Shulou(Shulou.com)06/02 Report--

1. Ping command

The ping command is a commonly used network command, which is usually used to test connectivity to the target host.

Ping command:-c #: number of ping packets-s #: size of ping packets-w #: waiting time-W #: length of waiting for an ping request-f: limit detection. Send a large number of network packets to a machine quickly and see its response-I seconds: set an interval of a few seconds to send a network packet to a machine. The default value is to send a network packet to a machine once a second: set the size of the survival value TTL

Example:

[root@young ~] # ping-f-c 65535-s 20000 192.168.1.6 # flooding * * PING 192.168.1.6 (192.168.1.6) 20000 (20028) bytes of data. [root@young ~] # ping-w 5 192.168.1.1 # specify waiting time 5sPING 192.168.1.1 (192.168.1.1) 56 (84) bytes of data.64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 Time=1.10 ms64 bytes from 192.168.1.1: icmp_seq=2 ttl=64 time=1.19 ms64 bytes from 192.168.1.1: icmp_seq=3 ttl=64 time=1.30 ms64 bytes from 192.168.1.1: icmp_seq=4 ttl=64 time=1.23 ms64 bytes from 192.168.1.1: icmp_seq=5 ttl=64 time=0.944 ms--- 192.168.1.1 ping statistics-- 5 packets transmitted 5 received, 0 packet loss Time 5000msrtt min/avg/max/mdev = 0.944 bytes of data.64 bytes from 1.156 ms 1.307 ms [root@young ~] # ping-c 3 192.168.1.1 # specify the number of times as 3PING 192.168.1.1 (192.168.1.1) 56 (84) icmp_seq=1 ttl=64 time=1.14 ms64 bytes from 192.168.1.1: icmp_seq=2 ttl=64 time=0.858 ms64 bytes from 192.168.1 .1: icmp_seq=3 ttl=64 time=1.12 ms--- 192.168.1.1 ping statistics-3 packets transmitted 3 received, 0% packet loss, time 2006msrtt min/avg/max/mdev = 0.858, 1.041 packet loss, 1.146, 0.135 ms, traceroute command

Through traceroute, we can know the path of information from your computer to the host on the other side of the Internet. Of course, each packet from the same starting point (source) to a certain same destination (destination) may take a different path, but basically, most of the time the route is the same. In linux system, we call it traceroute, and in MS Windows, it is tracert. Traceroute measures how long it takes to send a small packet to the destination device until it returns. The traceroute of each device on a path is tested 3 times. The output includes the time of each test (ms) and the name of the device, if any, and its IP address.

Description: the tracepath command is similar to the traceroute command, but does not require root permission.

Common options:

-TTL: sets the size of the maximum survival value for detection packets, TTL. -n: use the IP address instead of the host name directly. -packs: set the communication port of UDP transport protocol-Qpackets: set the number of detection packets per hop. By default, three-r ignore ordinary Routing Table and send the packets directly to the remote host.

Example:

[root@bash young] # traceroute-m 5-Q 4-n www.baidu.com traceroute to www.baidu.com (115.239.211.112), 5 hops max 60 byte packets 1 192.168.1.1 6.188 ms 5.990 ms 5.868 ms 5.753 ms 2 100.65.0.1 5.638 ms 5.522 ms 6.447 ms 9.321 ms 3 60.235.65.145 9.133 ms 9.311 ms 9.179 ms 11.035 ms 4 60.235.64.81 20.402 ms 20.297 ms 20.226 ms 20.573 ms 5 202.97.40.101 27.015 ms 26.890 ms 202.97.40 .149 29.884 ms 202.97.40.141 26.662 ms 3. Mtr command

Mtr is a network connectivity judgment tool in Linux, which combines the relevant features of ping and traceroute,nslookup.

Common parameters:

-s: used to specify the size of ping packets-no-dns: do not do domain name resolution for IP addresses-a: to set the IP address for sending packets this is useful for a host with multiple IP addresses-I: use this parameter to set the requirement between ICMP returns defaults to 1 second-4:IPv4-6:IPv6

Example:

[root@bash young] # mtr-- no-dns 8.8.8.8 My traceroute [v0.85] bash (0.0.0.0) Mon Feb 13 22:35:30 2017Keys: Help Display mode Restart statistics Order of fields quit Packets Pings Host Loss% Snt Last Avg Best Wrst StDev 1. 192.168.1.1 0.0% 18 3.3 1.60.9 3.3 0.5 2.100. 65.0.1 0.0% 18 5.1 7.0 3.6 19.5 4.5 3.60.235.65.141 0.0% 18 6.1 6.4 5.7 8.8 0.8 4. 60.235.64.109 0.0% 18 28.1 22.1 12.5 58.5 13.4.

The example of the above report shows:

The first column: shows the IP address and native domain name, which is very similar to traceroute

The second column: snt:10 sets the number of packets sent per second. The default value of 10 can be specified by the parameter-c.

The third column: shows the packet loss rate for each corresponding IP

Fourth column: the most recent return delay displayed

The fifth column is the average. This should be the average delay of sending ping packets.

The sixth column is the best or the shortest delay.

Column 7: the worst or the most common delay

Column 8: standard deviation

4. Netstat command

The netstat command is used to display statistics related to the IP, TCP, UDP, and ICMP protocols, and is generally used to verify the network connectivity of each port of the machine. Netstat is a program that accesses network and related information in the kernel. It can provide reports on TCP connection, TCP and UDP snooping, and process memory management.

Common options:

-r: display routing table-n: numeric, numeric format shows host address-t: connections related to tcp protocol-u: connections related to udp protocol-l: show connections in listening state; indicate: passively open services waiting for client access;-p: display process program name and process number in connection status -a: all connections-ta: all connections related to tcp-s: statistics by protocol-e: display extended information, such as uid, etc.-c: execute the netstat command at fixed intervals

Example:

1) display lists all ports (including listening and unlistening)

[root@bash young] # netstat-aActive Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 localhost:discp-client 0.0.0.0 Proto Recv-Q Send-Q Local Address Foreign Address State tcp * LISTEN tcp 0 0 0.0.0.0:mysql 0.0.0.0 aActive Internet connections * LISTEN tcp 0 0 0.0.0.0:x11 0.0.0.0 localhost:ipp * LISTEN tcp 0 0 0.0.0.0:ssh 0.0.0.0 LISTEN tcp 0 0 localhost:ipp 0.0.0.0 0.0.0.0:ssh 0 0 Localhost:smtp 0.0.0.0 LISTEN tcp 0 96 192.168.1.6:ssh 192.168.1.105 192.168.1.6:ssh 27443 ESTABLISHEDtcp 0 192.168.1.6 116.211.167.193:http TIME_WAIT 59947 116.211.167.193:http TIME_WAIT... Active UNIX domain sockets (servers and established) Proto RefCnt Flags Type State I -Node Pathunix 2 [ACC] STREAM LISTENING 20526 private/localunix 2 [ACC] STREAM LISTENING 20529 private/virtual...

Description:

Overall, the output of netstat can be divided into two parts:

One is Active Internet connections, which is called an active TCP connection, where "Recv-Q" and "Send-Q" refer to% 0A's receive queue and send queue. These numbers are generally supposed to be zero. If not, the package is piling up in the queue. This can only be seen in very rare cases.

The other is Active UNIX domain sockets, called the active Unix domain socket (like network sockets, but only for native communication, and performance can be doubled). Proto shows the protocol used for the connection, RefCnt indicates the process number connected to this socket, Types shows the type of socket, State shows the current status of the socket, and Path indicates the path name used by other processes connected to the socket.

2) list all tcp ports netstat-at

[root@bash young] # netstat-atActive Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 localhost:discp-client 0.0.0.0 Proto Recv-Q Send-Q Local Address Foreign Address State tcp * LISTEN tcp 0 0 0.0.0.0:mysql 0.0.0.0 atActive Internet connections * LISTEN tcp 0 0 0.0.0.0:x11 0.0.0.0 * LISTEN...

3) list all udp ports netstat-au

[root@bash young] # netstat-auActive Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State udp 0 0 localhost:323 0.0.0.0 Proto Recv-Q Send-Q Local Address Foreign Address State udp * udp6 0 0 localhost:323 [:]: *

4) only the listening port netstat-l is displayed

[root@bash young] # netstat-lActive Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 localhost:discp-client 0.0.0.0 Proto Recv-Q Send-Q Local Address Foreign Address State tcp * LISTEN tcp 0 0 0.0.0.0:mysql 0.0.0.0 lActive Internet connections * LISTEN tcp 0 0 0.0.0.0:x11 0.0.0.0 * LISTEN

5) list only all listening udp ports netstat-lu

[root@bash young] # netstat-luActive Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State udp 0 0 localhost:323 0.0.0.0 Proto Recv-Q Send-Q Local Address Foreign Address State udp * udp6 0 0 localhost:323 [:]: *

Description: only shows that the listening tcp port is netstat-tl, and only the listening unix port is netstat-lx

6) display statistics for all ports netstat-s

[root@bash young] # netstat-sIp: 1409453 total packets received 0 forwarded 0 incoming packets discarded 1262997 incoming packets delivered 1279112 requests sent out...

7) display statistics for TCP or UDP ports netstat-st or-su

# netstat-st # netstat-su

8) display PID and process name netstat-p in the netstat output

[root@bash young] # netstat-tpActive Internet connections (w servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 96 192.168.1.6:ssh 192.168.1.105 ESTABLISHED 45793/sshd 27443 ESTABLISHED 45793/sshd: root@pt tcp 00 192.168.1.6 servers 60000 116.211.167.193:http TIME_WAIT -.

9) the host, port and user name (host, port or user) are not displayed in the netstat output

# netstat-an

10) continuously output netstat information

# netstat-c5, ss command

Ss is the abbreviation of Socket Statistics. As the name implies, the ss command can be used to get socket statistics, which can display something similar to netstat. But the advantage of ss is that it can display more and more detailed information about TCP and connection status, and is faster and more efficient than netstat.

Tip: why ss is faster than netstat

Netstat traverses every PID directory under / proc, and ss reads the statistics under / proc/net directly. So the execution of ss consumes much less resources and time than netstat.

Common options:

-t: tcp protocol related-u: udp-p: process-l: listening-n: numeric-a: all-e: extension information-m: memory usage information-o state {established | fin_wait_1 | listening |.}

Tip: the basic usage of ss is the same as that of netstat. The following examples list only different uses.

Example:

1) ss lists connections in all http connections

[root@bash young] # ss-o state established'(dport =: http or sport =: http) 'Netid Recv-Q Send-Q Local Address:Port Peer Address:Port tcp 00 192.168.1.6 root@bash young 50036 118.144.78.39:http tcp 0 0 192.168.1.6 60218 116.211.167.193:http timer: (keepalive 9.506ms 116.211.167.193:http 0) tcp 0 0 192.168.1.6 purl 60214 116.211.167.193:http

Description: the above includes 80% provided to the outside world, and 80% access to the outside

2) list which local processes are connected to x server

# ss-x src / tmp/.X11-unix/*

3) list the http and https connections in the FIN-WAIT-1 state

[root@bash young] # ss-o state fin-wait-1'(sport =: http or sport =: https)'# Note that the space in parentheses must exist, otherwise the syntax error Netid Recv-Q Send-Q Local Address:Port Peer Address:Port

Common state status of ss:

Establishedsyn-sentsyn-recvfin-wait-1fin-wait-2time-waitclosedclose-waitlast-acklistenclosingall: All of the above statesconnected: All the states except for listen and closedsynchronized: All the connected states except for syn-sentbucket: Show states, which are maintained as minisockets, i.e. Time-wait and syn-recv.big: Opposite to bucket state.

4) ss uses IP address filtering

[root@bash young] # ss src 192.168.1.6Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port udp ESTAB 00 192.168.1.6:57449 83.168.200.199:ntp udp ESTAB 00 192.168.1 . 6:36484 173.255.215.209:ntp tcp ESTAB 0 96 192.168.1.6:ssh 192.168.1.105:27443

Description:

Ss src ADDRESS_PATTERN [: PORT] src: indicates source ADDRESS_PATTERN: indicates address rule

5) ss uses port filtering

Ss dport OP PORTOP: is the operator PORT: indicates the port dport: indicates the filter target port, on the contrary, the sportOP operator is as follows: = or ge: greater than or equal to = = or eq: equal to! = or ne: not equal to the port

Or gt: greater than port

OP instance:

Ss sport =: http can also be ss sport =: 80ss dport =: httpss dport\ >: 1024 # Note character escape ss sport\ >: 1024 ss sport\ <: 32000ss sport eq: 22ss dport! =: 22ss state connected sport =: httpss\ (sport =

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.