Linux配置文件和网络常用命令总结
Linux应用配置大全
Linux网络基本配置
最小化安装的话是没有ifconfig命令的需要使用yum search ifconfig查找,然后yum install net-tools.x86_64软件包
Linux网络配置文件
/etc/sysconfig/network-scripts/ifcfg-eth0
在Linux系统中,系统网络设备的配置文件保存在/etc/sysconfig/network-scripts目录下,其中文件ifcfg-eth0包含第一块网卡的配置信息,文件ifcfg-eth1包含第二块网卡的配置信息,文件ifcfg-lo包含回路IP地址信息。
[root@ansible ~]# ls /etc/sysconfig/network-scripts/
ifcfg-ens33 ifdown-isdn ifdown-tunnel ifup-isdn ifup-Team
ifcfg-lo ifdown-post ifup ifup-plip ifup-TeamPort
ifdown ifdown-ppp ifup-aliases ifup-plusb ifup-tunnel
ifdown-bnep ifdown-routes ifup-bnep ifup-post ifup-wireless
ifdown-eth ifdown-sit ifup-eth ifup-ppp init.ipv6-global
ifdown-ippp ifdown-Team ifup-ippp ifup-routes network-functions
ifdown-ipv6 ifdown-TeamPort ifup-ipv6 ifup-sit network-functions-ipv6
[root@ansible ~]#
以下是/etc/sysconfig/network-scripts/ifcfg-eth0文件内容的示例。
DEVICE=eth0
//表示网卡物理设备的名字
TYPE=Ethernet
//表示网络类型
UUID="9a6cf3a6-3947-495f-b721-f8cdd44576ee"
//表示网卡的UUID
ONBOOT="yes"
//表示启动系统时是否激活该网卡,yes激活,no不激活
BOOTPROTO=none
//表示为网卡配置静态还是动态IP地址,none:表示无需启动协议,dhcp:表示使用DHCP动态获取IP地址。static:表示手工设置静态IP地址。,
IPADDR="192.168.0.100"
//表示网卡的IP地址
NETMASK=255.255.255.0
//表示子网掩码
BROADCAST=192.168.0.255
//表示网络广播地址
GATEWAY=192.168.0.1
//表示该网关地址
DNS1=114.114.114.114
//表示DNS服务器的IP地址
NAME="eth0"/etc/resolv.conf文件
/etc/resolv.conf文件是由域名解析器(resolver,一个根据主机名解析IP地址的库)使用的配置文件,下面是/etc/resolv.conf文件内容的示例。
# Generated by NetworkManager
nameserver 8.8.8.8
search sh.com改文件中包含的内容描述:
-
nameserver:表示解析域名时使用该IP地址指定的主机为域名服务器,其中域名服务器是按照文件中出现的顺序来查询的。
-
search:表示DNS搜索路径,即解析不完整名称时默认的附加域名后缀,这样可以在解析名称时用简短的主机名而不是完全合格域名(FQDN)。
/etc/host.conf文件
/etc/host.conf文件指定如何解析主机名,Linux系统通过解析器来获得主机名对应的IP地址,下面是/etc/host.conf文件内容的示例。
[root@ansible ~]# cat /etc/host.conf
multi on- multi on:表示在/etc/hosts文件中指定的主机是否可以有多个地址,拥有多个IP地址的主机一般称为多穴主机。
/etc/hosts文件
当计算机启动时,在可以查询DNS以前,计算机需要查询一些主机名到IP地址的匹配。这些匹配信息存放在/etc/hosts文件中。在没有域名服务器的情况下,系统上的所有网络程序都通过查询该文件来解析对应于某个主机名的IP地址。
[root@ansible sysconfig]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6/etc/networks文件
定义了网络名和网络地址之间的映射关系,下面是内容示例:
default 0.0.0.0
loopback 127.0.0.0
link-local 169.254.0.0/etc/protocols文件
定义了计算机主机使用的协议,以及每个协议的协议号等相关信息
# /etc/protocols:
# $Id: protocols,v 1.11 2011/05/03 14:45:40 ovasik Exp $
#
# Internet (IP) protocols
#
# from: @(#)protocols 5.1 (Berkeley) 4/17/89
#
# Updated for NetBSD based on RFC 1340, Assigned Numbers (July 1992).
# Last IANA update included dated 2011-05-03
#
# See also http://www.iana.org/assignments/protocol-numbers
协议名 协议号 协议全名 注释
ip 0 IP # internet protocol, pseudo protocol number
hopopt 0 HOPOPT # hop-by-hop options for ipv6
icmp 1 ICMP # internet control message protocol
igmp 2 IGMP # internet group management protocol
ggp 3 GGP # gateway-gateway protocol
ipv4 4 IPv4 # IPv4 encapsulation
st 5 ST # ST datagram mode
tcp 6 TCP # transmission control protocol
cbt 7 CBT # CBT, Tony Ballardie <A.Ballardie@cs.ucl.ac.uk>
egp 8 EGP # exterior gateway protocol
igp 9 IGP # any private interior gateway (Cisco: for IGRP)
bbn-rcc 10 BBN-RCC-MON # BBN RCC Monitoring
nvp 11 NVP-II # Network Voice Protocol
pup 12 PUP # PARC universal packet protocol
argus 13 ARGUS # ARGUS
emcon 14 EMCON # EMCON
xnet 15 XNET # Cross Net Debugger
chaos 16 CHAOS # Chaos
udp 17 UDP # user datagram protocol
mux 18 MUX # Multiplexing protocol
dcn 19 DCN-MEAS # DCN Measurement Subsystems
hmp 20 HMP # host monitoring protocol
prm 21 PRM # packet radio measurement protocol
xns-idp 22 XNS-IDP # Xerox NS IDP
trunk-1 23 TRUNK-1 # Trunk-1
trunk-2 24 TRUNK-2 # Trunk-2
leaf-1 25 LEAF-1 # Leaf-1
leaf-2 26 LEAF-2 # Leaf-2
rdp 27 RDP # "reliable datagram" protocol
irtp 28 IRTP # Internet Reliable Transaction Protocol
iso-tp4 29 ISO-TP4 # ISO Transport Protocol Class 4
netblt 30 NETBLT # Bulk Data Transfer Protocol
mfe-nsp 31 MFE-NSP # MFE Network Services Protocol
merit-inp 32 MERIT-INP # MERIT Internodal Protocol
dccp 33 DCCP # Datagram Congestion Control Protocol
3pc 34 3PC # Third Party Connect Protocol
idpr 35 IDPR # Inter-Domain Policy Routing Protocol
xtp 36 XTP # Xpress Tranfer Protocol
ddp 37 DDP # Datagram Delivery Protocol
idpr-cmtp 38 IDPR-CMTP # IDPR Control Message Transport Proto
tp++ 39 TP++ # TP++ Transport Protocol
il 40 IL # IL Transport Protocol
ipv6 41 IPv6 # IPv6 encapsulation
sdrp 42 SDRP # Source Demand Routing Protocol
ipv6-route 43 IPv6-Route # Routing Header for IPv6
ipv6-frag 44 IPv6-Frag # Fragment Header for IPv6
idrp 45 IDRP # Inter-Domain Routing Protocol
rsvp 46 RSVP # Resource ReSerVation Protocol
gre 47 GRE # Generic Routing Encapsulation
dsr 48 DSR # Dynamic Source Routing Protocol
bna 49 BNA # BNA
esp 50 ESP # Encap Security Payload
ipv6-crypt 50 IPv6-Crypt # Encryption Header for IPv6 (not in official list)
ah 51 AH # Authentication Header
ipv6-auth 51 IPv6-Auth # Authentication Header for IPv6 (not in official list)
i-nlsp 52 I-NLSP # Integrated Net Layer Security TUBA
swipe 53 SWIPE # IP with Encryption
narp 54 NARP # NBMA Address Resolution Protocol
mobile 55 MOBILE # IP Mobility
tlsp 56 TLSP # Transport Layer Security Protocol
skip 57 SKIP # SKIP
ipv6-icmp 58 IPv6-ICMP # ICMP for IPv6
ipv6-nonxt 59 IPv6-NoNxt # No Next Header for IPv6
ipv6-opts 60 IPv6-Opts # Destination Options for IPv6
# 61 # any host internal protocol
cftp 62 CFTP # CFTP
# 63 # any local network
sat-expak 64 SAT-EXPAK # SATNET and Backroom EXPAK
kryptolan 65 KRYPTOLAN # Kryptolan
rvd 66 RVD # MIT Remote Virtual Disk Protocol
ippc 67 IPPC # Internet Pluribus Packet Core
# 68 # any distributed file system
sat-mon 69 SAT-MON # SATNET Monitoring
visa 70 VISA # VISA Protocol
ipcv 71 IPCV # Internet Packet Core Utility
cpnx 72 CPNX # Computer Protocol Network Executive
cphb 73 CPHB # Computer Protocol Heart Beat
wsn 74 WSN # Wang Span Network
pvp 75 PVP # Packet Video Protocol
br-sat-mon 76 BR-SAT-MON # Backroom SATNET Monitoring
sun-nd 77 SUN-ND # SUN ND PROTOCOL-Temporary
wb-mon 78 WB-MON # WIDEBAND Monitoring
wb-expak 79 WB-EXPAK # WIDEBAND EXPAK
iso-ip 80 ISO-IP # ISO Internet Protocol
vmtp 81 VMTP # Versatile Message Transport
secure-vmtp 82 SECURE-VMTP # SECURE-VMTP
vines 83 VINES # VINES
ttp 84 TTP # TTP
nsfnet-igp 85 NSFNET-IGP # NSFNET-IGP
dgp 86 DGP # Dissimilar Gateway Protocol
tcf 87 TCF # TCF
eigrp 88 EIGRP # Enhanced Interior Routing Protocol (Cisco)
ospf 89 OSPFIGP # Open Shortest Path First IGP
sprite-rpc 90 Sprite-RPC # Sprite RPC Protocol
larp 91 LARP # Locus Address Resolution Protocol
mtp 92 MTP # Multicast Transport Protocol
ax.25 93 AX.25 # AX.25 Frames
ipip 94 IPIP # Yet Another IP encapsulation
micp 95 MICP # Mobile Internetworking Control Pro.
scc-sp 96 SCC-SP # Semaphore Communications Sec. Pro.
etherip 97 ETHERIP # Ethernet-within-IP Encapsulation
encap 98 ENCAP # Yet Another IP encapsulation
# 99 # any private encryption scheme
gmtp 100 GMTP # GMTP
ifmp 101 IFMP # Ipsilon Flow Management Protocol
pnni 102 PNNI # PNNI over IP
pim 103 PIM # Protocol Independent Multicast
aris 104 ARIS # ARIS
scps 105 SCPS # SCPS
qnx 106 QNX # QNX
a/n 107 A/N # Active Networks
ipcomp 108 IPComp # IP Payload Compression Protocol
snp 109 SNP # Sitara Networks Protocol
compaq-peer 110 Compaq-Peer # Compaq Peer Protocol
ipx-in-ip 111 IPX-in-IP # IPX in IP
vrrp 112 VRRP # Virtual Router Redundancy Protocol
pgm 113 PGM # PGM Reliable Transport Protocol
# 114 # any 0-hop protocol
l2tp 115 L2TP # Layer Two Tunneling Protocol
ddx 116 DDX # D-II Data Exchange
iatp 117 IATP # Interactive Agent Transfer Protocol
stp 118 STP # Schedule Transfer
srp 119 SRP # SpectraLink Radio Protocol
uti 120 UTI # UTI
smp 121 SMP # Simple Message Protocol
sm 122 SM # SM
ptp 123 PTP # Performance Transparency Protocol
isis 124 ISIS # ISIS over IPv4
fire 125 FIRE
crtp 126 CRTP # Combat Radio Transport Protocol
crudp 127 CRUDP # Combat Radio User Datagram
sscopmce 128 SSCOPMCE
iplt 129 IPLT
sps 130 SPS # Secure Packet Shield
pipe 131 PIPE # Private IP Encapsulation within IP
sctp 132 SCTP # Stream Control Transmission Protocol
fc 133 FC # Fibre Channel
rsvp-e2e-ignore 134 RSVP-E2E-IGNORE
mobility-header 135 Mobility-Header # Mobility Header
udplite 136 UDPLite
mpls-in-ip 137 MPLS-in-IP
manet 138 manet # MANET Protocols
hip 139 HIP # Host Identity Protocol
shim6 140 Shim6 # Shim6 Protocol
wesp 141 WESP # Wrapped Encapsulating Security Payload
rohc 142 ROHC # Robust Header Compression
# 143-252 Unassigned [IANA]
# 253 Use for experimentation and testing [RFC3692]
# 254 Use for experimentation and testing [RFC3692]
# 255 Reserved [IANA]
/etc/services 文件
定义了Linux系统中所有服务的名称、协议类型、服务器的端口等信息。是一个服务名和服务端口对应的数据库文件。
# /etc/services:
# $Id: services,v 1.55 2013/04/14 ovasik Exp $
#
# Network services, Internet style
# IANA services version: last updated 2013-04-10
#
# Note that it is presently the policy of IANA to assign a single well-known
# port number for both TCP and UDP; hence, most entries here have two entries
# even if the protocol doesn't support UDP operations.
# Updated from RFC 1700, ``Assigned Numbers'' (October 1994). Not all ports
# are included, only the more common ones.
#
# The latest IANA port assignments can be gotten from
# http://www.iana.org/assignments/port-numbers
# The Well Known Ports are those from 0 through 1023.
# The Registered Ports are those from 1024 through 49151
# The Dynamic and/or Private Ports are those from 49152 through 65535
#
# Each line describes one service, and is of the form:
#
# service-name port/protocol [aliases ...] [# comment]
tcpmux 1/tcp # TCP port service multiplexer
tcpmux 1/udp # TCP port service multiplexer
rje 5/tcp # Remote Job Entry
rje 5/udp # Remote Job Entry
echo 7/tcp
echo 7/udp
discard 9/tcp sink null
discard 9/udp sink null
systat 11/tcp users
systat 11/udp users
daytime 13/tcp
daytime 13/udp
qotd 17/tcp quote
qotd 17/udp quote
msp 18/tcp # message send protocol (historic)
msp 18/udp # message send protocol (historic)
chargen 19/tcp ttytst source
chargen 19/udp ttytst source
ftp-data 20/tcp
ftp-data 20/udp
# 21 is registered to ftp, but also used by fsp
ftp 21/tcp
ftp 21/udp fsp fspd
ssh 22/tcp # The Secure Shell (SSH) Protocol
ssh 22/udp # The Secure Shell (SSH) Protocol
telnet 23/tcp
telnet 23/udp
# 24 - private mail system
lmtp 24/tcp # LMTP Mail Delivery
lmtp 24/udp # LMTP Mail Delivery
smtp 25/tcp mail
smtp 25/udp mail
time 37/tcp timserver
time 37/udp timserver
rlp 39/tcp resource # resource location
rlp 39/udp resource # resource location
nameserver 42/tcp name # IEN 116
nameserver 42/udp name # IEN 116
nicname 43/tcp whois
nicname 43/udp whois
tacacs 49/tcp # Login Host Protocol (TACACS)
tacacs 49/udp # Login Host Protocol (TACACS)
re-mail-ck 50/tcp # Remote Mail Checking Protocol
re-mail-ck 50/udp # Remote Mail Checking Protocol
domain 53/tcp # name-domain server
domain 53/udp
whois++ 63/tcp whoispp
whois++ 63/udp whoispp
bootps 67/tcp # BOOTP server
bootps 67/udp
bootpc 68/tcp dhcpc # BOOTP client
bootpc 68/udp dhcpc
tftp 69/tcp
tftp 69/udp
gopher 70/tcp # Internet Gopher
gopher 70/udp
netrjs-1 71/tcp # Remote Job Service
netrjs-1 71/udp # Remote Job Service
netrjs-2 72/tcp # Remote Job Service
netrjs-2 72/udp # Remote Job Service
netrjs-3 73/tcp # Remote Job Service
netrjs-3 73/udp # Remote Job Service
netrjs-4 74/tcp # Remote Job Service
netrjs-4 74/udp # Remote Job Service
finger 79/tcp
finger 79/udp
http 80/tcp www www-http # WorldWideWeb HTTP
http 80/udp www www-http # HyperText Transfer Protocol
http 80/sctp # HyperText Transfer Protocol
kerberos 88/tcp kerberos5 krb5 # Kerberos v5
kerberos 88/udp kerberos5 krb5 # Kerberos v5
......linux 网络命令
在Linux系统中提供了大量的网络命令用于网络配置、网络测试以及网络诊断,如traceroute、mii-tool、ifconfig、ifdown、ifup、ping、netstat、arp、rpcinfo和ip等
traceroute
可以显示数据包到目标主机之间的路径。使用户可以追踪网路数据包的路由途径,预设数据包大小是60字节,用户可以另外设置。
命令语法:
traceroute [选项] [主机名|IP地址] [数据包大小]例如:跟踪从本地计算机到百度网址的路径。
[root@ansible ~]# traceroute www.baidu.com
traceroute to www.baidu.com (103.235.46.39), 30 hops max, 60 byte packets
1 gateway (192.168.0.2) 0.087 ms 0.050 ms 0.067 ms
2 * * *
mii-tool
可以查看和设置网卡的工作模式
命令语法:
mii-tool [选项] [接口]ifconfig
可以显示和配置网络接口,如设置IP地址、MAC地址,激活或关闭网络接口。
ifconfig [接口] [选项| IP地址]命令中个选项的含义
配置网卡ens33的ip地址,同时激活该设备
[root@ansible ~]# ifconfig ens33 192.168.0.100 netmask 255.255.255.0 up查看所有的网卡设备
ifconfig -aifdown
关闭网络接口
ifdown [网卡设备名]ifup
开启网络接口
ifup [网卡设备名]ping
可以用来测试与目标计算机之间的连通性。执行ping命令会使用ICMP传输协议发出要求回应的信息,如果远程主机的网络功能没有问题,就会回应该信息。
ping [选项] [目标][root@ansible ~]# ping www.baidu.com
PING www.wshifen.com (103.235.46.39) 56(84) bytes of data.
64 bytes from 103.235.46.39 (103.235.46.39): icmp_seq=2 ttl=128 time=213 ms
64 bytes from 103.235.46.39 (103.235.46.39): icmp_seq=3 ttl=128 time=216 ms
测试与计算机192.168.0.200的连通性,每次发送的ICMP数据包大小为128字节
[root@ansible ~]# ping -s 128 192.168.0.200
PING 192.168.0.200 (192.168.0.200) 128(156) bytes of data.
136 bytes from 192.168.0.200: icmp_seq=1 ttl=64 time=0.277 ms
136 bytes from 192.168.0.200: icmp_seq=2 ttl=64 time=0.171 ms
136 bytes from 192.168.0.200: icmp_seq=3 ttl=64 time=0.185 ms
136 bytes from 192.168.0.200: icmp_seq=4 ttl=64 time=0.159 ms
测试与计算机192.168.0.200的连通性,发送4个ICMP数据包
[root@ansible ~]# ping -c 4 192.168.0.200
PING 192.168.0.200 (192.168.0.200) 56(84) bytes of data.
64 bytes from 192.168.0.200: icmp_seq=1 ttl=64 time=0.106 ms
64 bytes from 192.168.0.200: icmp_seq=2 ttl=64 time=0.146 ms
64 bytes from 192.168.0.200: icmp_seq=3 ttl=64 time=0.136 ms
64 bytes from 192.168.0.200: icmp_seq=4 ttl=64 time=0.225 ms
--- 192.168.0.200 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3003ms
rtt min/avg/max/mdev = 0.106/0.153/0.225/0.044 ms
netstat
可以显示网络状态的信息,得知整个linux系统的网络情况,比如网络连接、路由表、接口统计、伪装连接和组播成员。
netstat [选项] [延迟]显示网络接口状态信息
[root@ansible ~]# netstat -i
Kernel Interface table
Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
ens33 1500 17082 0 0 0 10153 0 0 0 BMRU
lo 65536 20 0 0 0 20 0 0 0 LRU
显示内核路由表的信息
[root@ansible ~]# netstat -r
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
default gateway 0.0.0.0 UG 0 0 0 ens33
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 ens33
显示端口号为22的连接情况。
[root@ansible ~]# netstat -antu |grep 22
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 48 192.168.0.100:22 192.168.0.3:60368 ESTABLISHED
tcp 0 0 192.168.0.100:22 192.168.0.3:60369 ESTABLISHED
tcp6 0 0 :::22 :::* LISTEN
检查系统上开放端口的情况
[root@ansible ~]# netstat -tulnp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 1228/mysqld
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 924/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1281/master
tcp6 0 0 :::22 :::* LISTEN 924/sshd
tcp6 0 0 ::1:25 :::* LISTEN 1281/master
arp
可以增加,删除和显示ARP缓存条目。
arp [选项] [IP地址] [MAC地址]查看系统ARP缓存信息。
[root@ansible ~]# arp
Address HWtype HWaddress Flags Mask Iface
192.168.0.200 ether 00:0c:29:f8:32:9a C ens33
gateway ether 00:50:56:e2:9e:51 C ens33
192.168.0.3 ether 00:50:56:c0:00:08 C ens33
添加一个新的arp条目
[root@ansible ~]# arp -s 192.168.0.99 00:60:08:27:CE:B2
[root@ansible ~]# arp
Address HWtype HWaddress Flags Mask Iface
192.168.0.201 (incomplete) ens33
192.168.0.200 ether 00:0c:29:f8:32:9a C ens33
gateway ether 00:50:56:e2:9e:51 C ens33
192.168.0.3 ether 00:50:56:c0:00:08 C ens33
192.168.0.99 ether 00:60:08:27:ce:b2 CM ens33
192.168.0.101 ether 00:0c:29:d4:5e:94 C ens33
//可以看到刚刚添加的静态ARP记录删除一个ARP条目
[root@ansible ~]# arp -d 192.168.0.99
[root@ansible ~]# arp
Address HWtype HWaddress Flags Mask Iface
192.168.0.201 (incomplete) ens33
192.168.0.200 ether 00:0c:29:f8:32:9a C ens33
gateway ether 00:50:56:e2:9e:51 C ens33
192.168.0.3 ether 00:50:56:c0:00:08 C ens33
192.168.0.101 ether 00:0c:29:d4:5e:94 C ens33
rpcinfo
可以显示那些使用protmap注册的程序的信息,并向程序进行RPC调用,检查他们是否正常运行
rpcinfo的安装包在yum install rpcbind-*
rpcinfo [选项] [主机] [RPC程序编号] [版本号] 显示使用protmap注册的程序的信息
[root@ansible ~]# rpcinfo
program version netid address service owner
100000 4 tcp6 ::.0.111 portmapper superuser
100000 3 tcp6 ::.0.111 portmapper superuser
100000 4 udp6 ::.0.111 portmapper superuser
100000 3 udp6 ::.0.111 portmapper superuser
100000 4 tcp 0.0.0.0.0.111 portmapper superuser
100000 3 tcp 0.0.0.0.0.111 portmapper superuser
100000 2 tcp 0.0.0.0.0.111 portmapper superuser
100000 4 udp 0.0.0.0.0.111 portmapper superuser
100000 3 udp 0.0.0.0.0.111 portmapper superuser
100000 2 udp 0.0.0.0.0.111 portmapper superuser
100000 4 local /var/run/rpcbind.sock portmapper superuser
100000 3 local /var/run/rpcbind.sock portmapper superuser
显示主机192.168.0.100上所有已注册的RPC程序的简明列表。
[root@ansible ~]# rpcinfo -s 192.168.0.100
program version(s) netid(s) service owner
100000 2,3,4 local,udp,tcp,udp6,tcp6 portmapper superuser
显示端口映射操作统计信息表
[root@ansible ~]# rpcinfo -m
PORTMAP (version 2) statistics
NULL SET UNSET GETPORT DUMP CALLIT
0 0/0 0/0 0/0 0 0/0
RPCBIND (version 3) statistics
NULL SET UNSET GETADDR DUMP CALLIT TIME U2T T2U
0 0/0 0/0 0/0 2 0/0 0 0 0
RPCBIND (version 4) statistics
NULL SET UNSET GETADDR DUMP CALLIT TIME U2T T2U
0 0/0 0/0 0/0 0 0/0 0 0 0
VERADDR INDRECT GETLIST GETSTAT
0 0 0 1
ip
可以显示和操作路由、设备、策略路由和隧道。
ip [选项] [对象] [命令]对象是要管理或者获取信息的对象,所有对象的名称可以写成完整或缩写形式,如address被缩写为addr或a。目前ip命令认识的对象如表
ip address
实现协议地址管理
查看网卡协议地址
[root@ansible ~]# ip address
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:b5:ba:4d brd ff:ff:ff:ff:ff:ff
inet 192.168.0.100/24 brd 192.168.0.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
[root@ansible ~]#
显示网卡ens33
[root@ansible ~]# ip address show ens33
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:b5:ba:4d brd ff:ff:ff:ff:ff:ff
inet 192.168.0.100/24 brd 192.168.0.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
列出网卡ens33
[root@ansible ~]# ip address list ens33
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:b5:ba:4d brd ff:ff:ff:ff:ff:ff
inet 192.168.0.100/24 brd 192.168.0.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
在网卡ens33上增加一个IP地址192.168.0.13/24,标准广播地址,指定别名为eth33:0
ip address add 192.168.0.13/24 brd + dev ens33 label ens33:0删除网卡ens33上的IP地址 192.168.0.100/24
ip address del 192.168.0.100/24 dev ens33添加静态主机路由
[root@ansible ~]# ip address add local 192.169.1.1/24 brd + dev ens33
ip link
可以实现网络设备配置
列出网卡ens33 的属性
[root@ansible ~]# ip link list ens33
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
link/ether 00:0c:29:b5:ba:4d brd ff:ff:ff:ff:ff:ff
列出网卡ens33的属性的详细信息
[root@ansible ~]# ip -s link list ens33
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
link/ether 00:0c:29:b5:ba:4d brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
16993002 19146 0 0 0 0
TX: bytes packets errors dropped carrier collsns
2128419 11404 0 0 0 0
启用网卡 ens33
ip link set dev ens33 up停用网卡 ens33
ip link set dev ens33 down更改网络设备 ens33传输队列的长度为900
ip link set dev ens33 txqueuelen 900更改网络设备 ens33 的MTU的值为1400
ip link set dev ens33 mtu 1400ip route
实现路由管理
显示路由表
[root@ansible ~]# ip route
default via 192.168.0.2 dev ens33 proto static metric 100
192.168.0.0/24 dev ens33 proto kernel scope link src 192.168.0.100 metric 100
192.169.1.0/24 dev ens33 proto kernel scope link src 192.169.1.1
添加静态网络路由
[root@ansible ~]# ip route add 192.168.1/24 via 192.168.0.1
添加静态主机路由
ip route add 192.168.1.2 via 192.168.0.1更改静态网路路由
ip route chg 192.168.1/24 dev ens33获取到IP地址192.168.0.101路径的路由
[root@ansible ~]# ip route get 192.168.0.101
192.168.0.101 dev ens33 src 192.168.0.100
cache
计算路由缓存里面的条数
[root@ansible ~]# ip -o route list cloned | wc
0 0 0
列出网络192.168.0.0的路由表
[root@ansible ~]# ip route list 192.168.0/24
192.168.0.0/24 dev ens33 proto kernel scope link src 192.168.0.100 metric 100
ip rule
实现路由策略数据库管理
列出规则
[root@ansible ~]# ip rule list
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
ip neigh
实现邻居/ARP表管理
查看系统ARP缓存信息
[root@ansible ~]# ip neigh list
192.168.0.201 dev ens33 FAILED
192.168.0.200 dev ens33 lladdr 00:0c:29:f8:32:9a STALE
192.168.0.2 dev ens33 lladdr 00:50:56:e2:9e:51 STALE
192.168.0.3 dev ens33 lladdr 00:50:56:c0:00:08 REACHABLE
192.168.0.101 dev ens33 lladdr 00:0c:29:d4:5e:94 STALE
查看IP地址192.168.0.101的系统ARP缓存信息。
[root@ansible ~]# ip -s neigh list 192.168.0.101
192.168.0.101 dev ens33 lladdr 00:0c:29:d4:5e:94 used 4780/4780/4754 probes 4 STALE
捕获网络数据包
tcpdump
可以将网络中传送的数据包的头完全截获下来提供分析。他支持针对网络层、协议、主机或端口的过滤,并提供and、or、not等逻辑语言来删选信息。
tcpdump [选项] [表达式]
