ifconfig命令:
功能:接口及地址查看和管理
ifconfig [INTERFACE]
ifconfig -a:顯示所有接口,包括inactive(未激活)狀態的接口;
實例:-a參數的使用
[root@Linux_11 ~]# ifconfig -a
eth0 Linkencap:Ethernet HWaddr 00:0C:29:06:12:D4(MAC地址)
inetaddr:192.168.3.11 Bcast:192.168.3.255 Mask:255.255.255.0
inet6 addr:fe80::20c:29ff:fe06:12d4/64 Scope:Link
UP(表示激活狀態) BROADCAST (支持廣播)RUNNING(正在運行狀態)MULTICAST(支持多播或組播) MTU:1500(最大傳輸單元(字節),即此接口一次所能傳輸的最大封包) Metric:1( 表示路由度量值,缺省值是0)
RX packets:195(表示網絡由激活到目前爲止接收的數據包) errors:0 dropped:0 overruns:0 (溢出)frame:0(幀)
TX packets:125 (表示網絡由激活到目前爲止發送的數據包)errors:0 dropped:0overruns:0 carrier:0
collisions:0txqueuelen:1000 (傳輸隊列長度)
RX bytes:21717 (21.2KiB) TX bytes:15247 (14.8 KiB)
Interrupt:19 Baseaddress:0x2024
eth1 Linkencap:Ethernet HWaddr00:0C:29:06:12:DE
inetaddr:192.168.174.128 Bcast:192.168.174.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe06:12de/64Scope:Link
UP BROADCAST RUNNINGMULTICAST MTU:1500 Metric:1
RX packets:102errors:0 dropped:0 overruns:0 frame:0
TX packets:96errors:0 dropped:0 overruns:0 carrier:0
collisions:0txqueuelen:1000
RX bytes:11969 (11.6KiB) TX bytes:8770 (8.5 KiB)
Interrupt:19 Baseaddress:0x20a4
提示:
ip地址中主機號全爲1的是廣播地址,主機號全爲0的是網絡地址
例如:
C類網絡地址的前3個字節用來表示網絡號,只有一個字節被用來表示主機地址,就是我們通常說的主機。
IP地址:192.168.100.102
將所有的主機位置都爲off,就是全爲0,所得到的地址就是192.168.100.0,它是一個網絡地址,代表的是一個網段;
如果將所有的主機位置都爲on,就是全爲1,所得到的地址就是192.168.100.255,它是一個廣播地址,
我們的合法主機地址就是介於網絡地址和廣播地址之間的地址,比如:在192.168.100.0——192.168.100.255之間都可以。
補充一下廣播地址的概念:
被應用程序和主機用來將信息發送到網絡上所有結點的地址:比如192.168.100.255,它用於指向192.168.100的所有主機。lo表示迴環測試接口,這個虛擬的interface一定要存在!
實例:查看某一個網卡狀態
[root@Linux_11 ~]# ifconfig eth2
eth2 Linkencap:Ethernet HWaddr00:0C:29:06:12:E8
inetaddr:192.168.4.1 Bcast:192.168.4.255 Mask:255.255.255.0
inet6 addr:fe80::20c:29ff:fe06:12e8/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:111errors:0 dropped:0 overruns:0 frame:0
TX packets:55errors:0 dropped:0 overruns:0 carrier:0
collisions:0txqueuelen:1000
RX bytes:11786 (11.5KiB) TX bytes:6778 (6.6 KiB)
Interrupt:16 Baseaddress:0x2424
ifconfig interface [aftype] options | address ...
設置ip的兩種方法:
ifconfig IFACE IP/MASK [up|down]
ifconfig IFACE IP netmask NETMASK
options:
[-]promisc混雜模式
-promisc 刪除混雜模式
什麼是混雜模式?
答:混雜模式就是接收所有經過網卡的數據包,包括不是發給本機的包。默認情況下網卡只把發給本機的包(包括廣播包)傳遞給上層程序,其它的包一律丟棄。簡單的講,混雜模式就是指網卡能接受所有通過它的數據流,不管是什麼格式,什麼地址的。事實上,計算機收到數據包後,由網絡層進行判斷,確定是遞交上層(傳輸層),還是丟棄,還是遞交下層(數據鏈路層、MAC子層)轉發。
通常在需要用到抓包工具,例如ethereal、sniffer、capsa時,需要把網卡置於混雜模式,需要用到軟件Winpcap。winpcap是windows平臺下一個免費,公共的網絡訪問系統。開發winpcap這個項目的目的在於爲win32應用程序提供訪問網絡底層的能力。簡單的說,網卡的混雜模式是爲網絡分析而提供的。
注意:
以上方法立即送往內核中的TCP/IP協議棧,並生效;但是重啓網絡服務之後不生效了,這個生效只是臨時的。
管理IPv6地址:
add addr/prefixlen
del addr/prefixlen
addr:ipv6地址
prefixlen:掩碼的長度
實例:第一種形式,設置某網卡的ip地址
[root@Linux_11 ~]# ifconfig eth1192.168.5.2/16 up
[root@Linux_11 ~]# ifconfig eth1
eth1 Linkencap:Ethernet HWaddr00:0C:29:06:12:DE
inetaddr:192.168.5.2 Bcast:192.168.63.255 Mask:255.255.192.0
inet6 addr: fe80::20c:29ff:fe06:12de/64Scope:Link
UP BROADCAST RUNNINGMULTICAST MTU:1500 Metric:1
RX packets:129errors:0 dropped:0 overruns:0 frame:0
TX packets:99errors:0 dropped:0 overruns:0 carrier:0
collisions:0txqueuelen:1000
RX bytes:15389 (15.0KiB) TX bytes:9496 (9.2 KiB)
Interrupt:19 Baseaddress:0x20a4
實例:第二種形式,設置某網卡的ip地址
[root@Linux_11 ~]# ifconfig eth1192.168.6.22 netmask 255.255.255.0 up
[root@Linux_11 ~]# ifconfig eth1
eth1 Linkencap:Ethernet HWaddr00:0C:29:06:12:DE
inetaddr:192.168.6.22 Bcast:192.168.6.255 Mask:255.255.255.0
inet6 addr:fe80::20c:29ff:fe06:12de/64 Scope:Link
UP BROADCAST RUNNINGMULTICAST MTU:1500 Metric:1
RX packets:129errors:0 dropped:0 overruns:0 frame:0
TX packets:99errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:15389 (15.0KiB) TX bytes:9496 (9.2 KiB)
Interrupt:19 Baseaddress:0x20a4
實例:開啓/關閉網卡的promisc(混雜)模式
開啓混雜模式
[root@Linux_11 ~]# ifconfig eth1 promisc
[root@Linux_11 ~]# ifconfig eth1
eth1 Linkencap:Ethernet HWaddr00:0C:29:06:12:DE
inetaddr:192.168.174.128 Bcast:192.168.174.255 Mask:255.255.255.0
inet6 addr:fe80::20c:29ff:fe06:12de/64 Scope:Link
UP BROADCAST RUNNINGPROMISC MULTICAST MTU:1500 Metric:1
RX packets:175errors:0 dropped:0 overruns:0 frame:0
TX packets:123errors:0 dropped:0 overruns:0 carrier:0
collisions:0txqueuelen:1000
RX bytes:21755 (21.2KiB) TX bytes:13072 (12.7 KiB)
Interrupt:19 Baseaddress:0x20a4
關閉混雜模式
[root@Linux_11 ~]# ifconfig eth1-promisc
[root@Linux_11 ~]# ifconfig eth1
eth1 Linkencap:Ethernet HWaddr00:0C:29:06:12:DE
inetaddr:192.168.174.128 Bcast:192.168.174.255 Mask:255.255.255.0
inet6 addr:fe80::20c:29ff:fe06:12de/64 Scope:Link
UP BROADCAST RUNNINGMULTICAST MTU:1500 Metric:1
RX packets:178errors:0 dropped:0 overruns:0 frame:0
TX packets:123errors:0 dropped:0 overruns:0 carrier:0
collisions:0txqueuelen:1000
RX bytes:22342 (21.8 KiB) TX bytes:13072 (12.7 KiB)
Interrupt:19 Baseaddress:0x20a4
提示:
promisc是混雜模式,可以收聽網絡上非發給你網卡地址的數據報文,可以進行******。
route命令:
Linux系統的route命令用於顯示和操作IP路由表(show / manipulate the IP routing table)。要實現兩個不同的子網之間的通信,需要一臺連接兩個網絡的路由器,或者同時位於兩個網絡的網關來實現。在Linux系統中,設置路由通常是爲了解決以下問題:該Linux系統在一個局域網中,局域網中有一個網關,能夠讓機器訪問Internet,那麼就需要將這臺機器的IP地址設置爲Linux機器的默認路由。要注意的是,直接在命令行下執行route命令來添加路由,不會永久保存,當網卡重啓或者機器重啓之後,該路由就失效了;可以在/etc/rc.local中添加route命令來保證該路由設置永久有效。
命令格式:
route [-f] [-p] [Command [Destination][mask Netmask] [Gateway] [metric Metric]] [if Interface]]
功能:路由查看及管理
-n 不解析名字
-v 顯示詳細的處理信息
-F 顯示發送信息
-C 顯示路由緩存
-f 清除所有網關入口的路由表。
-p 與 add 命令一起使用時使路由具有永久性。
add:添加一條新路由。
del:刪除一條路由。
-net:目標地址是一個網絡。
-host:目標地址是一個主機。
netmask:當添加一個網絡路由時,需要使用網絡掩碼。
gw:路由數據包通過網關。注意,你指定的網關必須能夠達到。
metric:設置路由跳數。
路由條目類型:
主機路由:目標地址爲單個IP;
網絡路由:目標地址爲IP網絡;
默認路由:目標爲任意網絡,0.0.0.0/0.0.0.0
查看路由表:
route -n
-n:表示不解析域名
實例:查看本機路由表
[root@Linux_11 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.4.0 0.0.0.0 255.255.255.0 U 1 0 0 eth2
192.168.3.0 0.0.0.0 255.255.255.0 U 1 0 0 eth0
192.168.174.0 0.0.0.0 255.255.255.0 U 1 0 0 eth1
以上三行Gateway爲0.0.0.0表示不需要任何網關,目標主機爲自己的網段,爲直連路由。
0.0.0.0 192.168.174.2 0.0.0.0 UG 0 0 0 eth1
上面一行Destination爲0.0.0.0表示這是默認 網關
相關說明如下:
Destination:目標地址(target)
Gateway:網關
Genmask:目標地址的子網掩碼
Flags:路由條目的狀態,U表示UP,代表啓用狀態。UG表示它是一個網關且已經啓用。
U U:表示此路由當前爲啓動狀態
H Host:表示此網關爲一主機
G Gateway:表示此網關爲一路由器
R Reinstate Route:使用動態路由重新初始化的路由
D Dynamically:此路由是動態性地寫入
M Modified:此路由是由路由守護程序或導向器動態修改
!:表示此路由當前爲關閉狀態
Metric:度量值,到底目的地的開銷
Iface:網卡
添加路由:
route add [-net|-host] target [netmask Nm] [gw GW] [[dev] If]
示例:
routeadd -net 10.0.0.0/8 gw 192.168.10.1 dev eth1
routeadd -net 0.0.0.0/0.0.0.0 gw192.168.10.1
routeadd -net 10.0.0.0 netmask 255.0.0.0
routeadd default gw 192.168.10.1 添加默認網關
實例:添加一個路由條目,且目標地址爲一個ip網絡
[root@Linux_22 ~]# route add -net10.0.0.0/8 gw 192.168.4.33
[root@Linux_22 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.4.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1003 0 0 eth0
10.0.0.0 192.168.4.33 255.0.0.0 UG 0 0 0 eth0
0.0.0.0 192.168.4.1 0.0.0.0 UG 0 0 0eth0
[root@Linux_22 ~]# route add -net10.0.0.0/8 gw 192.168.44.33
SIOCADDRT: 沒有那個進程
注意:
上面添加路由條目並沒有寫是在哪個網卡設備上添加,不使用dev參數,則系統會自動判斷出來。
添加的路由條目中的網關一定要和主機上某塊網卡的ip地址在一個網段中。
實例:添加一條路由,並且屏蔽它
route add -net 224.0.0.0 netmask 240.0.0.0 reject
刪除路由:
route del [-net|-host] target [gw Gw] [netmask Nm] [[dev] If]
示例:
route del -net 10.0.0.0/8
說明:
如果目標地址只有一個可以使用這種方法進行刪除,如果有多個的話,則只能刪除符合條件的第一個路由條目,有多個則需要指定網卡設備來刪除
route del -net 10.0.0.0/8 gw 192.168.10.1
route del -net 224.0.0.0 netmask 240.0.0.0
route del -net 224.0.0.0 netmask 240.0.0.0 reject
route del default
實例:刪除一個路由條目
[root@Linux_22 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.4.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1003 0 0 eth0
10.0.0.0 169.254.12.33 255.0.0.0 UG 0 0 0 eth0
10.0.0.0 192.168.4.33 255.0.0.0 UG 0 0 0 eth0
0.0.0.0 192.168.4.1 0.0.0.0 UG 0 0 0 eth0
[root@Linux_22 ~]# route del -net 10.0.0.0/8 #注意:只刪除了一條
[root@Linux_22 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.4.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1003 0 0 eth0
10.0.0.0 192.168.4.33 255.0.0.0 UG 0 0 0 eth0
0.0.0.0 192.168.4.1 0.0.0.0 UG 0 0 0 eth0
實例:刪除默認網關
命令:
route del default gw 192.168.120.240
route del default
[root@Linux_22 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.4.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1003 0 0 eth0
10.0.0.0 192.168.4.33 255.0.0.0 UG 0 0 0 eth0
0.0.0.0 192.168.4.1 0.0.0.0 UG 0 0 0 eth0
[root@Linux_22 ~]# route del default
[root@Linux_22 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.4.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1003 0 0 eth0
10.0.0.0 192.168.4.33 255.0.0.0 UG 0 0 0 eth0
netstat命令:
功能:打印網絡連接、路由表,接口統計、僞裝連接、多目廣播、成員關係
[root@Linux_11 ~]# netstat
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 52 192.168.3.1:ssh 192.168.3.254:62423 ESTABLISHED
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags Type State I-Node Path
unix 14 [ ] DGRAM 12870 /dev/log
unix 2 [ ] DGRAM 9311 @/org/kernel/udev/udevd
unix 2 [ ] DGRAM 13775 @/org/freedesktop/hal/udev_event
unix 2 [ ] DGRAM 15524
unix 3 [ ] STREAM CONNECTED 15114 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 15113
unix 2 [ ] DGRAM 14798
unix 2 [ ] DGRAM 14774
unix 2 [ ] DGRAM 14736
unix 2 [ ] DGRAM 14717
unix 3 [ ] STREAM CONNECTED 14682
unix 3 [ ] STREAM CONNECTED 14681
proto:網絡的數據包協議,主要分爲TCP和UDP數據包
Recv-Q:非由用戶進程連接到此socket的複製的總字節數
Send-Q:非由遠程主機傳送過來的acknowledged總字節數
LocalAddress:本地的IP端口情況
Foreign Address:遠程主機的IP端口情況
State:連接狀態,主要有建立(ESTABLISHED)及監聽(LISTEN)
Proto:一般就是unix
RefCnt:連接到此socket的進程數量
Flags:連接的標識
Type:socket訪問的類型,主要有確認連接的STREAM與不需確認的DGRAM兩種
State:若爲CONNECTED表示多個進程之間已經連接建立
Path:連接到此socket的相關程序的路徑,或者是相關數據輸出的路徑
顯示路由表:
netstat -rn
-r:顯示內核路由表
-n:數字格式
實例:顯示本機路由表
[root@Linux_22 ~]# netstat -r
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.4.0 * 255.255.255.0 U 0 0 0 eth0
link-local * 255.255.0.0 U 0 0 0 eth0
10.0.0.0 192.168.4.33 255.0.0.0 UG 0 0 0 eth0
[root@Linux_22 ~]# netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.4.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
10.0.0.0 192.168.4.33 255.0.0.0 UG 0 0 0 eth0
顯示網絡連接:
netstat [--tcp|-t] [--udp|-u] [--udplite|-U] [--sctp|-S] [--raw|-w] [--listening|-l] [--all|-a] [--numeric|-n] [--extend|-e[--extend|-e]] [--program|-p]
-t:TCP協議的相關連接,連接均有其狀態;FSM(Finate StateMachine);
-u:UDP相關的連接
-w:raw socket(裸套接字)相關的連接
-l:處於監聽狀態的連接
-a:所有狀態
-n:以數字格式顯示IP和Port;
-e:擴展格式
-p:顯示相關的進程及PID;
常用組合:
-tan
-uan
以上兩者是查看TCP或者UDP所有狀態的連接
-tnl
-unl
以上兩者是查看TCP或者UDP處於監聽狀態的連接
-tunlp
以上是查看TCP和UDP處於監聽狀態的連接並顯示相應的進程及PID
傳輸層協議:
tcp:面向連接的協議;通信開始之前,要建立一個虛鏈路;通信完成後還要拆除連接;
udp:無連接的協議;直接發送數據報文;
實例:查看TCP相關連接
[root@Linux_22 ~]# netstat –t #不加-a參數,默認只顯示ESTABLISHED的狀態
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 192.168.4.22:ssh 192.168.4.1:52839 ESTABLISHED
說明:
狀態ESTABLISHED說明本主機已經和192.168.4.1這臺主機連接上了,且本地的監聽端口是22,對方的監聽端口是52839
[root@Linux_22 ~]# netstat –ta #顯示TCP協議的所有狀態
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0*:49731 *:* LISTEN
tcp 0 0*:sunrpc *:* LISTEN
tcp 0 0 *:ssh *:* LISTEN
tcp 0 0localhost:ipp *:* LISTEN
tcp 0 0localhost:smtp *:* LISTEN
tcp 0 0192.168.4.22:ssh 192.168.4.1:52839 ESTABLISHED
tcp 0 0*:37603 *:* LISTEN
tcp 0 0*:sunrpc *:* LISTEN
tcp 0 0 *:ssh *:* LISTEN
tcp 0 0localhost:ipp *:* LISTEN
tcp 0 0localhost:smtp *:* LISTEN
[root@Linux_22 ~]# netstat –tan #不解析域名,且查看TCP所有狀態的連接
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 00.0.0.0:49731 0.0.0.0:* LISTEN
tcp 0 00.0.0.0:111 0.0.0.0:* LISTEN
tcp 0 00.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0127.0.0.1:631 0.0.0.0:* LISTEN
tcp 0 0127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 0192.168.4.22:22 192.168.4.1:52839 ESTABLISHED
tcp 0 0 :::37603 :::* LISTEN
tcp 0 0 :::111 :::* LISTEN
tcp 0 0 :::22 :::* LISTEN
tcp 0 0 ::1:631 :::* LISTEN
tcp 0 0 ::1:25 :::* LISTEN
[root@Linux_22 ~]# netstat –tnl #僅查看TCP處於監聽狀態的連接
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:49731 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
tcp 0 00.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 0 :::37603 :::* LISTEN
tcp 0 0 :::111 :::* LISTEN
tcp 0 0 :::22 :::* LISTEN
tcp 0 0 ::1:631 :::* LISTEN
tcp 0 0 ::1:25 :::* LISTEN
說明:
-l只查看本機處於監聽狀態的端口,意思是還沒有另外的主機來訪問此端口。
實例:-p參數的使用,顯示相關的進程以PID
[root@Linux_22 ~]# netstat -tunpl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:49731 0.0.0.0:* LISTEN 1855/rpc.statd
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1810/rpcbind
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 2021/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1889/cupsd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2254/master
tcp 0 0 :::37603 :::* LISTEN 1855/rpc.statd
tcp 0 0 :::111 :::* LISTEN 1810/rpcbind
tcp 0 0 :::22 :::* LISTEN 2021/sshd
tcp 0 0 ::1:631 :::* LISTEN 1889/cupsd
tcp 0 0 ::1:25 :::* LISTEN 2254/master
udp 0 0 0.0.0.0:34454 0.0.0.0:* 1855/rpc.statd
udp 0 0 0.0.0.0:713 0.0.0.0:* 1810/rpcbind
udp 0 0 0.0.0.0:111 0.0.0.0:* 1810/rpcbind
udp 0 0 0.0.0.0:631 0.0.0.0:* 1889/cupsd
udp 0 0 0.0.0.0:759 0.0.0.0:* 1855/rpc.statd
udp 0 0 :::57112 :::* 1855/rpc.statd
udp 0 0 :::713 :::* 1810/rpcbind
udp 0 0 :::111 :::* 1810/rpcbind
實例:-e參數的使用
[root@Linux_22 ~]# netstat –tne #以擴展格式查看,顯示用戶UID等信息
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State User Inode
tcp 0 0 192.168.4.22:22 192.168.4.1:52839 ESTABLISHED 0 20117
注意:
User:說明啓動此進程的用戶的UID
Inode:所使用的套接字文件的inode值
實例:查看本機UDP相關連接
[root@Linux_22 ~]# netstat -un
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
[root@Linux_22 ~]# netstat -unl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
udp 0 0 0.0.0.0:34454 0.0.0.0:*
udp 0 0 0.0.0.0:68 0.0.0.0:*
udp 0 0 0.0.0.0:713 0.0.0.0:*
udp 0 0 0.0.0.0:111 0.0.0.0:*
udp 0 0 0.0.0.0:631 0.0.0.0:*
udp 0 0 0.0.0.0:759 0.0.0.0:*
udp 0 0 :::57112 :::*
udp 0 0 :::713 :::*
udp 0 0 :::111 :::*
注意:
UDP是無連接的協議,所以沒有狀態。
顯示接口的統計數據:
netstat {--interfaces|-I|-i} [iface] [--all|-a][--extend|-e] [--verbose|-v] [--program|-p] [--numeric|-n]
netstat
-i:顯示所有接口的統計數據:
實例:顯示所有接口的統計數據
[root@Linux_22 ~]# netstat –i #小寫的i
Kernel Interface table
Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0 1500 0 1428 0 0 0 870 0 0 0 BMRU
eth1 1500 0 6356 0 0 0 368 0 0 0 BMRU
lo 16436 0 0 0 0 0 0 0 0 0 LRU
指定接口:
netstat -i<IFace>
實例:顯示某一接口的統計數據
[root@Linux_22 ~]# netstat -ieth0
Kernel Interface table
Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0 1500 0 1397 0 0 0 852 0 0 0 BMRU
注意:
上面對應的值使用ifconfig eth0也可以顯示出來
-i和eth0之間沒有空格
ifup/ifdown命令:
注意:
這兩個命令是通過配置文件/etc/sysconfig/network-scripts/ifcfg-IFACE來識別接口並完成配置;
[root@Linux_1 ~]# ifdown eth1
用法: ifdown <設備名>
[root@Linux_1 ~]# cd/etc/sysconfig/network-scripts/
[root@Linux_1 network-scripts]# ls
ifcfg-eth0 ifdown-ippp ifdown-routes ifup-bnep ifup-plip ifup-sit network-functions
ifcfg-lo ifdown-ipv6 ifdown-sit ifup-eth ifup-plusb ifup-tunnel network-functions-ipv6
ifdown ifdown-isdn ifdown-tunnel ifup-ippp ifup-post ifup-wireless
ifdown-bnep ifdown-post ifup ifup-ipv6 ifup-ppp init.ipv6-global
ifdown-eth ifdown-ppp ifup-aliases ifup-isdn ifup-routes net.hotplug
[root@Linux_1 network-scripts]# vimifcfg-lo
DEVICE=lo
IPADDR=127.0.0.1
NETMASK=255.0.0.0
NETWORK=127.0.0.0
# If you're having problems with gated making 127.0.0.0/8 a martian,
# you can change this to something else (255.255.255.255, forexample)
BROADCAST=127.255.255.255
ONBOOT=yes
NAME=loopback
提示
如上子網掩碼是255.0.0.0,所以只要ip地址是以127開頭的就代表是本地迴環地址
~
hostname命令:
CentOS6的設置方法如下:
查看:hostname
配置:hostname HOSTNAME
注意:
C 以上設置方法僅對當前系統有效,重啓後無效;
CentOS6需要改配置文件才能永久生效,即hostname配置文件:
/etc/sysconfig/network
HOSTNAME=<HOSTNAME>
注意:此方法的設置不會立即生效; 需要重啓以後會一直有效;
CentOS7的設置方法如下:
hostnamectl status:顯示當前主機名信息;
hostnamectl set-hostname:設定主機名,永久有效;
注意:
C CentOS的設置方法是永久有效的,不需要改配置文件。
配置DNS服務器指向:
配置文件:/etc/resolv.conf
nameserver DNS_SERVER_IP
dig命令
功能:Dig是一個在類Unix命令行模式下查詢DNS包括NS記錄,A記錄,MX記錄等相關信息的工具。DNS lookup utility
全名:domain information groper
如何測試(host/nslookup/dig):
A:把主機名解析爲IP
-x:反解析,把IP地址解析爲域名
注意:
dig不會檢查host文件,而是直接使用DNS服務器。
# dig -t A FQDN
FQDN --> IP
示例:把域名解析爲ip地址
[root@Linux_1 ~]# dig -t A www.baidu.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6<<>> -t A www.baidu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3994
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 5, ADDITIONAL: 5
;; QUESTION SECTION:
;www.baidu.com. IN A
;; ANSWER SECTION:
www.baidu.com. 5 IN CNAME www.a.shifen.com.
www.a.shifen.com. 5 IN A 119.75.217.109
www.a.shifen.com. 5 IN A 119.75.218.70
;; AUTHORITY SECTION:
a.shifen.com. 5 IN NS ns3.a.shifen.com.
a.shifen.com. 5 IN NS ns4.a.shifen.com.
a.shifen.com. 5 IN NS ns5.a.shifen.com.
a.shifen.com. 5 IN NS ns2.a.shifen.com.
a.shifen.com. 5 IN NS ns1.a.shifen.com.
;; ADDITIONAL SECTION:
ns1.a.shifen.com. 5 IN A 61.135.165.224
ns2.a.shifen.com. 5 IN A 180.149.133.241
ns3.a.shifen.com. 5 IN A 61.135.162.215
ns4.a.shifen.com. 5 IN A 115.239.210.176
ns5.a.shifen.com. 5 IN A 119.75.222.17
;; Query time: 54 msec
;; SERVER: 192.168.174.2#53(192.168.174.2)
;; WHEN: Fri Jan 1 09:08:182016
;; MSG SIZE rcvd: 260
# dig -x IP
IP --> FQDN
示例:把ip地址反解成域名
[root@Linux_1 ~]# dig -x 119.75.217.109
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6<<>> -x 119.75.217.109
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id:42731
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;109.217.75.119.in-addr.arpa. IN PTR
;; AUTHORITY SECTION:
119.in-addr.arpa. 5 IN SOA ns1.apnic.net.read-txt-record-of-zone-first-dns-admin.apnic.net. 3006087382 7200 1800 604800172800
;; Query time: 4024 msec
;; SERVER: 192.168.174.2#53(192.168.174.2)
;; WHEN: Fri Jan 1 09:09:222016
;; MSG SIZE rcvd: 134
注意:大多數ip不支持反解
nslookup命令
host命令
iproute家族:
ip命令:
功能:操作管理路由、設備、策略路由和隧道show manipulate routing, devices, policy routing and tunnels
ip [ OPTIONS ] OBJECT { COMMAND | help }
OBJECT := { link | addr | route |netns }
提示:
OBJECT可簡寫,各OBJECT的子命令也可簡寫;
ip link子命令:
功能:網絡設備配置(network device configuration)
ip link set
功能:改變設備的屬性(changedevice attributes)
dev NAME (default):指明要管理的設備,dev關鍵字可省略;
up和down:
multicast on或multicastoff:啓用或禁用多播(即組播)功能;
name NAME:重命名接口
mtu NUMBER:設置MTU的大小,默認爲1500;
netns PID:ns爲namespace,用於將接口移動到指定的網絡名稱空間;
實例:禁用網卡
[root@Linux_11 route]# ip link set eth1down 或者 ip link dev eht1 down # dev關鍵字可省略
[root@Linux_11 route]# ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue stateUNKNOWN
link/loopback00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdiscpfifo_fast state UNKNOWN qlen 1000
link/ether00:0c:29:06:12:d4 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast stateDOWN qlen 1000
link/ether00:0c:29:06:12:de brd ff:ff:ff:ff:ff:ff
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdiscpfifo_fast state UNKNOWN qlen 1000
link/ether00:0c:29:06:12:e8 brd ff:ff:ff:ff:ff:ff
實例:啓用網卡的多播功能
[root@Linux_11 route]# ip link set eth2multicast on
[root@Linux_11 route]# ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue stateUNKNOWN
link/loopback00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdiscpfifo_fast state UNKNOWN qlen 1000
link/ether00:0c:29:06:12:d4 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast stateDOWN qlen 1000
link/ether00:0c:29:06:12:de brd ff:ff:ff:ff:ff:ff
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP>mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
link/ether00:0c:29:06:12:e8 brd ff:ff:ff:ff:ff:ff
實例:給網卡接口改名
[root@Linux_11 route]# ip link set eth2name eth222
RTNETLINK answers: Device or resource busy
[root@Linux_11 route]# ip link set eth2down #需要先停止網卡再改名
[root@Linux_11 route]# ip link set eth2name eth222
[root@Linux_11 route]# ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue stateUNKNOWN
link/loopback00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdiscpfifo_fast state UNKNOWN qlen 1000
link/ether00:0c:29:06:12:d4 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast stateDOWN qlen 1000
link/ether00:0c:29:06:12:de brd ff:ff:ff:ff:ff:ff
4: eth222:<BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN qlen 1000
link/ether 00:0c:29:06:12:e8 brd ff:ff:ff:ff:ff:ff
注意:
必須先禁用此網卡才能夠改名
知識點:什麼是MTU?
通信術語,最大傳輸單元(Maximum Transmission Unit,MTU)是指一種通信協議的某一層上面所能通過的最大數據包大小(以字節爲單位)。最大傳輸單元這個參數通常與通信接口有關(網絡接口卡、串口等)“MTU=最大傳輸單元單位:字節 英文:MaximumTransmission Unit”我們平時上網時的各種操作,都是通過一個又一個“數據包”傳輸來實現的。而MTU指定了網絡中可傳輸數據包的最大尺寸,在我們常用的以太網中,MTU是1500字節。超過此大小的數據包就會將多餘的部分拆分再單獨傳輸。就像貨車通過限高的橋洞一樣,貨物高度超過限制高度了,就需要卸下一些貨物,分兩批通過限高路段。
ip link show
功能:顯示設備的屬性( display device attributes)
與ip link list作用完全相同
實例:顯示所有設備的屬性
[root@Linux_11 route]# ip link show #顯示所有的設備的屬性
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue stateUNKNOWN
link/loopback00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdiscpfifo_fast state UNKNOWN qlen 1000
link/ether00:0c:29:06:12:d4 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc(隊列) pfifo_fast(隊列類型) stateUP(當前狀態) qlen 1000(支持的隊列長度)
link/ether00:0c:29:06:12:de brd ff:ff:ff:ff:ff:ff(廣播地址)
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdiscpfifo_fast state UNKNOWN qlen 1000
link/ether00:0c:29:06:12:e8 brd ff:ff:ff:ff:ff:ff
實例:僅顯示某一個設備的屬性
[root@Linux_11 ~]# ip link show eth2
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdiscpfifo_fast state UNKNOWN qlen 1000
link/ether00:0c:29:06:12:e8 brd ff:ff:ff:ff:ff:ff
ip link help - 顯示簡要使用幫助;
ip netns子命令
功能:管理網絡命名空間(manage network namespaces)用於將接口移動到指定的網絡名稱空間;
全名:net name space
提示:
CentOS6默認不支持
ip netns list:
列出所有的netns
[root@localhost ~]# ip netns add mynet
[root@localhost ~]# ip netns list
mynet
ip netns add
ip netns add NAME:創建指定的netns
實例:增加一個網絡命名空間,並且將一個網卡加入此網絡命令空間
[root@localhost ~]# ip netns add mynet
[root@localhost ~]# ip netns list
mynet
[root@localhost system]# ip link setens38 netns mynet
[root@localhost system]# ifconfig #此時ens38放到網絡命令空間中了,使用ifconfig看不見
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.3.71 netmask 255.255.255.0 broadcast 192.168.3.255
inet6fe80::20c:29ff:fec7:1712 prefixlen64 scopeid 0x20<link>
ether00:0c:29:c7:17:12 txqueuelen 1000 (Ethernet)
RX packets 1440 bytes 145012 (141.6 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1015 bytes 133509 (130.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ens37: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
ether00:0c:29:c7:17:1c txqueuelen 1000 (Ethernet)
RX packets 98 bytes 10247 (10.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 50 bytes 8652 (8.4 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 1944 bytes 169256 (165.2 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1944 bytes 169256 (165.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@localhost system]# ip netns execmynet ip link show #使用此命令顯示網絡命令空間中的網卡
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT
link/loopback00:00:00:00:00:00 brd 00:00:00:00:00:00
4: ens38: <BROADCAST,MULTICAST> mtu 1500qdisc noop state DOWN mode DEFAULT qlen 1000
link/ether 00:0c:29:c7:17:26 brd ff:ff:ff:ff:ff:ff
ip netns del
ip netns del NAME:刪除指定的netns
[root@localhost ~]# ip netns show
mynet
[root@localhost ~]# ip netns del mynet
[root@localhost ~]# ip netns show
[root@localhost ~]#
ip netns exec
ip netns exec NAME COMMAND:在指定的netns中運行命令
[root@localhost system]# ip netns execmynet ip link show #使用此命令顯示網絡命令空間中的網卡
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT
link/loopback00:00:00:00:00:00 brd 00:00:00:00:00:00
4: ens38: <BROADCAST,MULTICAST> mtu 1500qdisc noop state DOWN mode DEFAULT qlen 1000
link/ether 00:0c:29:c7:17:26 brd ff:ff:ff:ff:ff:ff
ip address 子命令
功能:協議地址管理(protocoladdress management)
ip address add
功能:給網卡設備添加一個ip地址add new protocol address
ip addr add IFADDR dev IFACE
[label NAME]:爲額外添加的地址指明接口別名,即在一個接口上添加多個ip地址
[broadcast ADDRESS]:廣播地址;會根據IP和NETMASK自動計算得到;
[scope SCOPE_VALUE]:作用域,適用範圍。scope的值有如下幾個:
global:全局可用;
site:僅ipv6可用
link:接口可用;
host:僅本機可用;
實例:給網卡添加一個地址
[root@Linux_11 ~]# ip addr add192.168.4.12/24 dev eth2
[root@Linux_11 ~]# ip addr show eth2
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdiscpfifo_fast state UNKNOWN qlen 1000
link/ether00:0c:29:06:12:e8 brd ff:ff:ff:ff:ff:ff
inet 192.168.4.12/24 scopeglobal eth2
inet6fe80::20c:29ff:fe06:12e8/64 scope link
valid_lft foreverpreferred_lft forever
[root@Linux_11 ~]# ifconfig eth2
eth2 Linkencap:Ethernet HWaddr00:0C:29:06:12:E8
inetaddr:192.168.4.12 Bcast:0.0.0.0 Mask:255.255.255.0
inet6 addr:fe80::20c:29ff:fe06:12e8/64 Scope:Link
UP BROADCAST RUNNINGMULTICAST MTU:1500 Metric:1
RX packets:13errors:0 dropped:0 overruns:0 frame:0
TX packets:12errors:0 dropped:0 overruns:0 carrier:0
collisions:0txqueuelen:1000
RX bytes:4446 (4.3 KiB) TX bytes:831 (831.0 b)
Interrupt:16 Baseaddress:0x2424
注意:
如上eth2前面的dev是不能省略的
實例:在一個網卡上設置多個ip地址
[root@Linux_11 ~]# ip addr add192.168.2.10/24 dev eth2
[root@Linux_11 ~]# ip addr show eth2
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdiscpfifo_fast state UNKNOWN qlen 1000
link/ether00:0c:29:06:12:e8 brd ff:ff:ff:ff:ff:ff
inet 192.168.4.12/24 scope global eth2
inet192.168.2.10/24 scope global eth2
inet6fe80::20c:29ff:fe06:12e8/64 scope link
valid_lft foreverpreferred_lft forever
[root@Linux_11 network-scripts]# ifconfigeth2
eth2 Linkencap:Ethernet HWaddr00:0C:29:06:12:E8
inetaddr:192.168.4.12 Bcast:0.0.0.0 Mask:255.255.255.0
inet6 addr:fe80::20c:29ff:fe06:12e8/64 Scope:Link
UP BROADCAST RUNNINGMULTICAST MTU:1500 Metric:1
RX packets:39errors:0 dropped:0 overruns:0 frame:0
TX packets:12errors:0 dropped:0 overruns:0 carrier:0
collisions:0txqueuelen:1000
RX bytes:13338 (13.0 KiB) TX bytes:831 (831.0 b)
Interrupt:16 Baseaddress:0x2424
注意:如上所示,此時ifconfig顯示不了第二個設置的地址,所以必須給後來添加的ip地址加一個標籤,即接口別名。
[root@Linux_11 ~]# ifconfig eth0
eth0 Linkencap:Ethernet HWaddr00:0C:29:06:12:D4
inet addr:192.168.3.11 Bcast:192.168.3.255 Mask:255.255.255.0
inet6 addr:fe80::20c:29ff:fe06:12d4/64 Scope:Link
UP BROADCAST RUNNINGMULTICAST MTU:1500 Metric:1
RX packets:919errors:0 dropped:0 overruns:0 frame:0
TX packets:761errors:0 dropped:0 overruns:0 carrier:0
collisions:0txqueuelen:1000
RX bytes:86494 (84.4KiB) TX bytes:94107 (91.9 KiB)
Interrupt:19 Baseaddress:0x2024
[root@Linux_11 ~]# ip addr add192.168.2.10/24 dev eth0 label eth0:7
[root@Linux_11 ~]# ip addr show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdiscpfifo_fast state UNKNOWN qlen 1000
link/ether00:0c:29:06:12:d4 brd ff:ff:ff:ff:ff:ff
inet 192.168.3.11/24 brd 192.168.3.255 scopeglobal eth0
inet192.168.2.10/24 scope global eth0:7
inet6fe80::20c:29ff:fe06:12d4/64 scope link
valid_lft foreverpreferred_lft forever
[root@Linux_11 ~]# ifconfig
eth0 Linkencap:Ethernet HWaddr00:0C:29:06:12:D4
inetaddr:192.168.3.11 Bcast:192.168.3.255 Mask:255.255.255.0
inet6 addr:fe80::20c:29ff:fe06:12d4/64 Scope:Link
UP BROADCAST RUNNINGMULTICAST MTU:1500 Metric:1
RX packets:1195errors:0 dropped:0 overruns:0 frame:0
TX packets:966 errors:0 dropped:0 overruns:0carrier:0
collisions:0txqueuelen:1000
RX bytes:111564(108.9 KiB) TX bytes:117285 (114.5 KiB)
Interrupt:19 Baseaddress:0x2024
eth0:7 Link encap:Ethernet HWaddr 00:0C:29:06:12:D4
inetaddr:192.168.2.10 Bcast:0.0.0.0 Mask:255.255.255.0
UP BROADCAST RUNNINGMULTICAST MTU:1500 Metric:1
Interrupt:19 Baseaddress:0x2024
ip address delete
功能:刪除ip地址delete protocol address
ip addr delete IFADDR dev IFACE
實例:使用ifconfig刪除ip地址
[root@Linux_11 ~]# ifconfig eth2 0 #直接在eth2後面加一個0即可
[root@Linux_11 ~]# ifconfig eth2
eth2 Linkencap:Ethernet HWaddr00:0C:29:06:12:E8
inet6 addr:fe80::20c:29ff:fe06:12e8/64 Scope:Link
UP BROADCAST RUNNINGMULTICAST MTU:1500 Metric:1
RX packets:2errors:0 dropped:0 overruns:0 frame:0
TX packets:12errors:0 dropped:0 overruns:0 carrier:0
collisions:0txqueuelen:1000
RX bytes:684 (684.0b) TX bytes:831 (831.0 b)
Interrupt:16 Baseaddress:0x2424
實例:使用ip命令刪除
[root@Linux_11 ~]# ip addr delete192.168.2.10/24 dev eth0 #delete可以寫成del
[root@Linux_11 ~]# ip addr show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdiscpfifo_fast state UNKNOWN qlen 1000
link/ether00:0c:29:06:12:d4 brd ff:ff:ff:ff:ff:ff
inet 192.168.3.11/24 brd 192.168.3.255scope global eth0
inet6fe80::20c:29ff:fe06:12d4/64 scope link
valid_lft foreverpreferred_lft forever
ip address show
功能:顯示網卡的ip地址look at protocol addresses
ip addr list [IFACE]:顯示接口的地址;
注意:ip addrlist 和ip addr how作用一樣
實例:顯示網卡的地址
[root@Linux_11 ~]# ip ad list #注意這個地方可以簡寫,只要可以唯一的識別出來就可以了
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue stateUNKNOWN
link/loopback00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scopehost lo
inet6 ::1/128 scope host
valid_lft foreverpreferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdiscpfifo_fast state UNKNOWN qlen 1000
link/ether00:0c:29:06:12:d4 brd ff:ff:ff:ff:ff:ff
inet 192.168.3.11/24 brd 192.168.3.255 scope globaleth0
inet6fe80::20c:29ff:fe06:12d4/64 scope link
valid_lft foreverpreferred_lft forever
ip address flush
功能:清空ip地址(flush protocol addresses)
ip addr flush dev IFACE
實例:清空地址
[root@Linux_11 ~]# ip addr show eth2
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdiscpfifo_fast state UNKNOWN qlen 1000
link/ether00:0c:29:06:12:e8 brd ff:ff:ff:ff:ff:ff
inet 192.168.4.1/24 brd192.168.4.255 scope global eth2
inet6fe80::20c:29ff:fe06:12e8/64 scope link
valid_lft foreverpreferred_lft forever
[root@Linux_11 ~]# ip addr flu dev eth2
[root@Linux_11 ~]# ip addr show eth2
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdiscpfifo_fast state UNKNOWN qlen 1000
link/ether00:0c:29:06:12:e8 brd ff:ff:ff:ff:ff:ff
ip route 子命令
功能:路由表管理器(routing table management)
ip route add
功能:add new route
提示:
使用這種方法添加路由不用指定是主機路由(host)還是網絡路由(net)
可以使用src指定源地址
如:
iproute add 192.168.0.0/24 via 10.0.0.1 dev eth0 src 10.0.0.100
實例:添加一條路由
[root@Linux_11 ~]# ip addr add10.0.0.100/8 dev eth0
[root@Linux_11 ~]# ip addr list eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdiscpfifo_fast state UNKNOWN qlen 1000
link/ether00:0c:29:06:12:d4 brd ff:ff:ff:ff:ff:ff
inet 192.168.3.11/24 brd 192.168.3.255 scopeglobal eth0
inet10.0.0.100/8 scope global eth0
inet6fe80::20c:29ff:fe06:12d4/64 scope link
valid_lft foreverpreferred_lft forever
[root@Linux_11 ~]# ip route add192.168.0.0/24 via 10.0.0.1 dev eth0
[root@Linux_11 ~]# ip route list
192.168.4.0/24 dev eth2 protokernel scope link src 192.168.4.1
192.168.3.0/24 dev eth0 protokernel scope link src 192.168.3.11
192.168.0.0/24 via 10.0.0.1 dev eth0
169.254.0.0/16 dev eth0 scopelink metric 1002
169.254.0.0/16 dev eth2 scopelink metric 1004
10.0.0.0/8 dev eth0 proto kernel scope link src 10.0.0.100
提示:via指的是網關
實例:添加默認網關
[root@Linux_11 ~]# ip route add defaultvia 192.168.4.100 dev eth2
[root@Linux_11 ~]# ip route list
192.168.4.0/24 dev eth2 protokernel scope link src 192.168.4.1 metric 1
192.168.3.0/24 dev eth0 protokernel scope link src 192.168.3.11 metric 1
default via 192.168.4.100 dev eth2
提示:後面的dev eth2都不能省略
[root@Linux_11 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.4.0 0.0.0.0 255.255.255.0 U 1 0 0 eth2
192.168.3.0 0.0.0.0 255.255.255.0 U 1 0 0 eth0
0.0.0.0 192.168.4.100 0.0.0.0 UG 0 0 0 eth2
注意:
添加的網關ip必須和某一個網卡上的ip在同一個網段內,否則添加不了。
ip route change
功能:修改路由條目change route
ip route replace
功能:change or add new one
提示:
若路由已經存在則改變,不存在則添加
ip route add TYPE PREFIX via GW [dev IFACE] [src SOURCE_IP]
ip route delete
delete route
ip route del TYPE PRIFIX
示例:
# ip route delete 192.168.1.0/24
實例:刪除一條路由
[root@Linux_11 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.4.0 0.0.0.0 255.255.255.0 U 1 0 0 eth2
192.168.3.0 0.0.0.0 255.255.255.0 U 1 0 0 eth0
172.16.0.0 192.168.3.88 255.255.255.0 UG 0 0 0 eth0
0.0.0.0 192.168.4.100 0.0.0.0 UG 0 0 0 eth2
[root@Linux_11 ~]# ip route delete172.16.0.0/24
[root@Linux_11 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.4.0 0.0.0.0 255.255.255.0 U 1 0 0 eth2
192.168.3.0 0.0.0.0 255.255.255.0 U 1 0 0 eth0
0.0.0.0 192.168.4.100 0.0.0.0 UG 0 0 0 eth2
實例:刪除默認網關
[root@Linux_1 network-scripts]# ip routeadd default via 192.168.3.12 dev eth0
[root@Linux_1 network-scripts]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.3.0 0.0.0.0 255.255.255.0 U 1 0 0 eth0
0.0.0.0 192.168.3.12 0.0.0.0 UG 0 0 0 eth0
[root@Linux_1 network-scripts]# ip routedelete default
[root@Linux_1 network-scripts]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.3.0 0.0.0.0 255.255.255.0 U 1 0 0 eth0
ip route show
ip route list
list routes
TYPE PRIFIX
實例:顯示路由
[root@Linux_11 ~]# ip route list
192.168.4.0/24 dev eth2 proto kernel scope link src 192.168.4.1 metric 1
192.168.3.0/24 dev eth0 protokernel scope link src 192.168.3.11 metric 1
default via 192.168.4.100 dev eth2
[root@Linux_11 ~]# ip route show src192.168.4.1
192.168.4.0/24 dev eth2 proto kernel scope link metric 1
ip route flush
功能:flush routing tables
[root@Linux_11 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.4.0 0.0.0.0 255.255.255.0 U 1 0 0 eth2
192.168.3.0 0.0.0.0 255.255.255.0 U 1 0 0 eth0
172.16.0.0 192.168.3.88 255.255.255.0 UG 0 0 0 eth0
0.0.0.0 192.168.4.100 0.0.0.0 UG 0 0 0 eth2
[root@Linux_11 ~]# ip route flush172.16/24
[root@Linux_11 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.4.0 0.0.0.0 255.255.255.0 U 1 0 0 eth2
192.168.3.0 0.0.0.0 255.255.255.0 U 1 0 0 eth0
0.0.0.0 192.168.4.100 0.0.0.0 UG 0 0 0 eth2
[root@Linux_11 ~]#
ip route get
功能:獲取單條路由get a single route
ip route get TYPE PRIFIX
示例:ip route get 192.168.0.0/24
實例:獲取單條路由
[root@Linux_11 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.4.0 0.0.0.0 255.255.255.0 U 1 0 0 eth2
192.168.3.0 0.0.0.0 255.255.255.0 U 1 0 0 eth0
172.16.0.0 192.168.3.88 255.255.255.0 UG 0 0 0 eth0
0.0.0.0 192.168.4.100 0.0.0.0 UG 0 0 0 eth2
[root@Linux_11 ~]# ip route get172.16.0.0/24
172.16.0.0 via 192.168.3.88 dev eth0 src 192.168.3.11
cache mtu 1500 advmss 1460 hoplimit 64