一、网络的意义
时至今日,互联网已经成了人类发展中最重要的资源,在人类还没有足够充分的准备来迎接网络时代的来临时,它就已经成了我们生活中与一切行动紧密相关的内容。我们已无法离开网络,就象生活少不了吃饭一样。虽然没有网络时代的人也存在了上万年,创造出了种种伟大的文明和辉煌成就,但是人的欲望和智慧总是相依相伴的,欲望一旦促使智慧得到开启后,会变得一发不可收拾,无法再回头。
随着网络的发展和壮大。各互联网公司对网络的安全,可靠要求也越来越大。网络管理已经成为我们必须熟悉掌握的一项基本技能。
二、Centos 6的网络管理(以太网)
centos 6网络接口的命名方式:eth[0,1,2],centos 6的网路接口命名根据mac地址来识别,第一个识别到的网卡命名为eth0,第二个识别的为eth1,以此类推。这种情况可能会导致当你在eth0配置好了网络配置文件后。当eth0这块网卡坏掉了。我们买了一块新的网卡还是插回原来的槽中,但是网卡名字已经更改为eth1。这会导致之前的网络配置文件无法使用。这个情况在centos 7上得到了改善,这个我们第三章再做说明。
ifconfig命令(立即生效,但是重启系统后即失效)
ifconfig [interface]
# ifconfig -a
[root@localhost ~]
eth0 Link encap:Ethernet HWaddr 08:00:27:78:CB:FC
inet addr:192.168.0.114 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::a00:27ff:fe78:cbfc/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:189 errors:0 dropped:0 overruns:0 frame:0
TX packets:308 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:20800 (20.3 KiB) TX bytes:53808 (52.5 KiB)
Base address:0xd010 Memory:f0000000-f0020000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:560 (560.0 b) TX bytes:560 (560.0 b)
|
# ifconfig IFACE [up|down]
[root@localhost ~]
[root@localhost ~]
|
ifconfig interface [aftype] options | address ...
# ifconfig IFACE IP/mask [up]
# ifconfig IFACE IP netmask MASK
route命令(路由管理命令)
查看:route -n
[root@localhost ~]
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 eth0
|
添加:route add
route add [-net|-host] target [netmask Nm] [gw Gw] [[dev] If]
[root@localhost ~]
[root@localhost ~]
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.0.88 192.168.0.1 255.255.255.255 UGH 0 0 0 eth0
|
其中Flags为路由标志,标记当前网络节点的状态:
U Up表示此路由当前为启动状态
H Host,表示此网关为一主机
G Gateway,表示此网关为一路由器
R Reinstate Route,使用动态路由重新初始化的路由
D Dynamically,此路由是动态性地写入
M Modified,此路由是由路由守护程序或导向器动态修改
! 表示此路由当前为关闭状态
[root@localhost ~]
[root@localhost ~]
[root@localhost ~]
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.0.0 192.168.0.1 255.255.255.0 UG 0 0 0 eth0
|
[root@localhost ~]
[root@localhost ~]
[root@localhost ~]
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 eth0
|
删除:route del
route del [-net|-host] target [gw Gw] [netmask Nm] [[dev] If]
[root@localhost ~]
[root@localhost ~]
[root@localhost ~]
|
DNS服务器指定:
编辑:/etc/resolv.conf
nameserver DNS_SERVER_IP1(nameserver 8.8.8.8)
nameserver DNS_SERVER_IP2
nameserver DNS_SERVER_IP3
FQDN:(Fully Qualified Domain Name)完全合格域名/全称域名,是指主机名加上全路径,全路径中列出了序列中所有域成员。全域名可以从逻辑上准确地表示出主机在什么地方,也可以说全域名是主机名的一种完全表示形式。从全域名中包含的信息可以看出主机在域名树中的位置。DNS解析流程:首先查找本机HOSTS表,有的直接使用表中定义,没有查找网络连接中设置的DNS 服务器由他来解析。
正解:FQDN-->IP(www.google.com-->216.58.221.36)
# dig -t A FQDN
[root@localhost ~]
; <<>> DiG 9.3.4-P1 <<>> -t A www.google.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38677
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4
;; QUESTION SECTION(这里是我们疑问的问题):
;www.google.com. IN A
;; ANSWER SECTION(这里是我们回答我们的问题):
www.google.com. 370 IN A 216.58.221.36
;; AUTHORITY SECTION:
google.com. 11188 IN NS ns2.google.com.
google.com. 11188 IN NS ns1.google.com.
google.com. 11188 IN NS ns4.google.com.
google.com. 11188 IN NS ns3.google.com.
;; ADDITIONAL SECTION:
ns1.google.com. 30626 IN A 216.239.32.10
ns2.google.com. 12121 IN A 216.239.34.10
ns3.google.com. 21582 IN A 216.239.36.10
ns4.google.com. 10738 IN A 216.239.38.10
;; Query time: 12 msec
;; SERVER: 8.8.8.8
;; WHEN: Thu Sep 3 17:27:02 2015
;; MSG SIZE rcvd: 184
|
# host -t A FQDN
[root@localhost ~]
www.google.com has address 216.58.221.36
|
反解:IP-->FQDN(216.58.221.36-->www.google.com)
# dig -x IP
[root@localhost ~]
; <<>> DiG 9.3.4-P1 <<>> -x 216.58.221.36
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46451
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 4, ADDITIONAL: 4
;; QUESTION SECTION:
;36.221.58.216.in-addr.arpa. IN PTR
;; ANSWER SECTION:
36.221.58.216.in-addr.arpa. 281 IN PTR hkg08s13-in-f4.1e100.net.
36.221.58.216.in-addr.arpa. 281 IN PTR hkg08s13-in-f36.1e100.net.
;; AUTHORITY SECTION:
221.58.216.in-addr.arpa. 38624 IN NS ns1.google.com.
221.58.216.in-addr.arpa. 38624 IN NS ns3.google.com.
221.58.216.in-addr.arpa. 38624 IN NS ns2.google.com.
221.58.216.in-addr.arpa. 38624 IN NS ns4.google.com.
;; ADDITIONAL SECTION:
ns1.google.com. 30015 IN A 216.239.32.10
ns2.google.com. 11510 IN A 216.239.34.10
ns3.google.com. 20971 IN A 216.239.36.10
ns4.google.com. 10127 IN A 216.239.38.10
;; Query time: 13 msec
;; SERVER: 8.8.8.8
;; WHEN: Thu Sep 3 17:37:14 2015
;; MSG SIZE rcvd: 258
|
# host -t PTR IP
[root@localhost ~]
36.221.58.216.in-addr.arpa domain name pointer hkg08s13-in-f36.1e100.net.
36.221.58.216.in-addr.arpa domain name pointer hkg08s13-in-f4.1e100.net
|
netstat命令:
netstat - Print network connections, routing tables, interface statistics, masquerade connections, and multicast memberships
显示网络连接:
netstat [--tcp|-t] [--udp|-u] [--raw|-w] [--listening|-l] [--all|-a] [--numeric|-n] [--extend|-e[--extend|-e]] [--program|-p]
-t: tcp协议相关
-u: udp协议相关
-w: raw socket相关
-l: 处于监听状态
-a: 所有状态
-n: 以数字显示IP和端口;
-e:扩展格式
-p: 显示相关进程及PID
常用组合:
-tan, -uan, -tnl, -unl
[root@localhost ~]
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:833 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:6010 0.0.0.0:* LISTEN
tcp 0 0 :::22 :::* LISTEN
tcp 0 0 ::1:6010 :::* LISTEN
tcp 0 0 ::ffff:192.168.0.114:22 ::ffff:192.168.0.107:62362 ESTABLISHED
|
[root@localhost ~]
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:833 0.0.0.0:* LISTEN 1923/rpc.statd
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1894/portmap
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 2182/cupsd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2206/sendmail: acce
tcp 0 0 127.0.0.1:6010 0.0.0.0:* LISTEN 2508/0
tcp 0 0 :::22 :::* LISTEN 2167/sshd
tcp 0 0 ::1:6010 :::* LISTEN 2508/0
tcp 0 0 ::ffff:192.168.0.114:22 ::ffff:192.168.0.107:62362 ESTABLISHED 2508/0
|
显示路由表:
netstat {--route|-r} [--numeric|-n]
-r: 显示内核路由表
-n: 数字格式
[root@localhost ~]
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 eth0
|
显示接口统计数据:
netstat {--interfaces|-I|-i} [iface] [--all|-a] [--extend|-e] [--program|-p] [--numeric|-n]
-i:显示所有接口的统计数据
[root@localhost ~]
Kernel Interface table
Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0 1500 0 8234 0 0 0 6545 0 0 0 BMRU
lo 16436 0 34 0 0 0 34 0 0 0 LRU
|
-I IFACE:显示IFACE接口的统计数据(-I接口,参数和接口之间不用空格,直接连着打)
[root@localhost ~]
Kernel Interface table
Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0 1500 0 8265 0 0 0 6559 0 0 0 BMRU
|
ip命令:
ip - show / manipulate routing, devices, policy routing and tunnels
ip [ OPTIONS ] OBJECT { COMMAND | help }
OBJECT := { link | addr | route }
link OBJECT:
ip link - network device configuration
set dev IFACE up:禁用指定接口
set dev IFACE down:禁用指定接口
[root@localhost ~]
[root@localhost ~]
|
show
[dev IFACE]:指定接口
[root@localhost ~]
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 08:00:27:4d:f1:47 brd ff:ff:ff:ff:ff:ff
|
ip addr - protocol address management
ip addr { add | del } IFADDR dev STRING
[label LABEL]:添加地址时指明网卡别名
[scope {global(全局可用)|link(仅链接可用)|host(本机可用)}]:指明作用域
[broadcast ADDRESS]:指明广播地址
[root@localhost ~]
[root@localhost ~]
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 08:00:27:78:cb:fc brd ff:ff:ff:ff:ff:ff
inet 192.168.0.114/24 brd 192.168.0.255 scope global eth0
inet 192.168.0.222/24 scope global secondary eth0:0
inet6 fe80::a00:27ff:fe78:cbfc/64 scope link
valid_lft forever preferred_lft forever
|
ip addr show - look at protocol addresses
[dev DEVICE]
[label PATTERN]
[root@localhost ~]
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 08:00:27:78:cb:fc brd ff:ff:ff:ff:ff:ff
inet 192.168.0.114/24 brd 192.168.0.255 scope global eth0
inet 192.168.0.222/24 scope global secondary eth0:0
inet6 fe80::a00:27ff:fe78:cbfc/64 scope link
valid_lft forever preferred_lft forever
|
ip addr flush - flush protocol addresses
[dev DEVICE]:清空指定设备的所有IP地址,慎用,一执行所有IP地址都清空
ip route - routing table management
添加路由:ip route add TARGET via GW dev IFACE src SOURCE_IP
TARGET:主机路由直接输入IP。网络路由:NETWORK/MASK,地址加掩码
[root@localhost ~]
[root@localhost ~]
192.168.0.88 via 192.168.0.1 dev eth0
|
添加网关:ip route add defalt via GW dev IFACE
ip route delete
删除路由:ip route del TARGET
ip route show
[root@localhost ~]
192.168.0.88 via 192.168.0.1 dev eth0
|
ip route flush
dev IFACE:清空指定设备的所有路由条目
ss和netstat都是用来查看网络状态的。但是在连接数异常多的时候ss的性能会比netstat快几倍。所以在连接数很多的时候建议使用ss
ss查看网络状态工具命令:
格式:ss [OPTION]... [FILTER]
选项:
-t: tcp协议相关
-u: udp协议相关
-w: 裸套接字相关
-x:unix sock相关
-l: listen状态的连接
-a: 所有
-n: 数字格式
-p: 相关的程序及PID
-e: 扩展的信息
-m:内存用量
-o:计时器信息
FILTER := [ state TCP-STATE ] [ EXPRESSION ]
TCP的常见状态:
tcp finite state machine:
LISTEN: 监听
ESTABLISHED:已建立的连接
FIN_WAIT_1
FIN_WAIT_2
SYN_SENT
SYN_RECV
CLOSED
EXPRESSION:
dport =
sport =
示例:’( dport = :ssh or sport = :ssh )’
常用组合:
-tan, -tanl, -tanlp, -uan
(责任编辑:IT) |