216.239.51.20)  5.147 ms  1.388 ms
 8  * * *
 9  * * *
10  * * *
11  * * *
12  * * *
13  * * *
14  * * *
15  * * *
16  * * *
17  sc-in-f104.1e100.net (74.125.68.104)  1.179 ms * *

linux下的traceroute工作原理,是利用数据包里IP协议头部ttl的值,每经过一个路由器,都会减1。当ttl的值等于0时,路由器会将数据包丢弃,同时响应ICMP超时包给本机。

注:linux的traceroute发送的是udp数据包,windows发送的是ICMP请求包。

一开始,traceroute发送ttl=1的数据包,第一个路由器收到数据包,将ttl的值减1,ttl=0,路由器直接丢弃掉数据包,同时响应ICMP超时包给本机。

然后traceroute继续发送ttl=2的数据包,第一个路由器收到数据包,将ttl的值减1,ttl=1,第一个路由器将数据包转发出去,第二个路由器收到数据包,将ttl的值减1,ttl=0,第二个路由器将数据包丢弃,响应ICMP超时包给本机。

traceroute会继续这个过程,直到数据包达到了目标主机,目标主机返回ICMP目的地不可达包给本机。(traceroute发送数据包时,会选择一个不可达的目标端口号)

如果数据包发出后,在设置好的时间间隔内没有响应包返回,程序会显示*。有些路由器会封掉icmp,这样本机就无法得到icmp的响应包。

ifconfig

ifconfig是一个很常用的命令,用来配置,控制和查询TCP/IP网络接口的参数。如ip地址,网络掩码。

root@localhost:~# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 129.162.27.49  netmask 255.255.255.0  broadcast 129.162.27.255
        inet6 fe80::f03c:92ff:fe4c:9c4f  prefixlen 64  scopeid 0x20<link>
        inet6 2400:8901::f03c:92ff:fe4c:9c4f  prefixlen 64  scopeid 0x0<global>
        ether f2:3c:92:4c:9c:4f  txqueuelen 1000  (Ethernet)
        RX packets 1871720  bytes 277003523 (277.0 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 1671631  bytes 1800811159 (1.8 GB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 52620  bytes 54980978 (54.9 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 52620  bytes 54980978 (54.9 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

注:lo接口,是一种特殊的网络接口,一般不与任何实际设备连接,而是完全由软件实现。在TCP/IP网络中,loopback的ip地址一般是127.0.0.1, ping loopback地址,总会有响应返回。一个传给环回接口的IP数据包是不会在网络中出现。

我们想象,一旦传输层检测到目的端地址是环回地址时,应该可以省略部分传输层和所有网络层的逻辑操作。但是大多数的系统还是照样完成传输层和网络层的所有过程,只是当IP数据报离开网络层时把它返回给自己

8StrtK.md.jpg

ifconfig也可以用来启动/关闭网络接口,和修改接口的mac地址。

ifconfig wlan0 down
ifconfig wlan0 hw ether 13:11:20:33:49:66
ifconfig wlan0 up

netstat

netstat(network statistics)是在内核中访问网络连接状态及其相关信息的命令行程序,可以显示路由表、实际的网络连接和网络接口设备的状态信息,以及与 IP、TCP、UDP 和 ICMP 协议相关的统计数据,一般用于检验本机各端口的网络服务运行状况。

netstat的命令选项比较多,下面介绍常用的几个。

-a 列出tcp, udp和unix协议下所有套接字的连接。

root@localhost:~# netstat -a
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 0.0.0.0:http            0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:https           0.0.0.0:*               LISTEN
tcp        0      0 li868-49.members.:https 211.249.226.104:16082   SYN_RECV
tcp        0      0 li868-49.members.:https 061196173124.cidr:58020 SYN_RECV
tcp        0      0 li868-49.members.:https 061196173124.cidr:13060 SYN_RECV
tcp        0      0 li868-49.members.l:http 061196173124.cidr:17302 SYN_RECV
tcp        0      0 li868-49.members.:https 34.141.212.222.br:29908 ESTABLISHED
udp        0      0 127.0.0.53:domain       0.0.0.0:*
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags       Type       State         I-Node   Path
unix  2      [ ]         DGRAM                    878498   /run/user/0/systemd/notify
unix  2      [ ACC ]     SEQPACKET  LISTENING     13731    /run/udev/control
unix  2      [ ACC ]     STREAM     LISTENING     878501   /run/user/0/systemd/private
...

-t 只列出tcp连接

root@localhost:~# netstat -a
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 0.0.0.0:http            0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:https           0.0.0.0:*               LISTEN
tcp        0      0 li868-49.members.:https 211.249.226.104:16082   SYN_RECV
tcp        0      0 li868-49.members.:https 061196173124.cidr:58020 SYN_RECV
tcp        0      0 li868-49.members.:https 061196173124.cidr:13060 SYN_RECV
tcp        0      0 li868-49.members.l:http 061196173124.cidr:17302 SYN_RECV
tcp        0      0 li868-49.members.:https 34.141.212.222.br:29908 ESTABLISHED
...

-u 只列出udp连接


root@localhost:~# netstat -ua
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
udp        0      0 127.0.0.53:domain       0.0.0.0:*
...

-l 只列出tcp正在监听的连接

root@localhost:~# netstat -tl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 0.0.0.0:http            0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.53:domain       0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:https           0.0.0.0:*               LISTEN
...

-n 禁止反向域名查询,可以加快查询速度

Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 139.162.27.49:443       61.196.173.124:43132    SYN_RECV
tcp        0      0 139.162.27.49:80        211.249.226.104:61457   SYN_RECV
tcp        0      0 139.162.27.49:443       120.196.114.246:50213   ESTABLISHED
tcp        0      0 139.162.27.49:443       211.249.226.104:21004   SYN_RECV
tcp        0      0 139.162.27.49:80        211.249.226.104:9039    SYN_RECV
tcp        0      0 139.162.27.49:80        61.196.173.124:15844    SYN_RECV
tcp        0      0 139.162.27.49:80        61.196.173.124:62543    SYN_RECV
...

-p 查看相关的进程(root权限执行)

root@localhost:~# netstat -tlnp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      703/nginx: master p
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      703/nginx: master p

-r 显示本机的路由信息

root@localhost:~# netstat -rn
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         139.162.27.1    0.0.0.0         UG        0 0          0 eth0
139.162.27.0    0.0.0.0         255.255.255.0   U         0 0          0 eth0

第二行表示如果目标地址的网络地址是139.162.27.0/24,是局域网内的通信,直接通过eth0转发数据表。
第一行表示其他目标地址,例如(www.baidu.com), 通过eth0接口,将数据包发送到网关139.162.27.1。

-i 显示网络接口设备的统计信息

root@localhost:~# netstat -i
Kernel Interface table
Iface      MTU    RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0      1500  2109800      0      0 0       1944768      0      0      0 BMRU
lo       65536    58946      0      0 0         58946      0      0      0 LRU

-s 显示IP、TCP、UDP 和 ICMP 协议相关的统计数据,配合grep命令,可以筛选出想要的信息。

Ip:
    Forwarding: 2
    1977504 total packets received
    8 with invalid addresses
    0 forwarded
    0 incoming packets discarded
    1977496 incoming packets delivered
    1992071 requests sent out
Icmp:
    3319 ICMP messages received
    264 input ICMP message failed
    InCsumErrors: 41
    ICMP input histogram:
        destination unreachable: 542
        timeout in transit: 127
        redirects: 1
        echo requests: 2589
        echo replies: 19
    5880 ICMP messages sent
    0 ICMP messages failed
    ICMP output histogram:
        destination unreachable: 3258
        echo requests: 33
        echo replies: 2589
IcmpMsg:
        InType0: 19
        InType3: 542
        InType5: 1
        InType8: 2589
        InType11: 127
        OutType0: 2589
        OutType3: 3258
        OutType8: 33
Tcp:
    5795 active connection openings
    116595 passive connection openings
    1607 failed connection attempts
    3894 connection resets received
    14 connections established
    1975313 segments received
    2206788 segments sent out
    355773 segments retransmitted
    73 bad segments received
    108960 resets sent
    InCsumErrors: 70
Udp:
    2675 packets received
    3289 packets to unknown port received
    0 packet receive errors
    3036 packets sent
    0 receive buffer errors
    0 send buffer errors
UdpLite:
TcpExt:
    1604 resets received for embryonic SYN_RECV sockets
    42272 TCP sockets finished time wait in fast timer
    949 packetes rejected in established connections because of timestamp
    37251 delayed acks sent
    37 delayed acks further delayed because of locked socket
    Quick ack mode was activated 42751 times
    47 SYNs to LISTEN sockets droppe
...

lsof

lsof(list open files)命令,用来输出所有打开的文件(磁盘文件,命名管道,网络套接字)和对应的进程。

我们经常用到的-i选项,可以找出正在使用某个端口的进程。

root@localhost:~# lsof -i:80
COMMAND PID     USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
nginx   703     root    9u  IPv4  18371      0t0  TCP *:http (LISTEN)
nginx   704 www-data    9u  IPv4  18371      0t0  TCP *:http (LISTEN)

tcpdump

tcpdump是功能强大的网络抓包功能,具有非常强大的过滤和匹配功能。

下面列出一些常用的选项。

-i 抓取指定网络接口的数据包。

root@localhost:~# tcpdump -i eth0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
01:39:58.625285 IP li868-49.members.linode.com.16688 > 59.41.161.246.9688: Flags [P.], seq 4156530797:4156530905, ack 2093827186, win 313, options [nop,nop,TS val 3287990521 ecr 992787036], length 108
01:39:58.626310 IP li868-49.members.linode.com.39094 > dns.google.domain: 733+ PTR? 246.161.41.59.in-addr.arpa. (44)
01:39:58.671158 IP dns.google.domain > li868-49.members.linode.com.39094: 733 NXDomain 0/1/0 (102)
01:39:58.671855 IP li868-49.members.linode.com.54877 > dns.google.domain: 17048+ PTR? 8.8.8.8.in-addr.arpa. (38)
01:39:58.673628 IP dns.google.domain > li868-49.members.linode.com.54877: 17048 1/0/0 PTR dns.google. (62)
...

host 抓取指定主机的数据包,下面的例子是抓取本机发送到59.41.161.246,和59.41.161.246发送本机的数据包。

root@localhost:~# tcpdump host 59.41.161.246
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
01:52:30.031276 IP li868-49.members.linode.com.16688 > 59.41.161.246.11087: Flags [P.], seq 3054730260:3054730328, ack 342248862, win 338, options [nop,nop,TS val 3288741933 ecr 993532684], length 68
01:52:31.631269 IP li868-49.members.linode.com.16688 > 59.41.161.246.11087: Flags [P.], seq 0:68, ack 1, win 338, options [nop,nop,TS val 3288743533 ecr 993532684], length 68
01:52:33.636396 IP 59.41.161.246.11087 > li868-49.members.linode.com.16688: Flags [P.], seq 1:37, ack 0, win 4096, options [nop,nop,TS val 993536757 ecr 3288740174], length 36
01:52:33.636441 IP li868-49.members.linode.com.16688 > 59.41.161.246.11087: Flags [.], ack 37, win 338, options [nop,nop,TS val 3288745538 ecr 993536757], length 0
...

port 抓取指定端口的数据包,下面的例子是抓取本机443端口发送出去,和443端口接收到的数据包。

root@localhost:~# tcpdump port 443
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
01:55:43.247442 IP li868-49.members.linode.com.https > 061196173124.cidr.odn.ne.jp.19617: Flags [S.], seq 3945161203, ack 1075986135, win 29200, options [mss 1460], length 0
01:55:43.759262 IP li868-49.members.linode.com.https > 211.249.226.104.60898: Flags [S.], seq 1183196140, ack 3386651256, win 29200, options [mss 1460], length 0
01:55:44.527292 IP li868-49.members.linode.com.https > 061196173124.cidr.odn.ne.jp.8108: Flags [S.], seq 1593396289, ack 453296168, win 29200, options [mss 1460], length 0
01:55:46.772851 IP 061196173124.cidr.odn.ne.jp.15273 > li868-49.members.linode.com.https: Flags [S], seq 2734799881, win 29200, length 0
01:55:46.772910 IP li868-49.members.linode.com.https > 061196173124.cidr.odn.ne.jp.15273: Flags [S.], seq 2458854538, ack 2734799882, win 29200, options [mss 1460], length 0
01:55:47.281722 IP 120.136.45.196.62015 > li868-49.members.linode.com.https: Flags [.], ack 181264012, win 4096, length 0
...

src 指定数据包的来源ip或来源port,配合hostip选项使用。下面的例子是只抓取本机443端口发送出去的数据包。


root@localhost:~# tcpdump src port 443
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
02:00:27.955549 IP li868-49.members.linode.com.https > 223.223.201.195.42057: Flags [P.], seq 549587455:549587705, ack 766564150, win 235, options [nop,nop,TS val 3453460052 ecr 472588413], length 250
02:00:28.687262 IP li868-49.members.linode.com.https > 211.249.226.104.57499: Flags [S.], seq 2980342007, ack 1894178273, win 29200, options [mss 1460], length 0
02:00:28.751258 IP li868-49.members.linode.com.https > 223.223.201.195.42057: Flags [P.], seq 0:250, ack 1, win 235, options [nop,nop,TS val 3453460848 ecr 472588413], length 250
02:00:28.890222 IP li868-49.members.linode.com.https > 223.223.201.195.42057: Flags [.], ack 1, win 235, options [nop,nop,TS val 3453460987 ecr 472589345,nop,nop,sack 1 {4294967212:1}], length 0
02:00:29.199328 IP li868-49.members.linode.com.https > 061196173124.cidr.odn.ne.jp.9416: Flags [S.], seq 3156355225, ack 3166236875, win 29200, options [mss 1460], length 0
...

dst 指定数据包的目的ipport,配合hostip选项使用。下面的例子是只抓取本机443端口接收到的数据包。

root@localhost:~# tcpdump dst port 443
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
02:01:39.301123 IP 223.223.201.195.47520 > li868-49.members.linode.com.https: Flags [.], ack 2071954224, win 2058, options [nop,nop,TS val 472659619 ecr 3453531099], length 0
02:01:39.302067 IP 223.223.201.195.47520 > li868-49.members.linode.com.https: Flags [P.], seq 0:184, ack 1, win 2058, options [nop,nop,TS val 472659619 ecr 3453531099], length 184
02:01:39.605863 IP 223.223.201.195.47520 > li868-49.members.linode.com.https: Flags [.], ack 1, win 2058, options [nop,nop,TS val 472659922 ecr 3453531399,nop,nop,sack 1 {1449:2897}], length 0
02:01:39.605906 IP 223.223.201.195.47520 > li868-49.members.linode.com.https: Flags [.], ack 2897, win 2013, options [nop,nop,TS val 472659922 ecr 3453531402], length 0
02:01:39.605911 IP 223.223.201.195.47520 > li868-49.members.linode.com.https: Flags [.], ack 2957, win 2012, options [nop,nop,TS val 472659922 ecr 3453531402], length 0
...

tcpudparp 指定协议,只抓取指定的协议。下面的例子是结合上面的选项,抓取TCP协议,且端口(源端口或者目的端口)是16688,来自IP地址为 59.41.161.246的主机的数据包。

root@localhost:~# tcpdump tcp and src 59.41.161.246 and port 16688
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
02:06:58.281691 IP 59.41.161.246.11087 > li868-49.members.linode.com.16688: Flags [.], ack 3054774944, win 4096, options [nop,nop,TS val 994396074 ecr 3289609435,nop,nop,sack 1 {37:73}], length 0
02:06:58.294706 IP 59.41.161.246.11087 > li868-49.members.linode.com.16688: Flags [.], ack 1, win 4096, options [nop,nop,TS val 994396087 ecr 3289609435,nop,nop,sack 1 {37:361}], length 0
02:06:58.469704 IP 59.41.161.246.11087 > li868-49.members.linode.com.16688: Flags [.], ack 361, win 4084, options [nop,nop,TS val 994396260 ecr 3289610189], length 0
02:06:58.482691 IP 59.41.161.246.11087 > li868-49.members.linode.com.16688: Flags [.], ack 633, win 4087, options [nop,nop,TS val 994396273 ecr 3289610202], length 0
02:06:58.656710 IP 59.41.161.246.11087 > li868-49.members.linode.com.16688: Flags [.], ack 897, win 4087, options [nop,nop,TS val 994396446 ecr 3289610377], length 0
...

curl

curl是一个可以使用不同协议,传输数据的命令行工具。我经常用curl来调试api接口。

不带有任何参数时,curl就是发出GET请求。

curl www.baidu.com

-d 选项用于发送POST JSON请求。

curl -d'login=emma&password=123'-X POST https://google.com/login

使用-d参数以后,HTTP请求头会自动加上Content-Type: application/x-www-form-urlencoded

-H 选项用于设置HTTP请求头

$ curl -d '{"login": "emma", "pass": "123"}' -H 'Content-Type: application/json' https://google.com/login

上面的命令是POST JSON数据.

Last modification:March 26th, 2020 at 11:42 am
如果觉得我的文章对你有用,请尽情赞赏 🐶