Sy-linux下常用的网络命令linux network commands

linux下的网络命令非常强大，这里根据教材需要，列出来常用的网络命令和场景实例，供参考。

一、命令列表：

Command	Description
ip	Manipulating routing to assigning and configuring network parameters
traceroute	Identify the route taken by packets to reach the host
tracepath	Gets maximum transmission unit while tracing the path to the network host
ping	Often used to check the connectivity between the host and the server
ss	Gets details about network sockets
dig	Gives all the necessary information about the DNS name server
host	Prints IP address of a specific domain and viscera
hostname	Mostly used to print and change the hostname
curl	Transfers data over the network by supporting various protocols
mtr	A combination of ping and traceroute is used to diagnose the network
whois	Gets info about registered domains, IP addresses, name servers, and more
ifplugstatus	Detects the link status of a local Ethernet device
iftop	Monitors stats related to bandwidth
tcpdump	Packet sniffing and analyzing utility used to capture, analyze and filter network traffic
ethtool	Allows users to configure Ethernet devices
nmcli	Troubleshooting utility for network connections
nmap	Primarily used to audit network security
bmon	An open-source utility to monitor real-time bandwidth
firewalld	CLI tool to configure rules of Firewall
iperf	Utility to measure network performance and tuning
speedtest-cli	CLI utility of speedtest.net to check internet speeds
vnstat	Mostly used to monitor network traffic and bandwidth consumption

以上的命令都是在tcp/ip层之间操作。一些比较详细的需要研究对应的tcp/ip协议。

来自 <https://itsfoss.com/basic-linux-networking-commands/#essential-networking-commands-in-linux>

TCP/IP protocol stack vs the OSI reference model

二、包运行环境

请注意，并非所有的命令都会预先安装。Ubuntu/Centos的环境我事先都需要先安装了。对于其他发行版，请使用您的包管理器。

我这里适用了ubuntu、centos 和kali版本（未完全）做验证。分别对应的版本£§¤¥

其中ubuntu的版本和内核如下： £1

£2

Kali 的版本和内核如下：§1

§2

centos的版本和内核如下：¤1

三、工具包运行实例

Note: Both net-tools and iproute2 command are available on most Linux distributions. However, it is recommended to use iproute2 tools due to their flexibility and speed.

Although net-tools is deemed as outdated, it is still widely used by legacy scripts and configurations.

£1为例

1、主机信息相关的cmds

ip [options] object [command]

root@testhost01:~# ip

Usage: ip [ OPTIONS ] OBJECT { COMMAND | help }

ip [ -force ] -batch filename

where OBJECT := { address | addrlabel | amt | fou | help | ila | ioam | l2tp |

token | tunnel | tuntap | vrf | xfrm }

OPTIONS := { -V[ersion] | -s[tatistics] | -d[etails] | -r[esolve] |

-h[uman-readable] | -iec | -j[son] | -p[retty] |

-f[amily] { inet | inet6 | mpls | bridge | link } |

-4 | -6 | -M | -B | -0 |

-l[oops] { maximum-addr-flush-attempts } | -br[ief] |

-o[neline] | -t[imestamp] | -ts[hort] | -b[atch] [filename] |

-rc[vbuf] [size] | -n[etns] name | -N[umeric] | -a[ll] |

-c[olor]}

root@testhost01:~# ip -V

ip utility, iproute2-6.1.0, libbpf 1.2.2

root@testhost01:~#

ip addr [subcommand]

The available subcommands on the object are:

add - Adds a new address.
show - Shows protocol addresses.
del - Removes an address.
flush - Flushes addresses based on specified criteria.

root@testhost01:~# ip addr

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000

link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

inet 127.0.0.1/8 scope host lo

valid_lft forever preferred_lft forever

inet6 ::1/128 scope host

valid_lft forever preferred_lft forever

2: ens36: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000

link/ether 00:0c:29:f9:aa:a7 brd ff:ff:ff:ff:ff:ff

altname enp2s4

inet 192.168.105.128/24 brd 192.168.105.255 scope global dynamic noprefixroute ens36

valid_lft 1563sec preferred_lft 1563sec

inet6 fe80::2662:4535:1059:ba10/64 scope link noprefixroute

valid_lft forever preferred_lft forever

3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default

link/ether 02:42:cc:2e:94:21 brd ff:ff:ff:ff:ff:ff

inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0

valid_lft forever preferred_lft forever

root@testhost01:~# ip addr show ens36

2: ens36: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000

link/ether 00:0c:29:f9:aa:a7 brd ff:ff:ff:ff:ff:ff

altname enp2s4

inet 192.168.105.128/24 brd 192.168.105.255 scope global dynamic noprefixroute ens36

valid_lft 1423sec preferred_lft 1423sec

inet6 fe80::2662:4535:1059:ba10/64 scope link noprefixroute

valid_lft forever preferred_lft forever

root@testhost01:~#

ip monitor

ip link [subcommand] [options] [interfaces]

The subcommands enable the following actions:

show - Prints network interface information.
set - Changes or adds information to a network interface.
add - Adds a new network interface.
del - Deletes a network interface.

把网卡禁用后，secCRT就不能登录了，中断了，如上图，这是需要直接进入vmware中

启动up网卡，如下图：

ip route [subcommand] [options] [destination]

The following actions are available as subcommands:

show - Shows the routing table.
add - Adds a new route to the table.
del - Deletes a route from the table.
change - Modifies an existing route.

root@testhost01:~# ip route show

default via 192.168.105.2 dev ens36 proto dhcp src 192.168.105.128 metric 100

169.254.0.0/16 dev ens36 scope link metric 1000

172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown

192.168.105.0/24 dev ens36 proto kernel scope link src 192.168.105.128 metric 100

root@testhost01:~#

Nslookup

nslookup <domainName>

root@testhost01:~# nslookup www.ygu.edu.cn

Server: 127.0.0.53

Address: 127.0.0.53#53

Non-authoritative answer:

Name: www.ygu.edu.cn

Address: 42.247.25.1

Name: www.ygu.edu.cn

Address: 2001:da8:e815:1::2

root@testhost01:~#

Dig

dig [options] [domain] [record type] [DNS server]

The components of the command are:

[options] - Parameters that modify the behavior of the command.
[domain] - The domain name to query.
[record type] - The DNS record type to query. Defaults to A records.
[DNS server] - A specified DNS server for the query.

All parameters are optional. The command shows the default DNS resolver information and query statistics without additional options.

root@testhost01:~# dig www.google.com

; <<>> DiG 9.18.18-0ubuntu2.1-Ubuntu <<>> www.google.com

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35752

;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 65494

;; QUESTION SECTION:

;www.google.com. IN A

;; ANSWER SECTION:

www.google.com. 5 IN A 172.217.26.68

;; Query time: 131 msec

;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)

;; WHEN: Fri Apr 12 09:49:23 CST 2024

;; MSG SIZE rcvd: 59

root@testhost01:~# dig -x 8.8.4.4

; <<>> DiG 9.18.18-0ubuntu2.1-Ubuntu <<>> -x 8.8.4.4

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54054

;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 65494

;; QUESTION SECTION:

;4.4.8.8.in-addr.arpa. IN PTR

;; ANSWER SECTION:

4.4.8.8.in-addr.arpa. 5 IN PTR dns.google.

;; Query time: 131 msec

;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)

;; WHEN: Fri Apr 12 09:49:35 CST 2024

;; MSG SIZE rcvd: 73

root@testhost01:~#

Ping

ping [options] [hostname/IP]

ping -c 5 google.com

Uname

Host

host [options] [hostname/IP]

The various [options] control the command's behavior, such as the query type or the start of authority (SOA) for the provided domain.

root@testhost01:~# host www.baidu.com

www.baidu.com is an alias for www.a.shifen.com.

www.a.shifen.com has address 157.148.69.80

www.a.shifen.com has address 157.148.69.74

www.a.shifen.com has IPv6 address 2408:8756:c52:1107:0:ff:b035:844b

www.a.shifen.com has IPv6 address 2408:8756:c52:1aec:0:ff:b013:5a11

root@testhost01:~# host aliyun.com

aliyun.com has address 106.11.248.146

aliyun.com has address 106.11.249.99

aliyun.com has address 106.11.172.9

aliyun.com has address 140.205.135.3

aliyun.com has address 106.11.253.83

aliyun.com has address 140.205.60.46

aliyun.com has IPv6 address 2401:b180:1:60::6

aliyun.com has IPv6 address 2401:b180:1:60::5

aliyun.com mail is handled by 10 mx2.mail.aliyun.com.

Ifconfig

ifconfig [interface] [options]

root@testhost01:~# ifconfig -s

Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg

docker0 1500 0 0 0 0 0 0 0 0 BMU

ens36 1500 253964 0 0 0 48211 0 0 0 BMRU

lo 65536 18559 0 0 0 18559 0 0 0 LRU

root@testhost01:~# ifconfig -a

docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500

inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255

ether 02:42:cc:2e:94:21 txqueuelen 0 (Ethernet)

RX packets 0 bytes 0 (0.0 B)

RX errors 0 dropped 0 overruns 0 frame 0

TX packets 0 bytes 0 (0.0 B)

TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

ens36: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500

inet 192.168.105.128 netmask 255.255.255.0 broadcast 192.168.105.255

inet6 fe80::2662:4535:1059:ba10 prefixlen 64 scopeid 0x20<link>

ether 00:0c:29:f9:aa:a7 txqueuelen 1000 (Ethernet)

RX packets 253989 bytes 328717030 (328.7 MB)

RX errors 0 dropped 0 overruns 0 frame 0

TX packets 48227 bytes 5320298 (5.3 MB)

TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536

inet 127.0.0.1 netmask 255.0.0.0

inet6 ::1 prefixlen 128 scopeid 0x10<host>

loop txqueuelen 1000 (Local Loopback)

RX packets 18559 bytes 2505591 (2.5 MB)

RX errors 0 dropped 0 overruns 0 frame 0

TX packets 18559 bytes 2505591 (2.5 MB)

TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

root@testhost01:~#

Nslookup

nslookup [domain] [DNS server]

root@testhost01:~# nslookup ygu.edu.cn

Server: 127.0.0.53

Address: 127.0.0.53#53

Name: ygu.edu.cn

Address: 127.0.0.1

root@testhost01:~# nslookup www.163.com

Server: 127.0.0.53

Address: 127.0.0.53#53

Name: www.163.com

Address: 192.168.52.130

root@testhost01:~#

2、网络连接相关cmds

Scp

选项非常多，简单的如下：

scp [OPTION] [user@]SRC_HOST:]file1 [user@]DEST_HOST:]file2

1、从本地拷贝到远程：

scp local_file remote_username@remote_ip:remote_folder或者

scp local_file remote_username@remote_ip:remote_file或者

scp local_file remote_ip:remote_folder或者

scp local_file remote_ip:remote_file

如果复制目录，需要-r参数：scp -r

2、从远程拷贝到本地：

只要把本地复制到远程的命令的后面2个参数调换顺序即可。

若远程防火墙有为scp指定了端口号，需要使用-p参数：scp -p

比如scp命令使用端口号6389：scp -p 6389

注意：使用scp命令要确保使用的用户具有远程服务器文件对应的权限，否则无法起作用。

Rsync

1、同步本地不同路径下的两个目录

rsync -zvr /dir1 /dir2/dir3/

-z 启用压缩

-v 输出详细信息

-r 表示递归

如上结果显示，两个同步的目录下的文件的时间戳不一致的！

2、使用-a选项表示存档模式。

-a选项递归同步、保留符号链接、保留权限、保留时间戳、保留所有者和组。

这里时间戳就一致了。

rsync允许在本地和远程系统之间同步文件/目录，前提是本地和远程系统都要安装rsync才行。

执行以下命令完成文件从远程目录同步到本地：

rsync -avz root@192.168.105.130:~/test130dir /root/test128dir/

执行以下命令，实现文件从本地目录同步到远程目录

ss [options] [filter]

使用ss -lt列车所有tcp的sockets

root@testhost01:~# ss -lt

State Recv-Q Send-Q Local Address:Port Peer Address:Port Process

LISTEN 0 511 0.0.0.0:http 0.0.0.0:*

LISTEN 0 4096 127.0.0.53%lo:domain 0.0.0.0:*

LISTEN 0 4096 127.0.0.1:41575 0.0.0.0:*

LISTEN 0 4096 127.0.0.1:ipp 0.0.0.0:*

LISTEN 0 4096 127.0.0.54:domain 0.0.0.0:*

LISTEN 0 511 [::]:http [::]:*

LISTEN 0 2 [::1]:3350 [::]:*

LISTEN 0 4096 *:ssh *:*

LISTEN 0 2 *:ms-wbt-server *:*

LISTEN 0 4096 [::1]:ipp [::]:*

root@testhost01:~#

使用-lu或者-au列出UDP端口信息：

root@testhost01:~# ss -au

State Recv-Q Send-Q Local Address:Port Peer Address:Port Process

UNCONN 0 0 0.0.0.0:mdns 0.0.0.0:*

UNCONN 0 0 0.0.0.0:55534 0.0.0.0:*

UNCONN 0 0 127.0.0.54:domain 0.0.0.0:*

UNCONN 0 0 127.0.0.53%lo:domain 0.0.0.0:*

ESTAB 0 0 192.168.105.128%ens36:bootpc 192.168.105.254:bootps

UNCONN 0 0 [::]:mdns [::]:*

UNCONN 0 0 [::]:48070 [::]:*

root@testhost01:~# ss -lu

State Recv-Q Send-Q Local Address:Port Peer Address:Port Process

UNCONN 0 0 0.0.0.0:mdns 0.0.0.0:*

UNCONN 0 0 0.0.0.0:55534 0.0.0.0:*

UNCONN 0 0 127.0.0.54:domain 0.0.0.0:*

UNCONN 0 0 127.0.0.53%lo:domain 0.0.0.0:*

UNCONN 0 0 [::]:mdns [::]:*

UNCONN 0 0 [::]:48070 [::]:*

root@testhost01:~#

Route

route [options] [subcommand] [arguments]

It contains the following components:

[options] - Optional command-line parameters that control the output view, address family, and IP protocol.
[subcommand] - An action to perform, such as add or delete.
[arguments] - Additional arguments that differ depending on the subcommand.

Kernel IP routing table

Destination Gateway Genmask Flags Metric Ref Use Iface

default bogon 0.0.0.0 UG 100 0 0 ens36

link-local 0.0.0.0 255.255.0.0 U 1000 0 0 ens36

172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0

192.168.105.0 0.0.0.0 255.255.255.0 U 100 0 0 ens36

添加默认网关命令：sudo route add default gw [gateway]

3、网络监控相关cmds

Netstat

netstat [options]

使用-at参数列出所有TCP port

netstat -at        #查看当前已经建立的tcp连接
netstat -au       #列出所有 udp 端口
netstat -lt         #只列出所有监听中的 tcp类型的端口
netstat -lu         #只列出所有监听中的 udp类型的端口
netstat -antp     #查看所有已经建立的tcp连接，并且域名以数字形式显示
netstat -tupl      #查看所有监听的tcp和udp及进程名信息（udp不能监听，但可以查看是否在占用）
netstat -s           #显示所有端口的统计信息
netstat -st 或 -su   #显示 TCP 或 UDP 端口的统计信息
netstat -i           #查看网卡接口信息
netstat -tulnp |grep nginx   #查看nginx服务的网络信息

Netcat

Tcpdump

tcpdump命令是一个数据包嗅探器和网络安全工具，用于捕获实时网络数据包信息。使用命令可以分析流量、排除问题和监视网络安全。

tcpdump [options] [filter]

tcpdump port 80

过滤器port 80捕获指定端口上的数据包以监视HTTP流量

还可以在命令中指定协议（TCP、UDP、TCP和其他），如下指令：

tcpdump -i <network_device> tcp

To specify the port, use the command,要指定端口，请使用如下指令：

tcpdump -i <network_device> port 22

tcpdump命令将继续执行并发送数据包，除非被取消。因此，您可以指定要捕获的事件数量以控制连续执行。

tcpdump -c 20 -i <network_device>

您还可以使用标记src或dst指定要从中捕获的IP。指令：

tcpdump -c 20 -i <network_device> src XXX.XXX.XXX.XXX

比如我在另外一台机器ping本机，然后捕获：

最后可以将即时捕获的网络流量保存到一个文件中，供以后使用。更多参数：

-a 　将网络地址和广播地址转变成名字
-d 　将匹配信息包的代码以人们能够理解的汇编格式给出
-dd 将匹配信息包的代码以c语言程序段的格式给出
-ddd 将匹配信息包的代码以十进制的形式给出
-D   显示所有可用网络接口的列表
-e 　在输出行打印出数据链路层的头部信息
-f 　将外部的Internet地址以数字的形式打印出来
-l 　使标准输出变为缓冲行形式
-L   列出指定网络接口所支持的数据链路层的类型后退出
-n 　不把网络地址转换成名字，即不做反向域名解析
-q   简洁地打印输出。即打印很少的协议相关信息, 从而输出行都比较简短
-t   在每行的输出中不输出时间
-tt 在每行的输出中会输出时间戳
-ttt 输出每两行打印的时间间隔(以毫秒为单位)
-tttt 在每行打印的时间戳之前添加日期的打印（此种选项，输出的时间最直观）

-v 产生详细的输出. 比如包的TTL，id标识，数据包长度，以及IP包的一些选项。同时它还会打开一些附加的包完整性检测，比如对IP或ICMP包头部的校验和。
-vv 产生比-v更详细的输出. 比如NFS回应包中的附加域将会被打印, SMB数据包也会被完全解码。
-vvv 产生比-vv更详细的输出。比如 telent 时所使用的SB, SE 选项将会被打印, 如果telnet同时使用的是图形界面，其相应的图形选项将会以16进制的方式打印出来
-c 　在收到指定的包的数目后，tcpdump就会停止
-F 　从指定的文件中读取表达式,忽略其它的表达式
-i 　指定监听的网络接口
-r 　从指定的文件中读取包(这些包一般通过-w选项产生)
-w 　直接将数据报写入文件中，并不分析和打印出来
-T 　将监听到的包直接解释为指定的类型的报文，常见的类型有rpc （远程过程调用）和snmp（简单　网络管理协议)
-s tcpdump 默认只会截取前 `96` 字节的内容，要想截取所有的报文内容，可以使用 `-s number`， `number` 就是你要截取的报文字节数，如果是 0 的话，表示截取报文全部内容。
-S seq ack 使用绝对序列号，而不是相对序列号
-Z 后接用户名，在抓包时会受到权限的限制。如果以root用户启动tcpdump，tcpdump将会有超级用户权限

Traceroute

traceroute [options] [hostname/IP]

-T使用tcp协议追踪

root@testhost01:~# traceroute -T 8.8.4.4

traceroute to 8.8.4.4 (8.8.4.4), 30 hops max, 60 byte packets

1 _gateway (192.168.105.2) 0.203 ms 0.099 ms *

2 dns.google (8.8.4.4) 128.577 ms 128.472 ms 128.370 ms

root@testhost01:~# traceroute -T 114.114.114.114

traceroute to 114.114.114.114 (114.114.114.114), 30 hops max, 60 byte packets

1 _gateway (192.168.105.2) 0.164 ms 0.134 ms *

2 public1.114dns.com (114.114.114.114) 129.930 ms 129.768 ms 129.656 ms

root@testhost01:~#

Iftop

iftop命令是一个网络监视实用程序。使用命令可真实的查看网络连接和带宽使用情况。

iftop [options]

先使用字符浏览器工具浏览qq的网站：W3m www.qq.com

然后查看流量

Tracepath

tracepath [options] [hostname/IP]

Mtr

mtr命令（my traceroute）是一个诊断工具，它结合了ping和traceroute命令中的元素。该命令发送对网络质量的实时洞察，使其成为解决高延迟和数据包丢失问题的绝佳工具。

mtr [options] [hostname/IP]

不带任何参数的mtr命令启动到所提供主机的跟踪会话,如：

mtr aliyun.com

To exit the window, press q.

Nmap （这个有必要单独列一个章节深究）

nmap is a network scanning tool for network exploration and security auditing. It allows you to discover hosts on a network, identify open ports, gather information about services running on those ports, and even detect security vulnerabilities.

Syntax: nmap [scan type(s)] [options] [target spec]
Useful options: -sS(TCP SYN scan), -sU(UDP scan), -O(OS detection), -p(port range), and -v(verbose output).
Command: Perform a basic TCP SYN scan on a target host.