首页
Linux
云原生
常用bat文件
Maven教程
mongodb
设计模式
Oracle常用知识梳理
更多……
申请加入课程
Linux系统概要说明
Linux 搭建本地yum仓库
Linux 文本处理工具和正则表达式
VM 使用的几个核心关切点
Linux下python2.x升级python3.7
Linux 的Namespace和cgroups
CentOS7下安装Tomcat8
Linux Shell编程基础
Linux shell编程 输入输出
Linux shell编程test命令
Linux shell编程 流程控制
Linux shell编程 函数
Linux shell编程 文件引用与包含
curl 的使用案例
Linux 网络工具
Linux 定时任务 定时同步互联网时间
CentOS 初始化
Linux NFS 网络文件系统离线批量搭建
Linux 工具
Linux 通过服务器代理访问互联网
Linux ftp服务搭建
Linux 服务器配置SSH免密登陆
linux如何下载rpm离线安装包到本机
Linux 命令基础
Linux 文件管理命令和文件结构
Linux 标准I/O重定向和管道
Linux 用户和组以及权限
Linux 文件的权限管理
Linux 磁盘和磁盘分区
Linux 文件系统挂载与RAID
Linux LVM逻辑卷
Linux 服务注册
Linux常用基础指令
Linux 网络
Linux 防火墙
Linux 备份与还原
Linux 网络工具
星辰
2020-11-16
0
0
153
人
0
人评论
0
人举报
[TOC] # Linux 网络工具 ## netstat和lsof工具使用 工具安装 ``` yum install net-tools -y yum install isof -y ``` 帮助 ``` [root@node6 ~]# netstat --help usage: netstat [-vWeenNcCF] [
] -r netstat {-V|--version|-h|--help} netstat [-vWnNcaeol] [
...] netstat { [-vWeenNac] -I[
] | [-veenNac] -i | [-cnNe] -M | -s [-6tuw] } [delay] -r, --route display routing table -I, --interfaces=
display interface table for
-i, --interfaces display interface table -g, --groups display multicast group memberships -s, --statistics display networking statistics (like SNMP) -M, --masquerade display masqueraded connections -v, --verbose be verbose -W, --wide don't truncate IP addresses -n, --numeric don't resolve names --numeric-hosts don't resolve host names --numeric-ports don't resolve port names --numeric-users don't resolve user names -N, --symbolic resolve hardware names -e, --extend display other/more information -p, --programs display PID/Program name for sockets -o, --timers display timers -c, --continuous continuous listing -l, --listening display listening server sockets -a, --all display all sockets (default: connected) -F, --fib display Forwarding Information Base (default) -C, --cache display routing cache instead of FIB -Z, --context display SELinux security context for sockets
={-t|--tcp} {-u|--udp} {-U|--udplite} {-S|--sctp} {-w|--raw} {-x|--unix} --ax25 --ipx --netrom
=Use '-6|-4' or '-A
' or '--
'; default: inet List of possible address families (which support routing): inet (DARPA Internet) inet6 (IPv6) ax25 (AMPR AX.25) netrom (AMPR NET/ROM) ipx (Novell IPX) ddp (Appletalk DDP) x25 (CCITT X.25) ``` ### 参数讲解 * -t : 指明显示TCP端口 * -a : 显示所有socket(套接字),包括正在监听的(LISTEN) * -u : 显示UDP端口 * -l : 仅显示监听套接字(所谓套接字就是使应用程序能够读写与收发通讯协议(protocol)与资料的程序) * -p : 显示进程标识符和程序名称,每一个套接字/端口都属于一个程序 * -n : 不进行DNS轮询,显示IP(可以加速操作) * -i : 可以查看到发送接收的数据情况 **常用组合** * netstat -ntlp 查看当前所有tcp端口 * netstat -ntulp |grep 80 //查看所有80端口使用情况 * netstat -an | grep 3306 //查看所有3306端口使用情况 * netstat -lanp 查看一台服务器上面哪些服务及端口 * ps -ef |grep mysqld 查看一个服务有几个端口。比如要查看mysqld * netstat -pnt |grep :3306 |wc 查看某一端口的连接客户端IP 比如3306端口 * netstat -anp |grep 3306 查看某一端口的连接客户端IP 比如3306端口 ### netstat的替代工具 ss ss 命令效率更高 优点: * 访问量的大的机器,ss的显示速度更快 * 可以做一些统计 * 过滤条件比netstat更加丰富 * ss-s ``` ss -l 显示本地打开的所有端口 ss -pl 显示每个进程具体打开的socket ss -t -a 显示所有tcp socket ss -u -a 显示所有的UDP Socekt ss -o state established '( dport = :smtp or sport = :smtp )' 显示所有已建立的SMTP连接 ss -o state established '( dport = :http or sport = :http )' 显示所有已建立的HTTP连接 ss -x src /tmp/.X11-unix/* 找出所有连接X服务器的进程 ss -s 列出当前socket详细信息: # 查询远程处于连接状态的主机的ip地址,并且把它们查出来以后按最多到最小的顺序排序 如:查询连接我网站量最多的远程主机按倒序排序 [root@master1 ~]# ss -nt | sed -rn '/^ESTAB/s#.*[[:space:]]+([0-9.]+):[0-9]+.*#\1#p' | sort | uniq -c | sort -nr 243 192.168.3.161 20 127.0.0.1 8 192.168.3.163 8 172.25.0.2 5 192.168.3.164 4 192.168.3.173 4 192.168.3.172 4 192.168.3.171 4 192.168.3.167 4 192.168.3.166 4 192.168.3.165 4 192.168.3.162 2 10.233.0.1 1 192.168.3.40 1 172.16.30.161 1 10.233.0.3 ``` ### lsof lsof的作用是列出当前系统打开文件(list open files),不过通过-i参数也能查看端口的连接情况,-i后跟冒号端口可以查看指定端口信息,直接-i是系统当前所有打开的端口 ``` [root@node5 home]# lsof --help lsof: illegal option character: - lsof: -e not followed by a file system path: "lp" lsof 4.87 latest revision: ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof/ latest FAQ: ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof/FAQ latest man page: ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof/lsof_man usage: [-?abhKlnNoOPRtUvVX] [+|-c c] [+|-d s] [+D D] [+|-f[gG]] [+|-e s] [-F [f]] [-g [s]] [-i [i]] [+|-L [l]] [+m [m]] [+|-M] [-o [o]] [-p s] [+|-r [t]] [-s [p:s]] [-S [t]] [-T [t]] [-u s] [+|-w] [-x [fl]] [-Z [Z]] [--] [names] Defaults in parentheses; comma-separated set (s) items; dash-separated ranges. -?|-h list help -a AND selections (OR) -b avoid kernel blocks -c c cmd c ^c /c/[bix] +c w COMMAND width (9) +d s dir s files -d s select by FD set +D D dir D tree *SLOW?* +|-e s exempt s *RISKY* -i select IPv[46] files -K list tasKs (threads) -l list UID numbers -n no host names -N select NFS files -o list file offset -O no overhead *RISKY* -P no port names -R list paRent PID -s list file size -t terse listing -T disable TCP/TPI info -U select Unix socket -v list version info -V verbose search +|-w Warnings (+) -X skip TCP&UDP* files -Z Z context [Z] -- end option scan +f|-f +filesystem or -file names +|-f[gG] flaGs -F [f] select fields; -F? for help +|-L [l] list (+) suppress (-) link counts < l (0 = all; default = 0) +m [m] use|create mount supplement +|-M portMap registration (-) -o o o 0t offset digits (8) -p s exclude(^)|select PIDs -S [t] t second stat timeout (15) -T qs TCP/TPI Q,St (s) info -g [s] exclude(^)|select and print process group IDs -i i select by IPv[46] address: [46][proto][@host|addr][:svc_list|port_list] +|-r [t[m
]] repeat every t seconds (15); + until no files, - forever. An optional suffix to t is m
; m must separate t from
and
is an strftime(3) format for the marker line. -s p:s exclude(^)|select protocol (p = TCP|UDP) states by name(s). -u s exclude(^)|select login|UID set s -x [fl] cross over +d|+D File systems or symbolic Links names select named files or files on named file systems Anyone can list all files; /dev warnings disabled; kernel ID check disabled. ``` **比较** ``` # netstat无权限控制,lsof有权限控制,只能看到本用户 # losf能看到pid和用户,可以找到哪个进程占用了这个端口 netstat -an|grep 8080 lsof -i:8080 [root@node5 home]# lsof -i:30221 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME kube-prox 23904 root 305u IPv6 1415985520 0t0 TCP *:30221 (LISTEN) [root@node5 home]# netstat -ntlp | grep 30221 tcp6 0 0 :::30221 :::* LISTEN 23904/kube-proxy ``` ### 监控网络情况 netstat-i ``` Active UNIX domain sockets (w/o servers) # 下面显示的是uninx套接字 # RX-OK 成功接收 # TX-OK 成功发送 # RX-DRP 抛弃的 # RX-OVR 负载 [root@node5 home]# netstat -i Kernel Interface table Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg cali0e2373a2e56 1500 0 0 0 0 0 0 0 0 BMRU # 监控 watch -n1 netstat -i 监听指定网卡 watch netstat -I=ens33 或者 监听指定网卡 watch ifconfig -s ens33 ``` **模拟流量攻击** ``` # -f 是指暴力ping,当目标主机性能不是很好时,很容易把目标主机的网卡资源耗尽,导致服务不可用 ping -s 65507 192.168.3.161 -f # 上目标主机查看任务管理台网卡,可以看到流量疯长 ``` ## ip 命令推荐使用,替代ifconfig命令 ### 帮助 ``` [root@localhost ~]# ip Usage: ip [ OPTIONS ] OBJECT { COMMAND | help } ip [ -force ] -batch filename where OBJECT := { link | address | addrlabel | route | rule | neigh | ntable | tunnel | tuntap | maddress | mroute | mrule | monitor | xfrm | netns | l2tp | fou | macsec | tcp_metrics | token | netconf | ila | vrf } OPTIONS := { -V[ersion] | -s[tatistics] | -d[etails] | -r[esolve] | -h[uman-readable] | -iec | -f[amily] { inet | inet6 | ipx | dnet | mpls | bridge | link } | -4 | -6 | -I | -D | -B | -0 | -l[oops] { maximum-addr-flush-attempts } | -br[ief] | -o[neline] | -t[imestamp] | -ts[hort] | -b[atch] [filename] | -rc[vbuf] [size] | -n[etns] name | -a[ll] | -c[olor]} ``` * ip link 查看网卡二层信息 数据链路层 ip l ``` [root@localhost ~]# ip link 1: lo:
mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: ens33:
mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 00:0c:29:b8:39:74 brd ff:ff:ff:ff:ff:ff ``` 修改逻辑mac地址 ``` vi /etc/sysconfig/network-scripts/ifcfg-ens33 # 添加最后一行 [root@localhost network-scripts]# cat /etc/sysconfig/network-scripts/ifcfg-ens33 TYPE=Ethernet PROXY_METHOD=none BROWSER_ONLY=no BOOTPROTO=dhcp DEFROUTE=yes IPV4_FAILURE_FATAL=no IPV6INIT=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no IPV6_ADDR_GEN_MODE=stable-privacy NAME=ens33 UUID=485a5544-cfb3-4c98-9012-8649af8bd5fb DEVICE=ens33 ONBOOT=yes # 注意MACADDR 前2位不能出现1,前两位为1的是广播地址,不能给网卡使用 MACADDR=00:0c:29:b8:39:66 # 重启网卡 [root@localhost network-scripts]# service network restart # 重启完后发现远程不了了,但是宿主机可以登录,其ip link查看是已经修改了mac地址 ``` * ip addr 查看网络层 或ip a 包含了链路层和网络层的信息 ``` [root@localhost ~]# ip addr 1: lo:
mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33:
mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:b8:39:74 brd ff:ff:ff:ff:ff:ff inet 172.16.30.130/23 brd 172.16.31.255 scope global noprefixroute dynamic ens33 valid_lft 7132sec preferred_lft 7132sec inet6 fe80::1836:5736:577f:d916/64 scope link noprefixroute valid_lft forever preferred_lft forever ``` 我们可以通过 ip addr 管理网卡的ip地址,可以个一块网卡添加多个ip地址,相关命令如下 ``` [root@noteshare ~]# ip addr add change del flush help replace show # 给网卡添加ip [root@localhost ~]# ip addr add 172.16.30.131 dev ens33 [root@localhost ~]# ip a 1: lo:
mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33:
mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:b8:39:74 brd ff:ff:ff:ff:ff:ff inet 172.16.30.130/23 brd 172.16.31.255 scope global noprefixroute dynamic ens33 valid_lft 7090sec preferred_lft 7090sec inet 172.16.30.131/32 scope global ens33 valid_lft forever preferred_lft forever inet6 fe80::1836:5736:577f:d916/64 scope link noprefixroute valid_lft forever preferred_lft forever [root@localhost ~]# ping 172.16.30.131 PING 172.16.30.131 (172.16.30.131) 56(84) bytes of data. 64 bytes from 172.16.30.131: icmp_seq=1 ttl=64 time=0.076 ms 64 bytes from 172.16.30.131: icmp_seq=2 ttl=64 time=0.057 ms ^C --- 172.16.30.131 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1000ms rtt min/avg/max/mdev = 0.057/0.066/0.076/0.012 ms # 这种方式加进去的ip 用ifconfig看不到 [root@localhost ~]# ifconfig ens33: flags=4163
mtu 1500 inet 172.16.30.130 netmask 255.255.254.0 broadcast 172.16.31.255 inet6 fe80::1836:5736:577f:d916 prefixlen 64 scopeid 0x20
ether 00:0c:29:b8:39:74 txqueuelen 1000 (Ethernet) RX packets 1473 bytes 105855 (103.3 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 122 bytes 17623 (17.2 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73
mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10
loop txqueuelen 1000 (Local Loopback) RX packets 4 bytes 336 (336.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 4 bytes 336 (336.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 ``` * 通过ifconfig给网卡添加别名 ``` [root@localhost ~]# ifconfig ens33:2 2.2.2.2/24 [root@localhost ~]# ifconfig ens33: flags=4163
mtu 1500 inet 172.16.30.130 netmask 255.255.254.0 broadcast 172.16.31.255 inet6 fe80::1836:5736:577f:d916 prefixlen 64 scopeid 0x20
ether 00:0c:29:b8:39:74 txqueuelen 1000 (Ethernet) RX packets 2366 bytes 167350 (163.4 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 151 bytes 21661 (21.1 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 ens33:2: flags=4163
mtu 1500 inet 2.2.2.2 netmask 255.255.255.0 broadcast 2.2.2.255 ether 00:0c:29:b8:39:74 txqueuelen 1000 (Ethernet) lo: flags=73
mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10
loop txqueuelen 1000 (Local Loopback) RX packets 4 bytes 336 (336.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 4 bytes 336 (336.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@localhost ~]# ping 2.2.2.2 PING 2.2.2.2 (2.2.2.2) 56(84) bytes of data. 64 bytes from 2.2.2.2: icmp_seq=1 ttl=64 time=0.079 ms ^C --- 2.2.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.079/0.079/0.079/0.000 ms ``` * 通过ip addr add 给网卡添加别名 ``` [root@localhost ~]# ip a a 4.4.4.4/24 dev ens33 label ens33:4 [root@localhost ~]# ifconfig ens33: flags=4163
mtu 1500 inet 172.16.30.130 netmask 255.255.254.0 broadcast 172.16.31.255 inet6 fe80::1836:5736:577f:d916 prefixlen 64 scopeid 0x20
ether 00:0c:29:b8:39:74 txqueuelen 1000 (Ethernet) RX packets 4060 bytes 302571 (295.4 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 335 bytes 47053 (45.9 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 ens33:2: flags=4163
mtu 1500 inet 2.2.2.2 netmask 255.255.255.0 broadcast 2.2.2.255 ether 00:0c:29:b8:39:74 txqueuelen 1000 (Ethernet) ens33:4: flags=4163
mtu 1500 inet 4.4.4.4 netmask 255.255.255.0 broadcast 0.0.0.0 ether 00:0c:29:b8:39:74 txqueuelen 1000 (Ethernet) lo: flags=73
mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10
loop txqueuelen 1000 (Local Loopback) RX packets 6 bytes 504 (504.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 6 bytes 504 (504.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 ``` > 我们可以通过以上方式给一个网卡添加多个地址,实际中也会存在这种情况,在一台机器上给出多个对外地址,分别对应不同的服务。在外看是多个ip,其实内部是一个服务器。 * scope link global host * global 全局的,不管从哪里进来都能访问 * link 只有从指定链路进来的才能接收数据包,比如说一个电脑上绑定了ip1和ip2,一个请求想访问ip2,但是他是从ip1进来的,而ip1是link形式的,则访问不到ip2。 * host 只能针对自己的电脑,也就是只有通过自己电脑发送过来的才行,从互联网发送过来的不接收。如127.0.0.1 * ip 命令的其他功能 * 修改网卡名称 `先关闭网卡ip link set eth1 down && ip link set eht1 name haha && ip link set eth1 up` * 查路由 ip route
所有评论列表
点我发表评论