跳转至

网络管理

  • net-tools: ifconfig、netstat
  • iproute2: ip、ss

net-tools已经不再维护

# 查看主机名
hostname

# 查看域名解析
nslookup www.baidu.com
"""
Server(DNS服务器):         127.0.0.53
Address:        127.0.0.53#53

Non-authoritative answer:
www.baidu.com   canonical name(别名) = www.a.shifen.com.
www.a.shifen.com        canonical name = www.wshifen.com.
Name:   www.wshifen.com
Address: 104.193.88.123
Name:   www.wshifen.com
Address: 104.193.88.77
"""
ip addr  # 或者:ip address
"""
1: lo(环回接口loopback): <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo  # scope host 表示这张网卡只可供本机互相通信
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0(第一块网卡): <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq state UP group default qlen 1000
    # <有广播地址(可以发送广播包),可以发送多播包,启动状态,L1是启动的(网线插着呢)> 最大传输单元为1500(以太网默认值)
    link/ether aa:aa:00:10:3f:d8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
    inet 23.105.203.144/21 metric 100 brd 23.105.207.255 scope global eth0
       valid_lft forever preferred_lft forever         # scope global 表示这张网卡对外接收所有的包
    inet6 fe80::a8aa:ff:fe10:3fd8/64 scope link
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq state UP group default qlen 1000
    link/ether ba:aa:00:10:3f:d8 brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
    inet 169.254.254.254/32 brd 169.254.254.254 scope global eth1
       valid_lft forever preferred_lft forever
    inet6 fe80::b8aa:ff:fe10:3fd8/64 scope link 
       valid_lft forever preferred_lft forever
"""
ip route
# 网络接口,interface,缩写if,即网卡
ifconfig [eth0]  # 默认查看所有网卡
ifconfig eth0 ip_new [netmask 子网掩码]  # 修改ip和子网掩码
ifconfig eht0 up/down  # 启用或停用网卡,等价于:ifup/ifdown eth0
"""
LISTEN 监听
ESTABLISHED 已连接
"""

# 查看网卡物理连接(网线)情况
mii-tool eth0

# 查看网关(路由)
"""默认每条ip会反解为域名,所以会较慢,-n参数不解析主机名"""
route -n
route del default gw 10.211.55.1  # 删除默认网关(0.0.0.0)
route add default gw 10.211.55.1  # 增加默认网关
route add -host 10.0.0.1 gw 10.211.55.2  # 指定主机添加明细路由
route add -net 102.168.0.0 netmask 255.255.255.0 gw 10.211.55.3  # 指定网段添加明细路由

网络故障排除

主机问题

# 检测网络是否畅通,网络丢包率、网络延迟等信息
ping [-c 2] www.baidu.com
"""
-c n 限制尝试次数
-i n 设置时间间隔
可接 host_name 或 ip

PING www.wshifen.com (104.193.88.77) 56(84) bytes of data.
64 bytes from 104.193.88.77 (104.193.88.77): icmp_seq=1 ttl=55 time=7.82 ms
64 bytes from 104.193.88.77 (104.193.88.77): icmp_seq=2 ttl=55 time=7.27 ms

--- www.wshifen.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss(丢包率), time 1002ms(网络延迟)
rtt min/avg/max/mdev = 7.266/7.544/7.822/0.278 ms
"""

# 可以追踪路由,查看每一跳
traceroute -w 1 www.baidu.com
"""
-w time 如果超时最多等待(wait)几秒

1   *  *  * 
2   96.44.162.49  0.779ms  0.611ms  0.679ms 
3   69.12.70.232  0.379ms  0.696ms  0.252ms 
4   63.218.212.169  0.728ms  0.654ms  0.642ms 
5   63.218.178.58  7.766ms  7.656ms  7.677ms 
6   63.219.23.98  8.155ms  8.128ms  8.126ms 
7   63.219.23.98  7.844ms  7.780ms  7.667ms 
8   104.193.88.13  10.636ms  8.459ms  8.530ms 
9   *  *  * 
10   *  *  * 
"""

mtr查看数据包是否丢失比traceroute信息更清晰,而且不需要额外安装

mtr www.baidu.com

20220711155551

端口问题

# 检查当前主机到目标主机某端口是否畅通
telnet www.baidu.com 80
"""
Trying 104.193.88.123...
Connected to www.wshifen.com.  # 表示畅通,否则返回端口不可达
Escape character is '^]'.
^]  # 使用ctrl+右方括号退出
telnet> quit  # 然后再输入quit关闭
Connection closed.
"""

端口如果能通,可以抓包分析数据包

tcpdump -i any -n port 80
tcpdump -i any -n host 10.0.0.1 and port 80 -w /tmp/filename
"""
-i any  抓取所有网卡的数据包
-n  如果有域名,解析为ip形式显示
host 10.0.0.1  抓取流向指定主机的数据
port 80  抓取流向指定端口的数据
-w path  存储到文件
"""
  • 数据包如果也没问题,检查服务监听范围
# 查看哪个进程绑定到了80端口
netstat -ntpl | grep :80  
"""
-n 将域名显示为ip地址

-a 列出所有连接、监听、socket信息
-t 仅列出tcp包
-u 仅列出udp包

-p 列出端口对应的进程

-l LISTEN状态的
-c 持续输出

Active Internet connections (only servers)
Proto   Recv-Q  Send-Q   Local Address         Foreign Address         State       PID/Program name    
tcp        0      0     0.0.0.0:28036           0.0.0.0:*              LISTEN      34965/sshd: /usr/sb
tcp        0      0     127.0.0.53:53           0.0.0.0:*              LISTEN      25963/systemd-resol 
tcp6       0      0     :::28036                :::*                   LISTEN      34965/sshd(远程控制服务): /usr/sb 
"""

# 参数与netstat基本相同
ss -ntpl
"""
State         Recv-Q      Send-Q       Local Address:Port       Peer Address:Port     Process                                                 
LISTEN        0           4096         127.0.0.53%lo:53         0.0.0.0:*             users:(("systemd-resolve",pid=25963,fd=14))
LISTEN        0           128          0.0.0.0:28036            0.0.0.0:*             users:(("sshd",pid=34965,fd=3))
LISTEN        0           128          [::]:28036               [::]:*                users:(("sshd",pid=34965,fd=4))
"""

网络服务管理

  • SysV: service
service network start
  • Systemd: systemctl

Systemd是新的初始化系统(init),尽可能启动较少的进程,尽可能更多进程并发启动,提高了系统的启动速度

systemctl status/start/stop/restart/reload/enable/disable network_name  # enable 开机自启

systemctl list-unit-files
"""
UNIT FILE                              STATE           VENDOR PRESET
proc-sys-fs-binfmt_misc.automount      static          -            
-.mount                                generated       -            
boot.mount                             generated       -            
dev-hugepages.mount                    static          -            
dev-mqueue.mount                       static          -            
proc-sys-fs-binfmt_misc.mount          disabled        disabled     
snap-core20-1518.mount                 enabled         enabled      
snap-lxd-23270.mount                   enabled         enabled      
snap-snapd-16292.mount                 enabled         enabled      
sys-fs-fuse-connections.mount          static          -            
sys-kernel-config.mount                static          -            
sys-kernel-debug.mount                 static          -            
sys-kernel-tracing.mount               static          -            
acpid.path                             enabled         enabled      
apport-autoreport.path                 enabled         enabled      
systemd-ask-password-console.path      static          -            
systemd-ask-password-plymouth.path     static          -            
systemd-ask-password-wall.path         static          -            
session-264.scope                      transient       -            
session-267.scope                      transient       -            
acpid.service                          enabled         enabled      
apparmor.service                       enabled         enabled      
apport-autoreport.service              static          -            
apport-forward@.service                static          -            
apport.service                         generated       -            
apt-daily-upgrade.service              static          -            
apt-daily.service                      static          -            
autovt@.service                        alias           -           
"""

防火墙

  • 硬件防火墙:防御(比如DDS攻击),兼顾软件数据包过滤功能
  • 软件防火墙:数据包过滤,是否允许某个IP或者端口进入主机或者转发等,又可以分为包过滤防火墙和应用防火墙

从 Linux Kernel 2.4 版开始,内核开放了一套通用的、可供代码干预数据在协议栈中流转的过滤器框架Netfilter,基于 Netfilter 设计的 Xtables 系工具,比如 iptables。

iptables的价值便是以配置去实现原本用 Netfilter 编码才能做到的事情。

  • 四(规则)表:filternatmangleraw
  • 五(规则)链:INPUTOUTPUTFORWARDPREROUTINGPOSTROUTING

最后更新: 2022-07-13