1 ifconfig:显示网卡信息

[root@localhost proc]# ifconfig

eth0      Link encap:Ethernet  HWaddr 00:0C:29:B8:90:BE  

          inet addr:192.168.154.128  Bcast:192.168.154.255  Mask:255.255.255.0

          inet6 addr: fe80::20c:29ff:feb8:90be/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:3847 errors:0 dropped:0 overruns:0 frame:0

          TX packets:5152 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000 

          RX bytes:326187 (318.5 KiB)  TX bytes:882894 (862.2 KiB)

          Interrupt:19 Base address:0x2024 


2 arp:显示arp条目

[root@localhost proc]# arp

Address                  HWtype  HWaddress           Flags Mask            Iface

192.168.154.1            ether   00:50:56:c0:00:08   C                     eth0

192.168.154.2            ether   00:50:56:ec:fe:4a   C                     eth0

192.168.154.254          ether   00:50:56:f5:05:c8   C                     eth0


3 ethtool:查询和设置网卡参数

[root@localhost proc]# ethtool -P eth0            #查询端口位置

 

4 netstat:显示和网络相关的信息,网络连接、接口状态、路由信息等

[root@localhost proc]# netstat -r

Kernel IP routing table

Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface

192.168.154.0   *               255.255.255.0   U         0 0          0 eth0

link-local      *               255.255.0.0     U         0 0          0 eth0

default         192.168.154.2   0.0.0.0         UG        0 0          0 eth0


[root@localhost proc]# netstat -anpt

Active Internet connections (servers and established)

Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name   

tcp        0      0 0.0.0.0:39709               0.0.0.0:*                   LISTEN      1643/rpc.statd      

tcp        0      0 0.0.0.0:3306                0.0.0.0:*                   LISTEN      2172/mysqld         

tcp        0      0 0.0.0.0:111                 0.0.0.0:*                   LISTEN      1621/rpcbind        

tcp        0      0 0.0.0.0:80                  0.0.0.0:*                   LISTEN      2412/nginx          

tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      1872/sshd           

tcp        0      0 127.0.0.1:631               0.0.0.0:*                   LISTEN      1699/cupsd          

tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN      2289/master         


5 ping:测试网络的连通性

[root@localhost proc]# ping -c 5 www.qq.com

PING www.qq.com (120.198.201.156) 56(84) bytes of data.

64 bytes from 120.198.201.156: icmp_seq=1 ttl=128 time=12.9 ms

64 bytes from 120.198.201.156: icmp_seq=2 ttl=128 time=11.0 ms

64 bytes from 120.198.201.156: icmp_seq=3 ttl=128 time=10.4 ms

64 bytes from 120.198.201.156: icmp_seq=4 ttl=128 time=40.8 ms

64 bytes from 120.198.201.156: icmp_seq=5 ttl=128 time=13.5 ms


mtr:mtr命令把ping命令和tracepath命令合成了一个

[root@localhost proc]#mtr www.qq.com


6 lsof:列出系统当前打开的文件(在Linux中一切皆文件)

COMMAND    PID      USER   FD      TYPE     DEVICE SIZE/OFF       NODE NAME

init         1      root  cwd       DIR        8,2     4096          2 /

init         1      root  rtd       DIR        8,2     4096          2 /

init         1      root  txt       REG        8,2   153380       1666 /sbin/init

init         1      root  mem       REG        8,2    41812       4884 /lib/librt-2.12.so

init         1      root  mem       REG        8,2   146728       4880 /lib/ld-2.12.so

init         1      root  mem       REG        8,2  1911528       4882 /lib/libc-2.12.so

init         1      root  mem       REG        8,2    58728       1310 /lib/libnss_files-2.12.so

init         1      root  mem       REG        8,2   286396       4885 /lib/libdbus-1.so.3.4.0

init         1      root  mem       REG        8,2   122232       4911 /lib/libgcc_s-4.4.7-20120601.so.1

...

COMMAND:进程的名称

PID:进程标识符

USER:进程所有者

FD:文件描述符,应用程序通过文件描述符识别该文件。如cwd、txt等

TYPE:文件类型,如DIR、REG等

DEVICE:指定磁盘的名称

SIZE:文件的大小

NODE:索引节点(文件在磁盘上的标识)

NAME:打开文件的确切名称


显示某个端口是否被使用

[root@localhost proc]# lsof -i :3306

COMMAND  PID  USER   FD   TYPE DEVICE SIZE/OFF NODE NAME

mysqld  2172 mysql    3u  IPv4  14673      0t0  TCP *:mysql (LISTEN)


显示某个用户的进程打开的文件

[root@localhost proc]# lsof -u mysql

COMMAND  PID  USER   FD   TYPE     DEVICE SIZE/OFF   NODE NAME

mysqld  2172 mysql  cwd    DIR        8,3     4096   2668 /var/lib/mysql

mysqld  2172 mysql  rtd    DIR        8,2     4096      2 /

mysqld  2172 mysql  txt    REG        8,6  8064320   5203 /usr/libexec/mysqld

mysqld  2172 mysql  mem    REG        8,2    40296   4897 /lib/libcrypt-2.12.so

mysqld  2172 mysql  mem    REG        8,6   942040 670610 /usr/lib/libstdc++.so.6.0.13

mysqld  2172 mysql  mem    REG        8,2    15496   4901 /lib/libcom_err.so.2.1

mysqld  2172 mysql  mem    REG        8,2   907576   4902 /lib/libkrb5.so.3.3

mysqld  2172 mysql  mem    REG        8,2   171484   4900 /lib/libk5crypto.so.3.1

...


7 nslookup:域名解析查询

[root@localhost proc]# nslookup www.qq.com

Server:192.168.154.2

Address:192.168.154.2#53


Non-authoritative answer:

Name:www.qq.com

Address: 120.198.201.156


能实现域名查询的还有另一个命令:dig

[root@localhost proc]# dig www.qq.com


; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6 <<>> www.qq.com

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47549

;; flags: qr rd cd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; WARNING: recursion requested but not available


;; QUESTION SECTION:

;www.qq.com.INA


;; ANSWER SECTION:

www.qq.com.5INA120.198.201.156


;; Query time: 11 msec

;; SERVER: 192.168.154.2#53(192.168.154.2)

;; WHEN: Tue May 16 10:53:23 2017

;; MSG SIZE  rcvd: 44


8 traceroute:跟踪报文路径,在Windows下为tracert

[root@localhost proc]# traceroute www.qq.com

traceroute to www.qq.com (120.198.201.156), 30 hops max, 60 byte packets

 1  192.168.154.2 (192.168.154.2)  0.125 ms  0.106 ms  0.410 ms

 2  * * *

 3  * * *

 4  * * *

 5  * * *

 6  * * *

 7  * * *

 8  * * *

 9  * * *

在Linux系统中,mtr也可以实现路由跟踪,而且结合了ping的功能,更加强大,但是默认没有安装。

[root@localhost proc]# mtr www.qq.com

wKiom1kabBHyUlpLAAC7CE6k6u8000.jpg-wh_50


9 route:查看路由信息

 

[root@localhost proc]# route

Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

192.168.154.0   *               255.255.255.0   U     0      0        0 eth0

link-local      *               255.255.0.0     U     1002   0        0 eth0

default         192.168.154.2   0.0.0.0         UG    0      0        0 eth0


10 tcpdump:网络报文截获工具

指定端口:

[root@localhost proc]# tcpdump -i eth0             

...

11:18:14.179947 IP 192.168.154.1.57827 > 192.168.154.128.ssh: Flags [P.], seq 65:129, ack 253984, win 16425, length 64

11:18:14.180481 IP 192.168.154.128.ssh > 192.168.154.1.57827: Flags [P.], seq 253984:254384, ack 129, win 720, length 400

11:18:14.180845 IP 192.168.154.128.ssh > 192.168.154.1.57827: Flags [P.], seq 254384:254560, ack 129, win 720, length 176

11:18:14.181006 IP 192.168.154.1.57827 > 192.168.154.128.ssh: Flags [.], ack 254560, win 16281, length 0


指定主机,打印发出和收到的报文

[root@localhost proc]# tcpdump host 192.168.154.128

...

11:20:23.429911 IP 192.168.154.128.ssh > 192.168.154.1.57827: Flags [P.], seq 229536:229824, ack 1, win 720, length 288

11:20:23.437865 IP 192.168.154.128.ssh > 192.168.154.1.57827: Flags [P.], seq 229824:230000, ack 1, win 720, length 176

11:20:23.444348 IP 192.168.154.1.57827 > 192.168.154.128.ssh: Flags [.], ack 230000, win 16425, length 0

11:20:23.444371 IP 192.168.154.1.57827 > 192.168.154.128.ssh: Flags [P.], seq 1:65, ack 230000, win 16425, length 64


打印两台主机之间的报文

[root@localhost proc]# tcpdump host 192.168.154.128 and \(192.168.154.1\)

...

11:22:37.082668 IP 192.168.154.1.57827 > 192.168.154.128.ssh: Flags [.], ack 521392, win 16425, length 0

11:22:37.082893 IP 192.168.154.128.ssh > 192.168.154.1.57827: Flags [P.], seq 521392:521680, ack 209, win 720, length 288

11:22:37.090535 IP 192.168.154.128.ssh > 192.168.154.1.57827: Flags [P.], seq 521680:521856, ack 209, win 720, length 176

11:22:37.092395 IP 192.168.154.1.57827 > 192.168.154.128.ssh: Flags [.], ack 521856, win 16309, length 0

11:22:37.098430 IP 192.168.154.1.57827 > 192.168.154.128.ssh: Flags [P.], seq 209:273, ack 521856, win 16309, length 64

11:22:37.100106 IP 192.168.154.128.ssh > 192.168.154.1.57827: Flags [P.], seq 521856:522256, ack 273, win 720, length 400


打印主机发送的报文

[root@localhost proc]# tcpdump -i eth0 src 192.168.154.128

...

11:26:39.511627 IP 192.168.154.128.ssh > 192.168.154.1.57827: Flags [P.], seq 89264:89440, ack 1, win 720, length 176

11:26:39.517580 IP 192.168.154.128.ssh > 192.168.154.1.57827: Flags [P.], seq 89440:89616, ack 1, win 720, length 176

11:26:39.517883 IP 192.168.154.128.ssh > 192.168.154.1.57827: Flags [P.], seq 89616:89792, ack 1, win 720, length 176

11:26:39.520735 IP 192.168.154.128.ssh > 192.168.154.1.57827: Flags [P.], seq 89792:89968, ack 65, win 720, length 176


打印主机接收的报文

[root@localhost proc]# tcpdump -i eth0 dst 192.168.154.128

...

11:28:01.032800 IP 192.168.154.1.57827 > 192.168.154.128.ssh: Flags [.], ack 8337, win 16141, length 0

11:28:01.233749 IP 192.168.154.1.57827 > 192.168.154.128.ssh: Flags [.], ack 8497, win 16101, length 0

11:28:01.434811 IP 192.168.154.1.57827 > 192.168.154.128.ssh: Flags [.], ack 8657, win 16061, length 0

11:28:01.584687 IP 192.168.154.1.57827 > 192.168.154.128.ssh: Flags [P.], seq 48:112, ack 8817, win 16425, length 64


获取指定主机指定端口接收和发送的报文

[root@localhost proc]# tcpdump tcp port 80 and host 192.168.154.128 -v

12:30:38.368441 IP (tos 0x0, ttl 64, id 16834, offset 0, flags [DF], proto TCP (6), length 40)

    192.168.154.128.http > 192.168.154.1.64941: Flags [F.], cksum 0x2e4e (correct), seq 1, ack 2, win 457, length 0

12:30:38.368663 IP (tos 0x0, ttl 64, id 6217, offset 0, flags [DF], proto TCP (6), length 40)

    192.168.154.1.64941 > 192.168.154.128.http: Flags [.], cksum 0xefed (correct), ack 2, win 16425, length 0

12:30:38.369111 IP (tos 0x0, ttl 64, id 21138, offset 0, flags [DF], proto TCP (6), length 40)

    192.168.154.128.http > 192.168.154.1.64942: Flags [F.], cksum 0x76ed (correct), seq 1, ack 2, win 457, length 0

12:30:38.369321 IP (tos 0x0, ttl 64, id 6218, offset 0, flags [DF], proto TCP (6), length 40)

    192.168.154.1.64942 > 192.168.154.128.http: Flags [.], cksum 0x388d (correct), ack 2, win 16425, length 0


11 ss:显示socket状态,比netstat更强大和高效

-l:显示本地监听的所有端口

-t -a:显示所有TCP连接,a为显示所有套接字

-u -a:显示所有UDP连接

-o:显示计时器信息


显示所有TCP连接:

[***wjoj@stash ~]$ sudo ss -a -t


[root@localhost proc]# ss

wKioL1kaiO3hBrkuAAAvmeYPdsg864.jpg-wh_50


显示所有打开的网络连接端口:

[root@localhost proc]# ss -l

 wKiom1kaiSHxnF5eAABvDlLDEdU445.jpg-wh_50


[root@localhost bin]# ss -tnl

State       Recv-Q Send-Q                Local Address:Port                               Peer Address:Port              

LISTEN      0      128                               *:22                                            *:*                  

LISTEN      0      100                       127.0.0.1:25                                            *:*                  

LISTEN      0      100                              :::8080                                         :::*                  

LISTEN      0      128                              :::22                                           :::*                  

LISTEN      0      100                             ::1:25                                           :::*                  

LISTEN      0      1                  ::ffff:127.0.0.1:8005                                         :::*                  

LISTEN      0      100                              :::8009       


[root@localhost bin]# ss -o state established '( dport = :ssh or sport = :ssh )'

Netid Recv-Q Send-Q                 Local Address:Port                                  Peer Address:Port                

tcp   0      232                     192.168.3.56:ssh                                   192.168.3.17:59548                 timer:(on,375ms,0)

tcp   0      0                       192.168.3.56:ssh                                   192.168.3.17:56614                 timer:(keepalive,80min,0)

                                  :::*    

匹配本地地址和端口号:

[root@localhost proc]# ss src 192.168.154.128:80

State       Recv-Q Send-Q                                                                             Local Address:Port                                                                                 Peer Address:Port   

ESTAB       0      0                                                                                192.168.154.128:http                                                                                192.168.154.1:65206   

ESTAB       0      0                                                                                192.168.154.128:http                                                                                192.168.154.1:65212   



12 nmap:网络探测和安全审核工具

语法:nmap [扫描类型] [选项] 扫描目标

选项:-p:指定扫描的端口

      -n:禁用反向DNS解析(可以提高扫描速度)

扫描类型:

-sS, TCP SYN扫描,只向目标发出SYN数据包,如果收到SYN/ACK响应包就认为目标端口正在监听,并立即断开链接,否则会认为目标端口并未开放。

-sT,TCP连接扫描,这是完整的TCP扫描方式,用来建立TCP连接,如果成功则表示目标端口正在监听,否则表示端口并未开放。

-sP ICMP扫描:类似Ping检测快速判断目标主机是否存活。

[root@localhost proc]# nmap 192.168.154.1


Starting Nmap 5.51 ( http://nmap.org ) at 2017-05-16 12:59 CST

Nmap scan report for 192.168.154.1

Host is up (0.00030s latency).

Not shown: 997 filtered ports

PORT    STATE SERVICE

135/tcp open  msrpc

139/tcp open  netbios-ssn

445/tcp open  microsoft-ds

MAC Address: 00:50:56:C0:00:08 (VMware)


查看端口是否开启

[root@localhost proc]# nmap -p 22,80 192.168.154.1-10


Starting Nmap 5.51 ( http://nmap.org ) at 2017-05-16 13:00 CST

Nmap scan report for 192.168.154.1

Host is up (0.000065s latency).

PORT   STATE    SERVICE

22/tcp filtered ssh

80/tcp filtered http

MAC Address: 00:50:56:C0:00:08 (VMware)


Nmap scan report for 192.168.154.2

Host is up (0.00034s latency).

PORT   STATE  SERVICE

22/tcp closed ssh

80/tcp closed http

MAC Address: 00:50:56:EC:FE:4A (VMware)


查看哪些主机在线:

[root@localhost proc]# nmap -n -sP 192.168.154.0/24


Starting Nmap 5.51 ( http://nmap.org ) at 2017-05-16 13:01 CST

Nmap scan report for 192.168.154.1

Host is up (0.00021s latency).

MAC Address: 00:50:56:C0:00:08 (VMware)

Nmap scan report for 192.168.154.2

Host is up (0.0014s latency).

MAC Address: 00:50:56:EC:FE:4A (VMware)

Nmap scan report for 192.168.154.128

Host is up.

Nmap scan report for 192.168.154.254

Host is up (0.00040s latency).

MAC Address: 00:50:56:F5:05:C8 (VMware)

Nmap done: 256 IP addresses (4 hosts up) scanned in 4.43 seconds