Shulou(Shulou.com)06/01 Report--

This article is to share with you what are the contents of the network commands in Linux. The editor thinks it is very practical, so share it with you as a reference and follow the editor to have a look.

Whether you want to download files, diagnose network problems, manage network interfaces, or view network statistics, there are terminal commands that can be done.

The contents are as follows:

1. Ping sends TCMP echo request message and waits for TCMP echo reply to be returned.

Ping [OPTIONS]... Destination

The destination destination here can be the destination IP address or the domain name / hostname option-c specifies the number of times to send the request message. When the ping does not have any option, the request message will be sent by default in linux until it is manually terminated.

[root@centos7] # ping-c 3 www.baidu.comPING www.a.shifen.com (61.135.169.121) 56 (84) bytes of data.64 bytes from 61.135.169.121: icmp_seq=1 ttl=52 time=1.35 ms64 bytes from 61.135.169.121: icmp_seq=2 ttl=52 time=1.32 ms64 bytes from 61.135.169.121: icmp_seq=3 ttl=52 time=1.22 ms--- www.a.shifen.com ping statistics-3 packets transmitted, 3 received, 0 packet loss Time 2003msrtt min/avg/max/mdev = 1.225 ms 1.303 ms 1.359 ms

First, the ping program sends a request to the domain name server (DNS) to resolve the IP address of the domain name www.baidu.com. DNS returns an alias www.a.shifen.com of the domain name and the corresponding IP address 61.135.169.121. Then the ping program sends a request message to this address, one every 1s, and ping receives the ICMP echo reply and displays the results on the terminal, including ICMP sequence number (icmp_seq), time to live (ttl) and packet round-trip time (time). Finally, the summary information is given, including the total sending and receiving of messages, the total time, the minimum value, average value, maximum value and average deviation of round-trip time (the larger the network is, the more unstable the network is).

[root@centos7 ~] # ping www.a.comping: unknown host www.a.com

When the destination domain name cannot resolve the IP address, the error of the unknown host will be reported.

[root@centos7] # ping 192.168.0.1PING 192.168.0.1 (192.168.0.1) 56 (84) bytes of data ^ C # here press the CTRL+C key to manually terminate the process-192.168.0.1 ping statistics-6 packets transmitted, 0 received, 100% packet loss, time 4999ms

No ICMP echo message will be received when the destination IP address is not routed

[root@centos7] # ping-c2 10.0.1.2PING 10.0.1.2 (10.0.1.2) 56 (84) bytes of data.From 10.0.1.254 icmp_seq=1 Destination Host UnreachableFrom 10.0.1.254 icmp_seq=2 Destination Host Unreachable--- 10.0.1.2 ping statistics-2 packets transmitted, 0 received, + 2 errors, 100% packet loss, time 999mspipe 2

Displays a destination unreachable error (Destination Host Unreachable) when there is a route to the destination IP but cannot be reached. ICMP echo replies also include other types such as timeouts (request time out).

2. Hostname displays or sets the system hostname

Hostname [OPTIONS]... [NAME]

When you execute the command hostname directly, the hostname is displayed:

[root@centos7 temp] # hostnamecentos7 [root@centos7 temp] #

This hostname is returned by the system's gethostname (2) function. You can change the hostname temporarily by executing the command hostname NAME:

[root@centos7 temp] # hostnameNAME [root@centos7 temp] # hostnameNAME

This temporary modification is actually a change to a kernel parameter in linux kernel that is also hostname, which is stored in / proc/sys/kernel/hostname. If permanent modification is required, you need to modify / etc/hostname in the configuration file / etc/sysconfig/network,centos7. It should be noted that if the hostname in the configuration file is localhost or localhost.localdomain, the system will get the IP address of the network interface, use this address to find the corresponding hostname in the / etc/hosts file, and then set it to the final hostname.

3. Host DNS query

Host name

The host command queries the IP address of name through the DNS server specified in the configuration file / etc/resolv.conf:

[root@centos7 temp] # host www.baidu.comwww.baidu.com is an alias for www.a.shifen.com.www.a.shifen.com has address 61.135.169.121www.a.shifen.com has address 61.135.169.125

4 、 dig DNS

The syntax of the dig and host commands are the same, but provide more detailed information and more options:

[root@centos7] # dig www.baidu.com; > DiG 9.9.4-RedHat-9.9.4-29.el7_2.2 > www.baidu.com;; global options: + cmd;; Got answer:;;-> > HEADER#53 (223.5.5.5); WHEN: April 10, November 10, 12:31:20 CST 2016; MSG SIZE rcvd: 90 [root@centos7] #

If you only query the A record of the domain name and display it in a short format:

[root@centos7 ~] # dig www.baidu.com A + shortwww.a.shifen.com.61.135.169.12561.135.169.121 [root@centos7 ~] #

Or:

[root@centos7] # dig + nocmd www.baidu.com A + noall + answerwww.baidu.com. 252 IN CNAME www.a.shifen.com.www.a.shifen.com. 252 IN A 61.135.169.125www.a.shifen.com. 252 IN A 61.135.169.121

You can also specify the DNS server as @ server:

[root@centos7] # dig + noall + answer www.baidu.com A @ 8.8.8.8www.baidu.com. 21 IN CNAME www.a.shifen.com.www.a.shifen.com. 263 IN A 61.135.169.125www.a.shifen.com. 263 IN A 61.135.169.121

For more commands and options, please man yourself

5. Traceroute or tracepath route trace

[root@centos7 ~] # tracepath www.baidu.com1?: [LOCALHOST] pmtu 15001: 10.0.1.103 0.396ms1: 10.0.1.103 0.350ms2: 210.51.161.1 1.187ms asymm 33: 210.51.161.1 8.186ms4: 210.51.175.81 1.117ms5: 61.148.142.61 8.554ms asymm 126: 61.148.147.13 1.694ms asymm 127: 123.126.8.117 3.934ms asymm 108: 61.148.155.46 2.703ms asymm 10....

Only part of the output is listed here, indicating that the route traced to the destination address is returned at each hop.

6. Ifconfig configure network interface

Displays information for all network interfaces when the command has no parameters:

[root@centos7] # ifconfigens32: flags=4163 mtu 1500 inet 172.20.71.254 netmask 255.255.255.0 broadcast 172.20.71.255 inet6 fe80::250:56ff:fea4:fe34 prefixlen 64 scopeid 0x20 ether 00:50:56:a4:fe:34 txqueuelen 1000 (Ethernet) RX packets 11996157 bytes 775368588 (739.4 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 12 bytes 888 (888.0 B) TX errors 0 Dropped 0 overruns 0 carrier 0 collisions 0ens33: flags=4163 mtu 1500 inet 10.0.1.254 netmask 255.255.255.0 broadcast 10.0.1.255 inet6 fe80::250:56ff:fea4:a09 prefixlen 64 scopeid 0x20 ether 00:50:56:a4:0a:09 txqueuelen 1000 (Ethernet) RX packets 20941185 bytes 1307830447 (1.2 GiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 147552 bytes 11833605 (11.2MiB) TX errors 0 Dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73 mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6:: 1 prefixlen 128 scopeid 0x10 loop txqueuelen 1 (Local Loopback) RX packets 0 bytes 0 (0.0B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@centos7 ~] #

This example shows the information of the two network cards ens32 and ens33 and the loop return lo, including the mtu,ip address, mask, mac address, the amount of data transmitted and received, and so on. Option-s displays concise information:

[root@idc-v-71253 ~] # ifconfig-s ens32Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flgens32 1500 11996951 00 0 12 00 BMRU

For example, add a new address 10.0.1.4 to ens33:

[root@centos7 ~] # ifconfig ens33:0 10.0.1.4 PG 24 up [root@centos7 ~] # ifconfig ens33:0ens33:0: flags=4163 mtu 1500 inet 10.0.1.4 netmask 255.255.255.0 broadcast 10.0.1.255 ether 00:50:56:a4:0a:09 txqueuelen 1000 (Ethernet) command / 24 indicates the mask of the interface address, and up indicates that the interface is enabled. Note that if the ip address is already in use, it will still be set successfully, but there may be conflicts when this address is accessed. Deactivate an API: [root@centos7 ~] # ifconfig ens33:0 down

If you need to permanently add or modify the address of the current interface, it is best to directly edit the IPADDR field in the Nic configuration file / etc/sysconfig/network-scripts/ifcfg-ens33 (other systems change to the corresponding file), and then restart the network systemctl restart network or service network restart to take effect.

7. Arp and arping

The command arp displays the system's arp cache and commands arping to send ARP requests to neighboring hosts.

[root@idc-v-71253 ~] # arp-a? (10.0.1.1) at 68:8f:84:01:f1:ff [ether] on ens33? (10.0.1.102) at 00:50:56:a4:18:9a [ether] on ens33? (10.0.1.254) at 00:50:56:a4:a9:16 [ether] on ens33? (10.0.1.10) at 00:50:56:a4:d2: E4 [ether] on ens33? (10.0.1.104) at 00:50:56:a4:37:a7 [ether] on ens33

? Indicates an unknown domain name, and the last Nic name indicates that if the network interface corresponding to the arp entry finds that an address is unstable, you can use arping to test whether the address is a MAC address conflict:

[root@centos7 ~] # arping 10.0.1.252-I ens33ARPING 10.0.1.252 from 10.0.1.254 ens33Unicast reply from 10.0.1.252 [00:50:56:A4:65:71] 0.843msUnicast reply from 10.0.1.252 [00:50:56:A4:0A:09] 1.034ms

The MAC addresses in the two returned messages are different, indicating that two NICs are configured with the same IP address. Option-I specifies the network interface on which the arp request is sent. If you have just changed the IP address of the Nic, but the arp entry of the upstream device (such as the switch) is still old, you can use arping to force the refresh:

[root@centos7] # arping-c3-I ens33-s 10.0.1.254 10.0.1.1ARPING 10.0.1.1 from 10.0.1.254 ens33Unicast reply from 10.0.1.1 [68:8F:84:01:F1:FF] 19.466msUnicast reply from 10.0.1.1 [68:8F:84:01:F1:FF] 2.358msUnicast reply from 10.0.1.1 [68:8F:84:01:F1:FF] 24.305msSent 3 probes (1 broadcast (s)) Received 3 response (s)

-c specifies the number of arp requests to be sent,-s specifies the source address, and the final IP indicates the destination (here is the gateway address).

8. Route displays or changes the routing table

[root@centos7 ~] # routeKernel IP routing tableDestination Gateway Genmask Flags Metric Ref Use Iface10.0.1.0 0.0.0.0 255.255.255.0 U 00 ens33link-local 0.0.0.0 255.255.0.0 U 1002 00 ens32link-local 0.0.0.0 255 .255.0.0 U 1003 00 ens33172.20.71.0 0.0.0.0 255.255.255.0 U 00 0 ens32192.168.78.0 10.0.1.104 255.255.255.0 UG 00 0 ens33

Where Destination represents the destination network segment or destination host; Gateway represents the gateway address; Genmask represents the mask of the destination network segment; Flags represents the route flag: U indicates that the route is enabled (up), G represents the gateway; Metric indicates the destination distance, usually expressed by the number of hops; Ref represents the number of references to the route; Use represents the route lookup count; and Iface indicates the exit of this route. The option-n indicates that the destination network segment is displayed digitally. The options add and del indicate adding or deleting a route. Options-net and netmask indicate the specified destination network segment and mask. The option gw indicates the specified gateway. The option dev IF specifies that the egress network card should add a route to 192.56.76.x so that its egress is ens32:

Route add-net 192.56.76.0 netmask 255.255.255.0 dev ens32

If you add a default route, indicate that its gateway is 10.0.1.1

Route add default gw 10.0.1.1

If you add a route to 172.20.70.0, the gateway is 10.0.1.2

Route add-net 172.20.70.0 Compact 24 gw 10.0.1.2

For example, delete the default route

Route del default

9. Telnet provides remote login function.

Because the telnet protocol uses clear text transmission, it is not applicable in environments that require secure login. It is now commonly used for port testing of network services:

[root@centos7 ~] # telnet 10.0.1.251 80Trying 10.0.1.251...Connected to 10.0.1.251.Escape character is'^]'. ^] # press CTRL+] here, or press CTRL+C to forcibly exit. Telnet > quitConnection closed.

Here the other party's port 80 is open and allows communication. When the peer port is not open:

[root@centos7 ~] # telnet 10.0.1.251 81Trying 10.0.1.251...telnet: connect to address 10.0.1.251: No route to host

When the peer rejects the connection:

[root@centos7 ~] # telnet 10.0.1.251 8085Trying 10.0.1.251...telnet: connect to address 10.0.1.251: Connection refused

10. Ssh remote login program

Ssh [OPTIONS]... [user@] hostname [command]

Ssh, whose full name is Secure Shell, provides secure and encrypted communication between insecure network hosts and is designed to replace other remote login protocols.

[root@centos7] # ssh 10.0.1.253The authenticity of host '10.0.1.253 (10.0.1.253)' can't be established.ECDSA key fingerprint is 96:bd:a3:a7:87:09:1b:53:44:4c:9b:b9:5f:b2:97:89.Are you sure you want to continue connecting (yes/no)? Yes # enter yesWarning: Permanently added '10.0.1.253' (ECDSA) to the list of known hosts.root@10.0.1.253's password: # enter the password Last login: Fri Nov 11 09:04:01 2016 from 192.168.78.137 [root@idc-v-71253] # # logged in

When the command ssh is directly followed by the CVM IP, the default user root is used to log in. If you log in for the first time, you need to confirm to add the authentication key of the CVM. When you enter yes, a record of the CVM will be added in the local / root/.ssh/known_hosts, so you don't have to confirm it again the next time you log in. Then we need to enter the user password, and after authentication, we have a shell of the destination host, and we can execute the command in this shell. Enter exit in the new shell to return to the original shell. If you need to log in to a host frequently, but do not want to enter a password every time, you can set password-free login:

[root@centos7 ~] # ssh-keygen-t rsaGenerating public/private rsa key pair.Enter file in which to save the key (/ root/.ssh/id_rsa): # enter Enter passphrase (empty for no passphrase): # enter Enter same passphrase again: # enter Your identification has been saved in / root/.ssh/id_rsa. # Private key Your public key has been saved in / root/.ssh/id_rsa.pub. # Public key The key fingerprint is:be:c3:d0:02:50:35:35:fe:60:d6:2f:26:96:f0:e1:e6 root@centos7The key's randomart image is:+-- [RSA 2048]-+ |... o.o | |. O o | |. . *. | |. * =. | |. S +. | | oroom.o. | | | + E | | o. | |. | | +-+ [root@centos7 ~] # [root@centos7 ~] # ssh-copy-id 10.0.1.253/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key (s) | To filter out any that are already installed/usr/bin/ssh-copy-id: INFO: 1 key (s) remain to be installed-- if you are prompted now it is to install the new keysroot@10.0.1.253's password:Number of key (s) added: 1Now try logging into the machine, with: "ssh '10.0.1.253'" and check to make sure that only the key (s) you wanted were added. [root@centos7 ~] #

The command ssh-keygen is used to generate the public key and private key, and the option-t indicates the key type. Then use the command ssh-copy-id to send the public key to the target host, where you need to enter the target host user password. Then you can log in without a password:

[root@centos7] # ssh 10.0.1.253Last login: Fri Nov 11 11:08:37 2016 from 10.0.1.254 [root@idc-v-71253] #

You can also execute commands remotely through ssh:

[root@centos7 ~] # ssh 10.0.1.252 "hostname" root@10.0.1.252's password: # enter password idc-v-71252 # display command result [root@centos7 ~] # do not log in

Or manually copy the public key to the target host:

[root@centos7 ~] # cat / root/.ssh/id_rsa.pub | ssh 10.0.1.252 "cat-> > / root/.ssh/authorized_keys" root@10.0.1.252's password: # enter password [root@centos7 ~] # ssh 10.0.1.252 # Secret-free login Last login: Thu Nov 10 14:42:11 2016 from 192.168.78.135 [root@idc-v-71252 ~] #

Option-p specifies the port for login:

[root@centos7 temp] # ssh-p22 10.0.1.252Last login: Fri Nov 11 11:44:31 2016 from 10.0.1.254 [root@idc-v-71252 ~] #

The port is set in the server configuration file / etc/ssh/sshd_config, and the default port number is 22. If you change it, uncomment # Port 22 and change 22 to the desired port, and then restart the sshd service service sshd restart or systemctl restart sshd. If you need to log in to the system with another user, execute ssh user@host. We can use the tar command to combine ssh and pipe to back up local (remote) files to remote (local) files:

Tar zc / home/temp | ssh user@host "tar xz" # Local temp directory backup to remote ssh user@host "tar cz / home/temp" | tar xz # remote temp directory backup to local

Option-L [bind_address:] port:host:hostport sets local port forwarding

[root@centos7 ~] # ssh-L 2222 10.0.1.253Last login: Mon Nov 14 10:34:43 2016 from 10.0.1.254 [root@idc-v-71253 ~] # # Note if the exit is disconnected here, this forwarding will also be terminated.

This command means to bind local port 2222 and forward all data sent to this port through the intermediate host 10.0.1.253 to port 22 of the target host 10.0.1.252. If you log in to port 2222 of this machine with ssh, you will actually log in to host 10.0.1.252.

[root@centos7] # ssh-p 2222 127.0.0.1Last login: Mon Nov 14 10:34:56 2016 from 10.0.1.253 [root@idc-v-71252 ~] #

The default binding here is the local loop return 127.0.0.1. If bound to another address, bind_address is set according to syntax. The option-N means that the command is not executed and is only useful when setting port forwarding. Because the above port forwarding command ssh-L 2222 10.0.1.252 22 10.0.1.253 will log in to the intermediate host, and the port forwarding will be terminated after exit, using the-N option will not log in, and will be executed in conjunction with the shell background. It would be a good choice to set port forwarding (but note that password-free login is required for intermediate hosts):

[root@centos7] # ssh-N-L 2222 root@centos7 10.0.1.252 22 10.0.1.253 & [1] 12432 [root@centos7 ~] #

The last symbol of the command & indicates that the command will be executed in the background. The returned information [1] indicates the background command number and 12432 indicates the PID of the command. (for shell background commands, which will be described in later articles) option-R [bind_address:] port:host:hostport sets remote port forwarding as we did on 10.0.1.253:

Ssh-R 2222 virtual 10.0.1.252 22 10.0.1.254

Then log in on 10.0.1.254:

[root@centos7] # ssh-p 2222 localhostLast login: Mon Nov 14 10:40:44 2016 from 10.0.1.253 [root@idc-v-71252 ~] #

This means that the remote host 10.0.1.254 (as opposed to 10.0.1.253) listens on port 2222 and then forwards all data sent to this port to port 22 of the target host 10.0.1.252. When you log in to port 2222 of the local (localhost) at 10.0.1.254, you actually log in to the target host 10.0.1.252 through the intermediate host 10.0.1.253. Option-o OPTION specifies the option in the configuration file (such as / etc/ssh/sshd_config) to avoid entering yes confirmation when logging in for the first time, you can add-o StrictHostKeyChecking=no.

11. Scp copy files remotely

Scp [OPTIONS]... [[user@] host1:] file1... [[user@] host2:] file2

The scp command encrypts data over the ssh protocol, similar to ssh login, by entering a remote host user password. For example, copy the file / root/tcp.sh from the remote host 10.0.1.253 to the local current directory:

[root@centos7 ~] # scp root@10.0.1.251:/root/a.txt. / root@10.0.1.251's password:a.txt 100% 0.1KB/s 00:00 [root@centos7 ~] #

The command displays the transfer status (transfer percentage, size, speed, time used). Copying local files to the remote is nothing more than swapping the source and destination. Option-P specifies the remote connection port (ssh service port), and-o ssh_option uses the ssh option. Option-l limit transmission speed limit, limit unit is Kbit/s. Similar to the command cp, the option-r indicates the copy directory,-p indicates the time to retain file permissions, etc.

12. Netstat prints network information

Option-a displays all port information:

[root@centos7] # netstat-aActive Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address Statetcp 0 0 0.0.0.0:ssh 0.0.0.0 Proto Recv-Q Send-Q Local Address Foreign Address Statetcp * LISTENtcp 0 0 localhost:smtp 0.0.0.0 aActive Internet connections * LISTENtcp 0 52 10.0.1 .254: ssh 192.168.78.143LISTENtcp6 49583 ESTABLISHEDtcp6 0 [::]: commplex-main [::]: * LISTENtcp6 0 [::]: 4243 [::]: * LISTENtcp6 0 [::]: ssh [::]: * LISTENtcp6 0 0 localhost:smtp [::]: * LISTENraw6 0 0 [::]: ipv6-icmp [:]: * 7raw6 0 0 [::]: ipv6-icmp [::]: * 7Active UNIX domain sockets (servers and established) Proto RefCnt Flags Type State I-Node Pathunix 2 [ACC] STREAM LISTENING 12807 / run/systemd/privateunix 2 [ACC] STREAM LISTENING 12815 / run/lvm/lvmpolld.socketunix 2 [] DGRAM 12818 / run/systemd/shutdowndunix 2 [ACC] STREAM LISTENING 16403 / var/run/dbus/system_bus_socket....

Only partial information option is shown here-t display TCP connection information option-n display IP address without domain name translation option-p display PID and program name

[root@centos7 ~] # netstat-antpActive Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program nametcp 0 0 0.0.0.0 antpActive Internet connections 22 0.0.0.0 antpActive Internet connections * LISTEN 1358/sshdtcp 0 0 127.0.1 15 0.0.0 LISTEN 2162/mastertcp 0 52 10.0.1.254 ESTABLISHED 12044/sshd 22 192.168.78.143 LISTEN 17222/docker-proxytcp6: root@pttcp6 00: 5000:: * LISTEN 17222/docker-proxytcp6 00: 4243:: * LISTEN 16983/docker tcp6 0 0: 22: * LISTEN 1358/sshdtcp6 0 0:: 1:25:: * LISTEN 2162/master [root@centos7 ~] #

Proto represents protocols (including TCP, UDP, etc.); Recv-Q and Send-Q represent receiving and sending queues, generally 0, and if non-zero means data waiting to be processed in the local receiving or sending cache; Local Address and Foreign Address represent local addresses and remote addresses respectively; State represents connection status, corresponding to various connection states of TCP; and PID/Program name represents process number and program name. Option-l indicates that only connections with a status of LISTEN are displayed

[root@centos7 ~] # netstat-ntlActive Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address Statetcp 0 0 0.0.0.0 only servers 22 0.0.0.0 Proto Recv-Q Send-Q Local Address Foreign Address Statetcp * LISTENtcp 0 0 127.0.1 Proto Recv-Q Send-Q Local Address Foreign Address Statetcp 25 0.0.0.015 * LISTENtcp6 0 0:: 5000:: * LISTENtcp6 00: 4243: * LISTENtcp6 00: 22: * LISTENtcp6 00:: 1:25:: : * LISTEN [root@centos7 ~] #

Option-u to display UDP connection information option-r to display routing information

[root@centos7] # netstat-rKernel IP routing tableDestination Gateway Genmask Flags MSS Window irtt Ifacedefault 10.0.1.103 0.0.0.0 UG 000 ens3310.0.1.0 0.0.0.0 255.255.255.0 U 000 ens33172.20.71.0 0.0. 0.0 255.255.255.0 U 0 0 0 ens32192.168.78.0 10.0.1.104 255.255.255.0 UG 0 0 0 ens33

Option-I displays interface information

[root@centos7] # netstat-iKernel Interface tableIface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flgens32 1500 13196107 0 77 0 3246 00 BMRUens33 1500 25312388 0 88 0 2516050 000 0 BMRUlo 65536 2503589 00 02503589 00 LRU

13. Tcpdump network packet grabbing tool

Command tcpdump captures a packet of a network interface that conforms to the expression expression and prints out a description of the contents of the packet. Option-I specifies the network card:

[root@idc-v-71253] # tcpdump-I ens33tcpdump: verbose output suppressed, use-v or-vv for full protocol decodelistening on ens33, link-type EN10MB (Ethernet), capture size 65535 bytes15:41:59.121948 IP 10.0.1.108.3693 > 239.100.1.1.websm: UDP, length 5815 Length 57 15 Flags 59.128282 IP 10.0.1.253.ssh > 192.168.78.143.51694: Flags [P.], seq 749565300 Flags 749565496, ack 3522345564, win 255, length 19615141.127 IP 192.168.78.143.51694 > 10.0.1.253.ssh: Flags [.], ack 196, win 3977, length 015 41R 59.140319 ARP, Request who-has 10.0.1.31 tell 10.0.1.102, length 4615 41R 59.168328 ARP Request who-has 10.0.1.37 tell 10.0.1.102, length 4615 ARP tell 59.262235 ARP, Request who-has 192.168.10.150 tell 192.168.10.151, length 46151Vera 59.622090 IP 10.0.1.108.3693 > 239.100.1.1.websm: UDP, length 5815 IP 10.0.1.109.35673 > 239.100.1.1.websm: UDP, length 57.

After starting the command, it shows that you can use-v or-vv to display more detailed information and start capturing packets from ens33. The output shows the header information of each sending or receiving packet (including ARP, IP, TCP, UDP, and so on). This command does not specify expression, so all packets are captured by default. If a packet needs to be captured and analyzed by another program, such as wireshark, you can use the option-w file to write the data to a file, and you need to use the option-s 0 to specify a packet size of 65535 bytes that can be captured to prevent the packet from being truncated and unparsed. In the real environment, the amount of packets flowing through the network card is huge. You can use expressions to filter packets, and for each packet, it is filtered by the expression, and only when the value of the expression is true will it be output. Expression can contain conditions specified by one or more keywords. You can use and (or & &), or (or | |), not (or!) And parentheses () denote the logical relationship between keywords, which can be used >,

Tcpdump-I ens33 dst host 10.0.1.25 monitors all packets sent from port ens33 to host 10.0.1.251. The host can also be the hostname tcpdump-I eth0 host! 211.161.223.70 and! 211.161.223.71 and dst port 8 listen port eth0 Grab packets tcpdump tcp port 23 host 210.27.48 and received or sent by host 210.27.48.1 not from or to hosts 211.161.223.70 and 211.161.223.71 with destination port 80 ((ip [2:2]-(ip [0] & 0xf) > 2)! = 0) and src net (183.60.190 or 122.13.220)' -S0-I eth0-w ipdump# capture source or destination port is 80 And the source network is (183.60.190.0 Universe 24 or 122.13.220.0 Universe 24) And it contains data, instead of writing data-free TCP packets such as SYN,FIN and ACK-only to the file ipdump#. Note that here expressions are enclosed in single quotation marks to avoid syntax errors tcpdump'tcp [tcpflags] & (tcp-syn | tcp-fin)! = 0 and! Src and dst net 10.0.0 packets # only prints the start and end packets of TCP (SYN and FIN tags), and the source and destination network segments are not 10.0.0.0/24tcpdump 'gateway 10.0.1.1 and ip [2:2] > 576 packets # means crawling IP packets sent to the gateway 10.0.1.1 and larger than 576bytes thank you for reading! This is the end of this article on "what are the network commands in Linux?". I hope the above content can be of some help to you, so that you can learn more knowledge. if you think the article is good, you can share it for more people to see!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.