## 1、ARP - -a # 主机 :显示 arp 缓冲区的所有条目; - -H # 地址类型 :指定 arp 指令使用的地址类型; - -d # 主机 :从 arp 缓冲区中删除指定主机的 arp 条目; - -D # 使用指定接口的硬件地址; - -e # 以 Linux 的显示风格显示 arp 缓冲区中的条目; - -i # 接口 :指定要操作 arp 缓冲区的网络接口; - -s # 主机 MAC 地址 :设置指定的主机的 IP 地址与 MAC 地址的静态映射; - -n # 以数字方式显示 arp 缓冲区中的条目; - -v # 显示详细的 arp 缓冲区条目,包括缓冲区条目的统计信息; - -f # 文件 :设置主机的 IP 地址与 MAC 地址的静态映射。 ```shell [root@centos ~]#arp -a 目标地址 MAC地址 接口 ? (169.254.0.138) at fe:ee:e4:1e:74:cd [ether] on eth0 ? (169.254.0.83) at fe:ee:e4:1e:74:cd [ether] on eth0 ? (169.254.0.15) at fe:ee:e4:1e:74:cd [ether] on eth0 ``` ## 2、netstat netstat 命令 - -t:tcp协议相关 - -u:udp协议相关 - -l:监听状态的 - -a:所有状态 - -n:显示ip和端口 - -p:显示进程 - -I:指定网卡 ```shell root@jumpserver:~# netstat -s Ip: //与 IP 协议相关的统计信息。 Forwarding: 2 //如果该值为 2,表示 IP 转发(路由)已启用。 64972 total packets received //接收到的总数据包数量 0 forwarded 0 incoming packets discarded //成功传递到上层协议(如 TCP 或 UDP)的数据包数量。 64972 incoming packets delivered 47450 requests sent out 20 outgoing packets dropped 4 dropped because of missing route Icmp: 43 ICMP messages received // 0 input ICMP message failed ICMP input histogram: destination unreachable: 43 43 ICMP messages sent 0 ICMP messages failed ICMP output histogram: destination unreachable: 43 IcmpMsg: InType3: 43 OutType3: 43 Tcp: 51 active connection openings //主动打开的 TCP 连接数量(由本机发起)。 2992 passive connection openings //被动打开的 TCP 连接数量(由远程机器发起)。 0 failed connection attempts 66 connection resets received 1 connections established 64420 segments received 47156 segments sent out 9 segments retransmitted 0 bad segments received 76 resets sent Udp: 240 packets received 41 packets to unknown port received 0 packet receive errors 284 packets sent 0 receive buffer errors 0 send buffer errors IgnoredMulti: 228 UdpLite: TcpExt: 31 TCP sockets finished time wait in fast timer 132 delayed acks sent 1 delayed acks further delayed because of locked socket Quick ack mode was activated 3438 times 13014 packet headers predicted 16401 acknowledgments not containing data payload received 12784 predicted acknowledgments 1 congestion windows recovered without slow start after partial ack TCPLostRetransmit: 3 TCPTimeouts: 6 TCPLossProbes: 3 TCPBacklogCoalesce: 49 TCPDSACKOldSent: 3438 TCPDSACKRecv: 4 2 connections reset due to unexpected data 57 connections reset due to early user close TCPDSACKIgnoredNoUndo: 4 TCPRcvCoalesce: 852 TCPAutoCorking: 17 TCPSynRetrans: 2 TCPOrigDataSent: 27013 TCPDelivered: 26990 TcpTimeoutRehash: 6 TcpDuplicateDataRehash: 168 TCPDSACKRecvSegs: 4 IpExt: InBcastPkts: 228 InOctets: 20619636 OutOctets: 8344373 InBcastOctets: 55089 InNoECTPkts: 68885 InECT0Pkts: 2992 MPTcpExt: ``` ```shell root@jumpserver:~# netstat -n | grep TIME_WAIT | wc -l 3 ``` ```shell root@jumpserver:~# netstat -ntlp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 874/sshd: /usr/sbin tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 672/systemd-resolve tcp6 0 0 :::22 :::* LISTEN 874/sshd: /usr/sbin ``` ## 3、nload ```shell nload -m ``` ## 4、ip ```shell root@jumpserver:~# ip a 1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens32: mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 00:0c:29:8c:8d:89 brd ff:ff:ff:ff:ff:ff altname enp2s0 inet 192.168.30.100/24 brd 192.168.30.255 scope global ens32 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:fe8c:8d89/64 scope link valid_lft forever preferred_lft forever ``` ```shell root@jumpserver:~# ip route default via 192.168.30.250 dev ens32 proto static 192.168.30.0/24 dev ens32 proto kernel scope link src 192.168.30.100 ``` ```shell ip route add 目标ip via 转发设备(网关) dev 网卡 src 源IP root@jumpserver:~# ip route add 192.168.30.201 via 192.168.30.11 dev ens32 root@jumpserver:~# ip route default via 192.168.30.250 dev ens32 proto static 192.168.30.0/24 dev ens32 proto kernel scope link src 192.168.30.100 192.168.30.201 via 192.168.30.11 dev ens32 ``` ```shell root@jumpserver:~# ip route del 192.168.30.201 root@jumpserver:~# ip route default via 192.168.30.250 dev ens32 proto static 192.168.30.0/24 dev ens32 proto kernel scope link src 192.168.30.100 ``` ```shell ip route get 目标地址 ``` ## 5、ss ```shell -n, --numeric 不解析服务名称 -a, --all 显示所有套接字(sockets) -l, --listening 显示监听状态的套接字(sockets) -m, --memory 显示套接字(socket)的内存使用情况 -p, --processes 显示使用套接字(socket)的进程 -i, --info 显示 TCP内部信息 -4, --ipv4 仅显示IPv4的套接字(sockets) -6, --ipv6 仅显示IPv6的套接字(sockets) -0, --packet 显示 PACKET 套接字(socket) -t, --tcp 仅显示 TCP套接字(sockets) -u, --udp 仅显示 UCP套接字(sockets) ``` ```shell root@jumpserver:~# ss -4 state time-wait | wc -l 4 ```