ip
ip命令用来显示或操纵Linux主机的路由、网络设备、策略路由和隧道,是Linux下较新的功能强大的网络配置工具。
语法
ip [ OPTIONS ] OBJECT { COMMAND | help }
选项
-s:输出更详细的信息;
-f:强制使用指定的协议族;
-4:指定使用的网络层协议是IPv4协议;
-6:指定使用的网络层协议是IPv6协议;
-0:输出信息每条记录输出一行,即使内容较多也不换行显示;
-r:显示主机时,不使用IP地址,而使用主机的域名。
OBJECT
OBJECT := { link | address | addrlabel | route | rule | neigh | ntable |
tunnel | tuntap | maddress | mroute | mrule | monitor | xfrm |
netns | l2tp | macsec | tcp_metrics | token }
link:网络设备配置
ip link show
ip link help
ip link set { DEVICE | dev DEVICE | group DEVGROUP }
[ { up | down } ] 启用关闭
[ multicast { on | off } ] 启用或禁用多播功能
[ name NEWNAME ] 重命名接口
[ mtu MTU ] 设置MTU(默认1500)
[ netns { PID | NAME } ] 用于将接口移动到指定的网络名称空间
address:IP地址配置
ip address help
ip address [ show [ dev IFNAME ] 显示接口IP信息
ip address del IFADDR dev IFNAME 删除IP地址
ip address flush dev IFNAME 清空所有的IP地址
ip address add IFADDR dev IFNAME
[label NAME] 为额外添加的地址指明接口别名
[broadcast ADDRESS] 广播地址;会根据IP和NETMASK自动计算得到
[scope SCOPE_VALUE]
global 全局可用
link 接口可用
host 仅本机可用
route:路由表配置
ip route help
ip route show
ip routeadd TYPE PREFIX via GW [dev IFNAME] [src SOURCE_IP] 添加路由
netns:网络名称空间
ip netns list
ip netns add NAME 创建虚拟网络
ip netns del NAME 删除虚拟网络
ip netns exec NAME COMMAND 在指定的netns中运行命令
实例
link
显示网卡网络设备运行状态详细信息
[root@localhost ~]# ip -s link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
RX: bytes packets errors dropped overrun mcast
0 0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
0 0 0 0 0 0
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 00:0c:29:68:d3:b9 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
43223 333 0 0 0 0
TX: bytes packets errors dropped carrier collsns
45388 264 0 0 0 0
查看模块网卡状态
[root@localhost ~]# ip link show ens33
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 00:0c:29:68:d3:b9 brd ff:ff:ff:ff:ff:ff
关闭/开启网卡
[root@localhost ~]# ip link set ens33 [down | up]
开启关闭组播 (默认打开)
[root@localhost ~]# ip link set ens33 multicast [ on | off ]
修改网卡名称(修改前需关闭网卡)
[root@localhost ~]#ip link set ens33 name ens12345
[root@localhost ~]# ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens12345: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 00:0c:29:68:d3:b9 brd ff:ff:ff:ff:ff:ff
address
显示网卡IP地址和网卡详细信息
[root@localhost ~]# ip -s address
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
RX: bytes packets errors dropped overrun mcast
0 0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
0 0 0 0 0 0
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:68:d3:b9 brd ff:ff:ff:ff:ff:ff
inet 192.168.43.107/24 brd 192.168.43.255 scope global dynamic ens33
valid_lft 2725sec preferred_lft 2725sec
inet6 fe80::d17a:125e:bcaa:d956/64 scope link
valid_lft forever preferred_lft forever
RX: bytes packets errors dropped overrun mcast
89870 686 0 0 0 0
TX: bytes packets errors dropped carrier collsns
95240 519 0 0 0
增加网卡ip地址
[root@localhost ~]# ip addr add 192.168.2.1/24 brd + label ens33.1 scope host dev ens33
[root@localhost ~]# ip addr show ens33
2: ens33: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:68:d3:b9 brd ff:ff:ff:ff:ff:ff
inet 192.168.2.1/24 brd 192.168.2.255 scope host ens33.1
valid_lft forever preferred_lft forever
inet 10.88.201.37/24 brd 10.88.201.255 scope global dynamic ens33
valid_lft 82070sec preferred_lft 82070sec
inet6 fe80::d17a:125e:bcaa:d956/64 scope link
valid_lft forever preferred_lft forever
删除网卡ip地址
[root@localhost ~]# ip addr del 192.168.2.1/24 dev ens33
[root@localhost ~]# ip addr show dev ens33
[root@localhost ~]# ip addr show ens33
2: ens33: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:68:d3:b9 brd ff:ff:ff:ff:ff:ff
inet 10.88.201.37/24 brd 10.88.201.255 scope global dynamic ens33
valid_lft 82001sec preferred_lft 82001sec
inet6 fe80::d17a:125e:bcaa:d956/64 scope link
valid_lft forever preferred_lft forever
删除网卡所有的IP地址
[root@localhost ~]# ip add flush dev ens33
route
显示路由信息
[root@localhost ~]# ip route list
default via 10.88.201.254 dev ens33 proto static metric 100
10.88.201.0/24 dev ens33 proto kernel scope link src 10.88.201.37 metric 100
192.168.1.0/24 dev ens33 proto kernel scope link src 192.168.1.1
增加路由
[root@localhost ~]# ip route add 192.168.0.0/16 via 192.168.1.254 dev ens33
[root@localhost ~]# ip route
default via 10.88.201.254 dev ens33 proto static metric 100
10.88.201.0/24 dev ens33 proto kernel scope link src 10.88.201.37 metric 100
192.168.0.0/16 via 192.168.1.254 dev ens33
192.168.1.0/24 dev ens33 proto kernel scope link src 192.168.1.1
添加默认路由
[root@localhost ~]# ip route add default via 10.88.201.254 dev ens33 proto static metric 100 src 10.88.201.37
删除路由
[root@localhost ~]# ip route del 192.168.0.0/16
[root@localhost ~]# ip route
default via 10.88.201.254 dev ens33
10.88.201.0/24 dev ens33 proto kernel scope link src 10.88.201.37 metric 100
192.168.1.0/24 dev ens33 proto kernel scope link src 192.168.1.1
netns
创建netns
[root@localhost ~]# ip netns add ns1
删除netns
[root@localhost ~]# ip netns del ns1
查看netns列表
[root@localhost ~]# ip netns list
ns1
ss
ss命令用来显示处于活动状态的套接字信息。ss命令可以用来获取socket统计信息,它可以显示和netstat类似的内容。但ss的优势在于它能够显示更多更详细的有关TCP和连接状态的信息,而且比netstat更快速更高效。
ss快的秘诀在于,它利用到了TCP协议栈中tcpdiag。tcpdiag是一个用于分析统计的模块,可以获得Linux 内核中第一手的信息,这就确保了ss的快捷高效。
语法
ss [ OPTIONS ]
ss [ OPTIONS ] [ FILTER ]
OPTIONS
-t:TCP协议的相关连接
-u:UDP相关的连接
-w:raw socket相关的连接
-l:监听状态的连接
-a:所有状态的连接
-n:数字格式
-p:相关的程序及其PID
-e:扩展格式信息
-m:内存用量
-o:计时器信息
-s:统计信息
FILTER
FILTER := [ state TCP-STATE ] [ EXPRESSION ]
TCP-STATE:
LISTEN:监听
ESTABLISEHD:建立的连接
FINWAIT1:
FINWAIT2:主动关闭链接的一方,发出FIN收到ACK以后进入该状态。称之为半连接或半关闭状态。
SYN_SENT:客户端发送SYN报文
SYN_RECV:客户端接受SYN报文
CLOSED:表示关闭状态
EXPRESSION:
dport 目标端口
sport 源端口
实例
显示所有tcp socket
[root@localhost ~]# ss -ta
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:ssh *:*
LISTEN 0 100 127.0.0.1:smtp *:*
ESTAB 0 96 10.88.201.37:ssh 10.88.201.253:51599
LISTEN 0 128 :::ssh :::*
LISTEN 0 100 ::1:smtp :::*
显示所有的UDP Socekt
[root@localhost ~]# ss -ua
显示数字格式
[root@localhost ~]# ss -tan
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
ESTAB 0 96 10.88.201.37:22 10.88.201.253:51599
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
显示网络接口状态
[root@localhost ~]# ss -s
Total: 954 (kernel 969)
TCP: 5 (estab 1, closed 0, orphaned 0, synrecv 0, timewait 0/0), ports 0
Transport Total IP IPv6
* 969 - -
RAW 1 0 1
UDP 3 2 1
TCP 5 3 2
INET 9 5 4
FRAG 0 0 0
显示本地打开的所有端口
[root@localhost ~]# ss -l
显示每个进程具体打开的socket
[root@localhost ~]# ss -pl
显示所有已建立的SMTP连接
[root@localhost ~]#ss -o state established '( dport = :smtp or sport = :smtp )'
显示所有已建立的HTTP连接
[root@localhost ~]#ss -o state established '( dport = :http or sport = :http )'
端口筛选 sport dport
[root@localhost ~]# ss dport = 51599
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
tcp ESTAB 0 96 10.88.201.37:ssh 10.88.201.253:51599
[root@localhost ~]# ss sport = 22
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
tcp ESTAB 0 96 10.88.201.37:ssh 10.88.201.253:51599
IP筛选:src dst
[root@localhost ~]# ss src 10.88.201.37
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
tcp ESTAB 0 96 10.88.201.37:ssh 10.88.201.253:51599
[root@localhost ~]# ss dst 10.88.201.253
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
tcp ESTAB 0 96 10.88.201.37:ssh 10.88.201.253:51599
通过IP+端口筛选
[root@localhost ~]# ss src 10.88.201.37:22
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
tcp ESTAB 0 96 10.88.201.37:ssh 10.88.201.253:51599
通过状态筛选
[root@localhost ~]#ss state established
筛选实例
ss sport = :http 也可以是 ss sport = :80
ss dport = :http
ss dport \> :1024
ss sport \> :1024
ss sport \< :32000
ss sport eq :22
ss dport != :22
ss state connected sport = :http
ss \( sport = :http or sport = :https \)
ss -o state fin-wait-1 \( sport = :http or sport = :https \) dst 192.168.1.1/24
配置文件
IP\NETMASK\GW\DNS等属性的配置文件
/etc/sysconfig/network-scripts/ifcfg-IFNAME
[root@localhost network-scripts]# cat /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE=Ethernet //接口类型
BOOTPROTO=dhcp //激活此接口时使用什么协议来配置接口属性,常用有dhcp\bootp\static\none
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes //是否初始化IPv6
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33
UUID=aa9015af-1ffe-4b33-b249-4aac07aa1bd8 //设备唯一接口
DEVICE=ens33 //配置文件对应的设备名称
ONBOOT=yes //是否开机激活此接口
route路由配置文件
/etc/sysconfig/network-scripts/route-IFNAME
支持两种配置方式,不可混用
1.每一行一个路由条目:
TARGET via GW
2.每三行一个路由条目:
ADDRESS#=TARGET
NETMASK#=MASK
GATEWAY#=NEXTHOP
实例
[root@localhost ~]# cat /etc/sysconfig/network-scripts/route-ens33
10.88.0.0/24 via 10.88.201.37 dev ens33
[root@localhost ~]# systemctl restart network.service
[root@localhost ~]# ip route
default via 10.88.201.254 dev ens33 proto static metric 100
10.88.0.0/24 via 10.88.201.37 dev ens33 proto static metric 100
10.88.201.0/24 dev ens33 proto kernel scope link src 10.88.201.37 metric 100
本文链接:https://www.kinber.cn/post/712.html 转载需授权!
推荐本站淘宝优惠价购买喜欢的宝贝: