6.2 KiB
6.2 KiB
1、ARP
- -a # 主机 :显示 arp 缓冲区的所有条目;
- -H # 地址类型 :指定 arp 指令使用的地址类型;
- -d # 主机 :从 arp 缓冲区中删除指定主机的 arp 条目;
- -D # 使用指定接口的硬件地址;
- -e # 以 Linux 的显示风格显示 arp 缓冲区中的条目;
- -i # 接口 :指定要操作 arp 缓冲区的网络接口;
- -s # 主机 MAC 地址 :设置指定的主机的 IP 地址与 MAC 地址的静态映射;
- -n # 以数字方式显示 arp 缓冲区中的条目;
- -v # 显示详细的 arp 缓冲区条目,包括缓冲区条目的统计信息;
- -f # 文件 :设置主机的 IP 地址与 MAC 地址的静态映射。
[root@centos ~]#arp -a
目标地址 MAC地址 接口
? (169.254.0.138) at fe:ee:e4:1e:74:cd [ether] on eth0
? (169.254.0.83) at fe:ee:e4:1e:74:cd [ether] on eth0
? (169.254.0.15) at fe:ee:e4:1e:74:cd [ether] on eth0
2、netstat
netstat 命令
- -t:tcp协议相关
- -u:udp协议相关
- -l:监听状态的
- -a:所有状态
- -n:显示ip和端口
- -p:显示进程
- -I:指定网卡
root@jumpserver:~# netstat -s
Ip: //与 IP 协议相关的统计信息。
Forwarding: 2 //如果该值为 2,表示 IP 转发(路由)已启用。
64972 total packets received //接收到的总数据包数量
0 forwarded
0 incoming packets discarded //成功传递到上层协议(如 TCP 或 UDP)的数据包数量。
64972 incoming packets delivered
47450 requests sent out
20 outgoing packets dropped
4 dropped because of missing route
Icmp:
43 ICMP messages received //
0 input ICMP message failed
ICMP input histogram:
destination unreachable: 43
43 ICMP messages sent
0 ICMP messages failed
ICMP output histogram:
destination unreachable: 43
IcmpMsg:
InType3: 43
OutType3: 43
Tcp:
51 active connection openings //主动打开的 TCP 连接数量(由本机发起)。
2992 passive connection openings //被动打开的 TCP 连接数量(由远程机器发起)。
0 failed connection attempts
66 connection resets received
1 connections established
64420 segments received
47156 segments sent out
9 segments retransmitted
0 bad segments received
76 resets sent
Udp:
240 packets received
41 packets to unknown port received
0 packet receive errors
284 packets sent
0 receive buffer errors
0 send buffer errors
IgnoredMulti: 228
UdpLite:
TcpExt:
31 TCP sockets finished time wait in fast timer
132 delayed acks sent
1 delayed acks further delayed because of locked socket
Quick ack mode was activated 3438 times
13014 packet headers predicted
16401 acknowledgments not containing data payload received
12784 predicted acknowledgments
1 congestion windows recovered without slow start after partial ack
TCPLostRetransmit: 3
TCPTimeouts: 6
TCPLossProbes: 3
TCPBacklogCoalesce: 49
TCPDSACKOldSent: 3438
TCPDSACKRecv: 4
2 connections reset due to unexpected data
57 connections reset due to early user close
TCPDSACKIgnoredNoUndo: 4
TCPRcvCoalesce: 852
TCPAutoCorking: 17
TCPSynRetrans: 2
TCPOrigDataSent: 27013
TCPDelivered: 26990
TcpTimeoutRehash: 6
TcpDuplicateDataRehash: 168
TCPDSACKRecvSegs: 4
IpExt:
InBcastPkts: 228
InOctets: 20619636
OutOctets: 8344373
InBcastOctets: 55089
InNoECTPkts: 68885
InECT0Pkts: 2992
MPTcpExt:
root@jumpserver:~# netstat -n | grep TIME_WAIT | wc -l
3
root@jumpserver:~# netstat -ntlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 874/sshd: /usr/sbin
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 672/systemd-resolve
tcp6 0 0 :::22 :::* LISTEN 874/sshd: /usr/sbin
3、nload
nload -m
4、ip
root@jumpserver:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens32: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:8c:8d:89 brd ff:ff:ff:ff:ff:ff
altname enp2s0
inet 192.168.30.100/24 brd 192.168.30.255 scope global ens32
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe8c:8d89/64 scope link
valid_lft forever preferred_lft forever
root@jumpserver:~# ip route
default via 192.168.30.250 dev ens32 proto static
192.168.30.0/24 dev ens32 proto kernel scope link src 192.168.30.100
ip route add 目标ip via 转发设备(网关) dev 网卡 src 源IP
root@jumpserver:~# ip route add 192.168.30.201 via 192.168.30.11 dev ens32
root@jumpserver:~# ip route
default via 192.168.30.250 dev ens32 proto static
192.168.30.0/24 dev ens32 proto kernel scope link src 192.168.30.100
192.168.30.201 via 192.168.30.11 dev ens32
root@jumpserver:~# ip route del 192.168.30.201
root@jumpserver:~# ip route
default via 192.168.30.250 dev ens32 proto static
192.168.30.0/24 dev ens32 proto kernel scope link src 192.168.30.100
ip route get 目标地址
5、ss
-n, --numeric 不解析服务名称
-a, --all 显示所有套接字(sockets)
-l, --listening 显示监听状态的套接字(sockets)
-m, --memory 显示套接字(socket)的内存使用情况
-p, --processes 显示使用套接字(socket)的进程
-i, --info 显示 TCP内部信息
-4, --ipv4 仅显示IPv4的套接字(sockets)
-6, --ipv6 仅显示IPv6的套接字(sockets)
-0, --packet 显示 PACKET 套接字(socket)
-t, --tcp 仅显示 TCP套接字(sockets)
-u, --udp 仅显示 UCP套接字(sockets)
root@jumpserver:~# ss -4 state time-wait | wc -l
4