Linux上的网络相关的那些命令—netstat命令、ip添加删除命令、ss命令、对网卡设置别名
文章目录
-
- netstat命令
- ip命令
-
- ip添加命令
- ip添加路由
- ss命令
- 网络配置文件
- 网卡别名
netstat命令
显示网络连接:
netstat [--tcp|-t] [--udp|-u] [--raw|-w] [--listening|-l] [--all|-a] [--numeric|-n] [--extend|-e[--extend|-e]] [--program|-p]
| 选项 | 代表含义 |
|---|---|
| -t | tcp协议相关 |
| -u | udp协议相关 |
| -w | raw socket相关 |
| -l | 处于监听状态 |
| -a | 所有状态 |
| -n | 以数字显示IP和端口; |
| -e | 扩展格式 |
| -p | 显示相关进程及PID |
常用组合:
-ant, -anu, -tnl, -unl
示例:
[root@centos ~]# netstat -ant
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 52 192.168.44.140:22 192.168.44.1:59598 ESTABLISHED
tcp6 0 0 ::1:631 :::* LISTEN
tcp6 0 0 ::1:25 :::* LISTEN
tcp6 0 0 :::111 :::* LISTEN
tcp6 0 0 :::22 :::* LISTEN
[root@centos ~]# netstat -anu
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
udp 0 0 0.0.0.0:961 0.0.0.0:*
udp 0 0 0.0.0.0:59443 0.0.0.0:*
udp 0 0 192.168.122.1:53 0.0.0.0:*
udp 0 0 0.0.0.0:67 0.0.0.0:*
udp 0 0 0.0.0.0:68 0.0.0.0:*
udp 0 0 0.0.0.0:111 0.0.0.0:*
udp 0 0 0.0.0.0:5353 0.0.0.0:*
udp 0 0 127.0.0.1:323 0.0.0.0:*
udp6 0 0 :::961 :::*
udp6 0 0 :::111 :::*
udp6 0 0 ::1:323 :::*
[root@centos ~]# netstat -tnl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp6 0 0 ::1:631 :::* LISTEN
tcp6 0 0 ::1:25 :::* LISTEN
tcp6 0 0 :::111 :::* LISTEN
tcp6 0 0 :::22 :::* LISTEN
[root@centos ~]# netstat -unl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
udp 0 0 0.0.0.0:961 0.0.0.0:*
udp 0 0 0.0.0.0:59443 0.0.0.0:*
udp 0 0 192.168.122.1:53 0.0.0.0:*
udp 0 0 0.0.0.0:67 0.0.0.0:*
udp 0 0 0.0.0.0:68 0.0.0.0:*
udp 0 0 0.0.0.0:111 0.0.0.0:*
udp 0 0 0.0.0.0:5353 0.0.0.0:*
udp 0 0 127.0.0.1:323 0.0.0.0:*
udp6 0 0 :::961 :::*
udp6 0 0 :::111 :::*
udp6 0 0 ::1:323 :::*
显示路由表:
netstat {
--route|-r} [--numeric|-n]
-r: 显示内核路由表
-n: 数字格式
示例:
[root@centos ~]# netstat -rn
Kernel IP routing table ##内核ip路由表
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 192.168.44.2 0.0.0.0 UG 0 0 0 eno16777736
192.168.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.20.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.44.0 0.0.0.0 255.255.255.0 U 0 0 0 eno16777736
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
显示接口统计数据:
netstat {
--interfaces|-I|-i} [iface] [--all|-a] [--extend|-e] [--program|-p] [--numeric|-n]
netstat -i
ifconfig -s eth1
示例:
[root@centos ~]# ifconfig -s eth1
Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eth1 1500 0 0 0 0 25 0 0 0 BMRU
[root@centos ~]# netstat -i
Kernel Interface table
Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eno16777736 1500 3526 0 0 0 1160 0 0 0 BMRU
eth1 1500 0 0 0 0 25 0 0 0 BMRU
eth1:1 1500 - no statistics available - BMRU
eth2 1500 0 0 0 0 1780 0 0 0 BMRU
lo 65536 40 0 0 0 40 0 0 0 LRU
virbr0 1500 0 0 0 0 0 0 0 0 BMU
[root@centos ~]# ifconfig -s eth1
Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eth1 1500 0 0 0 0 25 0 0 0 BMRU
[root@centos ~]# ifconfig -s eth2
Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eth2 1500 0 0 0 0 1780 0 0 0 BMRU
ip命令
配置Linux网络属性:ip命令
ip[ OPTIONS ] OBJECT { COMMAND | help }
OBJECT = { link | addr| route }
可设置属性:
up and down:激活或禁用指定接口————使用命令:ifup/ifdown
show[dev IFACE]:指定接口
[up]:仅显示处于激活状态的接口
示例:
[root@centos ~]# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eno16777736: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:37:9b:96 brd ff:ff:ff:ff:ff:ff
inet 192.168.44.140/24 brd 192.168.44.255 scope global noprefixroute eno16777736
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe37:9b96/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:37:9b:a0 brd ff:ff:ff:ff:ff:ff
inet 192.168.10.3/24 brd 192.168.10.255 scope global noprefixroute eth1
valid_lft forever preferred_lft forever
inet 192.168.20.2/24 brd 192.168.20.255 scope global noprefixroute eth1:1
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe37:9ba0/64 scope link
valid_lft forever preferred_lft forever
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:37:9b:aa brd ff:ff:ff:ff:ff:ff
5: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN qlen 1000
link/ether 52:54:00:34:38:6d brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
6: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN qlen 1000
link/ether 52:54:00:34:38:6d brd ff:ff:ff:ff:ff:ff
[root@centos ~]# ip addr show dev eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:37:9b:a0 brd ff:ff:ff:ff:ff:ff
inet 192.168.10.3/24 brd 192.168.10.255 scope global noprefixroute eth1
valid_lft forever preferred_lft forever
inet 192.168.20.2/24 brd 192.168.20.255 scope global noprefixroute eth1:1
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe37:9ba0/64 scope link
valid_lft forever preferred_lft forever
[root@centos ~]# ip route show
default via 192.168.44.2 dev eno16777736 proto static metric 100
192.168.10.0/24 dev eth1 proto kernel scope link src 192.168.10.3 metric 101
192.168.20.0/24 dev eth1 proto kernel scope link src 192.168.20.2 metric 101
192.168.44.0/24 dev eno16777736 proto kernel scope link src 192.168.44.140 metric 100
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1
[root@centos ~]# ip route show dev eth1
192.168.10.0/24 proto kernel scope link src 192.168.10.3 metric 101
192.168.20.0/24 proto kernel scope link src 192.168.20.2 metric 101
ip添加命令
ip addr {
add | del } IFADDR dev STRING
[label LABEL]:添加地址时指明网卡别名
[scope {global|link|host}]:指明作用域
global: 全局可用
link: 仅链接可用
host: 本机可用
[broadcast ADDRESS]:指明广播地址
ip address show -look at protocol addresses
[dev DEVICE]
[label PATTERN]
[primary and secondary]
示例:
[root@centos ~]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 192.168.44.2 0.0.0.0 UG 100 0 0 eno16777736
192.168.10.0 0.0.0.0 255.255.255.0 U 101 0 0 eth1
192.168.20.0 0.0.0.0 255.255.255.0 U 101 0 0 eth1
192.168.44.0 0.0.0.0 255.255.255.0 U 100 0 0 eno16777736
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
[root@centos ~]# ip addr add 192.168.33.130/24 dev eno16777736
[root@centos ~]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 192.168.44.2 0.0.0.0 UG 100 0 0 eno16777736
192.168.10.0 0.0.0.0 255.255.255.0 U 101 0 0 eth1
192.168.20.0 0.0.0.0 255.255.255.0 U 101 0 0 eth1
192.168.33.0 0.0.0.0 255.255.255.0 U 0 0 0 eno16777736
192.168.44.0 0.0.0.0 255.255.255.0 U 100 0 0 eno16777736
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
[root@centos ~]# ip addr del 192.168.33.130/24 dev eno16777736
[root@centos ~]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 192.168.44.2 0.0.0.0 UG 100 0 0 eno16777736
192.168.10.0 0.0.0.0 255.255.255.0 U 101 0 0 eth1
192.168.20.0 0.0.0.0 255.255.255.0 U 101 0 0 eth1
192.168.44.0 0.0.0.0 255.255.255.0 U 100 0 0 eno16777736
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
ip添加路由
添加路由:ip route add
ip route add TARGET via GW dev IFACE srcSOURCE_IP
TARGET:
主机路由:IP
网络路由:NETWORK/MASK
ip route add 192.168.0.0/24 via 172.16.0.1
ip route add 192.168.1.13 via 172.16.0.1
添加网关:ip route add default via GW dev IFACE
ip route add default via 172.16.0.1
删除路由:ip route delete
ip route del TARGET
显示路由:ip route show|list
清空路由表:ip route flush[dev IFACE] [via PREFIX]
示例:
[root@centos ~]# ip route show
default via 192.168.44.2 dev eno16777736 proto static metric 100
192.168.10.0/24 dev eth1 proto kernel scope link src 192.168.10.3 metric 101
192.168.20.0/24 dev eth1 proto kernel scope link src 192.168.20.2 metric 101
192.168.44.0/24 dev eno16777736 proto kernel scope link src 192.168.44.140 metric 100
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1
[root@centos ~]# ip route add 192.168.33.0/24 via 192.168.44.2
[root@centos ~]# ip route show
default via 192.168.44.2 dev eno16777736 proto static metric 100
192.168.10.0/24 dev eth1 proto kernel scope link src 192.168.10.3 metric 101
192.168.20.0/24 dev eth1 proto kernel scope link src 192.168.20.2 metric 101
192.168.33.0/24 via 192.168.44.2 dev eno16777736
192.168.44.0/24 dev eno16777736 proto kernel scope link src 192.168.44.140 metric 100
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1
[root@centos ~]# ip route del 192.168.33.0/24 via 192.168.44.2
[root@centos ~]# ip route show
default via 192.168.44.2 dev eno16777736 proto static metric 100
192.168.10.0/24 dev eth1 proto kernel scope link src 192.168.10.3 metric 101
192.168.20.0/24 dev eth1 proto kernel scope link src 192.168.20.2 metric 101
192.168.44.0/24 dev eno16777736 proto kernel scope link src 192.168.44.140 metric 100
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1
ss命令
格式:ss [OPTION]… [FILTER]
ss命令的使用同netstat命令大致相同,但是过程不同:
netstat通过遍历proc来获取socket信息,ss使用netlink与内核tcp_diag模块通信获取socket信息。
| 选项 | 代表含义 |
|---|---|
| -t | tcp协议相关 |
| -u | udp协议相关 |
| -w | 裸套接字相关 |
| -x | unixsock相关 |
| -l | listen状态的连接 |
| -a | 所有 |
| -n | 数字格式 |
| -p | 相关的程序及PID |
| -e | 扩展的信息 |
| -m | 内存用量 |
| -o | 计时器信息 |
示例:
[root@centos ~]# ss -ant
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 127.0.0.1:631 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 *:111 *:*
LISTEN 0 5 192.168.122.1:53 *:*
LISTEN 0 128 *:22 *:*
ESTAB 0 0 192.168.44.140:22 192.168.44.1:59598
LISTEN 0 128 ::1:631 :::*
LISTEN 0 100 ::1:25 :::*
LISTEN 0 128 :::111 :::*
LISTEN 0 128 :::22 :::*
[root@centos ~]# ss -anu
State Recv-Q Send-Q Local Address:Port Peer Address:Port
UNCONN 0 0 *:961 *:*
UNCONN 0 0 *:59443 *:*
UNCONN 0 0 192.168.122.1:53 *:*
UNCONN 0 0 *%virbr0:67 *:*
UNCONN 0 0 *:111 *:*
UNCONN 0 0 *:5353 *:*
UNCONN 0 0 127.0.0.1:323 *:*
UNCONN 0 0 :::961 :::*
UNCONN 0 0 :::111 :::*
UNCONN 0 0 ::1:323 :::*
TCP的常见状态:
tcpfinite state machine:
LISTEN: 监听
ESTABLISHED:已建立的连接
FIN_WAIT_1
FIN_WAIT_2
SYN_SENT
SYN_RECV
CLOSED
ss -l 显示本地打开的所有端口
ss -pl 显示每个进程具体打开的socket
ss -t -a 显示所有tcp socket
ss -u -a 显示所有的UDP Socekt
ss -o state established ‘( dport = :ssh or sport = :ssh )’ 显示所有已建立的ssh连接
ss -o state established ‘( dport = :http or sport = :http )’ 显示所有已建立的HTTP连接
ss -s 列出当前socket详细信息
示例:
[root@centos ~]# ss -ant state ESTABLISHED
Recv-Q Send-Q Local Address:Port Peer Address:Port
0 52 192.168.44.140:22 192.168.44.1:59598
[root@centos ~]# ss -ant state ESTABLISHED
Recv-Q Send-Q Local Address:Port Peer Address:Port
0 52 192.168.44.140:22 192.168.44.1:59598
[root@centos ~]# ss -s
Total: 659 (kernel 1530)
TCP: 11 (estab 1, closed 1, orphaned 0, synrecv 0, timewait 0/0), ports 0
Transport Total IP IPv6
* 1530 - -
RAW 1 0 1
UDP 11 8 3
TCP 10 6 4
INET 22 14 8
FRAG 0 0 0
网络配置文件
IP、MASK、GW、DNS相关配置文件:/etc/sysconfig/network-scripts/ifcfg-IFACE
配置文件中的参数:
| 参数 | 含义 |
|---|---|
| ONBOOT | 在系统引导时是否激活此设备 |
| TYPE | 接口类型;常见有的Ethernet, Bridge |
| UUID | 设备的惟一标识 |
| IPADDR | 指明IP地址 |
| NETMASK | 子网掩码 |
| GATEWAY | 默认网关 |
| DNS1 | 第一个DNS服务器指向 |
| DNS2 | 第二个DNS服务器指向 |
| USERCTL | 普通用户是否可控制此设备 |
| PEERDNS | 如果BOOTPROTO的值为“dhcp”,是否允许dhcp server分配的dns服务器指向信息直接覆盖至/etc/resolv.conf文件中 |
配置文件有两种风格
(1) TARGET via GW
如:10.0.0.0/8 via 172.16.0.1
(2) 每三行定义一条路由
ADDRESS#=TARGET
NETMASK#=mask
GATEWAY#=GW
网卡别名
对虚拟主机有用
将多个IP地址绑定到一个NIC上
eth0:1 、eth0:2、eth0:3
有两种方式:
一、
ifconfig命令:
ifconfig eth0:0 192.168.1.100/24 up
ifconfig eth0:0 down
ip命令:
ip addr add 172.16.1.2/24 dev eth0 label eth0:0
ip addr add 172.16.1.1/24 dev eth0 label eth0:0
ip addr del 172.16.1.2/24 dev eth0 label eth0:0
ip addr del 172.16.1.1/24 dev eth0 label eth0:0
二、
使用配置文件
为每个设备别名生成独立的接口配置文件
配置文件命名为ifcfg-ethX:xxx
必须使用静态联网
配置文件内容例如:
NAME=eth0:0
DEVICE=eth0:0
IPADDR=10.10.10.10
NETMASK=255.0.0.0
ONPARENT=yes
注意:service network restart 生效(重启网络服务)
示例:
vim /etc/sysconfig/network-scripts/ifcfg-eth1:1
1 TYPE="Ethernet"
2 BOOTPROTO="static"
3 DEFROUTE="yes"
4 PEERDNS="yes"
5 PEERROUTES="yes"
6 NAME="eth1:1"
7 IPADDR=192.168.33.3
8 NETMASK=255.255.255.0
9 DEVICE=eth1:1
10 ONBOOT="yes"
[root@centos network-scripts]# ifconfig
eno16777736: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.44.140 netmask 255.255.255.0 broadcast 192.168.44.255
inet6 fe80::20c:29ff:fe37:9b96 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:37:9b:96 txqueuelen 1000 (Ethernet)
RX packets 3769 bytes 318454 (310.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2304 bytes 393293 (384.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.10.3 netmask 255.255.255.0 broadcast 192.168.10.255
inet6 fe80::20c:29ff:fe37:9ba0 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:37:9b:a0 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 180 bytes 26930 (26.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth1:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.33.3 netmask 255.255.255.0 broadcast 192.168.33.255
ether 00:0c:29:37:9b:a0 txqueuelen 1000 (Ethernet)
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 45 bytes 3560 (3.4 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 45 bytes 3560 (3.4 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
ether 52:54:00:34:38:6d txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0