linux中网络相关命令总结

查看DNS服务器

cat /etc/resolv.conf 

; generated by /sbin/dhclient-script
options rotate timeout:1
nameserver 183.60.83.19
nameserver 183.60.82.98

ping 使用的是icmp协议，ping -c3 -i2 -s512 www.baidu.com
c 表示次数
i 表示间隔
s 表示发数据包的大小

curl测试

[[email?protected] ~]# curl -I api.mch.weixin.qq.com 

        HTTP/1.1 302 Moved Temporarily
        Server: nginx
        Date: Mon,16 Apr 2018 03:55:45 GMT
        Content-Type: text/html
        Content-Length: 154
        Connection: keep-alive
        Keep-Alive: timeout=8
        Location: http://wx.gtimg.com/core/404.html

curl -o /dev/null -4 -v -s -w %{time_namelookup}:%{time_connect}:%{time_starttransfer}:%{time_total}"n" ‘https://api.mch.weixin.qq.com/orderquery‘

1.获取页面内容
不加任何选项使用 curl 时，默认会发送 GET 请求来获取链接内容到标准输出。

2. 显示 HTTP 头
   如果我们只想要显示 HTTP 头，而不显示文件内容，可以使用 -I 选项：
   curl -I http://www.codebelief.com

3.通过 curl 自带的 -o/-O 选项将内容保存到文件中。
-o（小写的 o）：结果会被保存到命令行中提供的文件名
-O（大写的 O）：URL 中的文件名会被用作保存输出的文件名

curl -o index.html http://www.codebelief.com
curl -O http://www.codebelief.com/index.html

4. 同时下载多个文件
   我们可以使用 -o 或 -O 选项来同时指定多个链接
   curl -o page1.html http://www.baidu.com -o page2.html http://www.qq.com

查看域名解析

[[email?protected] ~]# dig api.weixin.qq.com

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6_8.3 <<>> api.weixin.qq.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY,status: NOERROR,id: 1691
;; flags: qr rd ra; QUERY: 1,ANSWER: 1,AUTHORITY: 0,ADDITIONAL: 0

;; QUESTION SECTION:
;api.weixin.qq.com.     IN  A

;; ANSWER SECTION:
api.weixin.qq.com.  372 IN  A   182.254.106.119

;; Query time: 0 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Mon Mar 12 15:51:54 2018
;; MSG SIZE  rcvd: 51

查看域名解析还有一个命令 nslookup

[[email?protected] ~]# nslookup 
> www.qq.com
Server:     183.60.83.19
Address:    183.60.83.19#53

Non-authoritative answer:
Name:   www.qq.com
Address: 180.163.26.39

trace

通过trace确认对应的路由节点，时间比较长或者（*）表示网络故障点，以星号表示的，可能是防火墙封掉了ICMP的返回信息，所以我们得不到什么相关的数据包返回数据。
trceroute www.qq.com linux上检查各个路由节点的情况（到达目的地址，所要经过的路由网关节点）
tracert -d www.qq.com 这个是用于win上的检查跟踪路由

-n 显示IP地址，不查主机名,比如
traceroute -n www.baidu.com (输出内容比较简洁)

[[email?protected] ~]# traceroute api.mch.weixin.qq.com
traceroute to api.mch.weixin.qq.com (182.254.33.35),30 hops max,60 byte packets
 1  10.112.81.1 (10.112.81.1)  6.059 ms  6.156 ms  6.221 ms
 2  10.112.254.104 (10.112.254.104)  9.140 ms  9.137 ms  9.327 ms
 3  10.200.135.73 (10.200.135.73)  1.059 ms  1.162 ms  1.047 ms
 4  182.254.127.52 (182.254.127.52)  6.378 ms 182.254.127.51 (182.254.127.51)  6.898 ms 182.254.127.52 (182.254.127.52)  6.144 ms
 5  * * *
 6  * * *
 7  * * *
 8  * * *
 9  * * *
10  * * *
11  * * *
12  * * *
13  * * *
14  * * *
15  * * *

输出需要确认有一列的时间超过3s才有参考意义

对于有HTTP服务的主机，可以用参数设置traceroute使用TCP协议进行探测，就可以获得最终节点：

-I --icmp Use ICMP ECHO for tracerouting
-T --tcp Use TCP SYN for tracerouting
-p port --port=port

[[email?protected] ~]# traceroute -T -n -p 80 baidu.com
traceroute to baidu.com (220.181.57.216),60 byte packets
 1  10.112.81.2  7.427 ms  7.556 ms  7.662 ms
 2  10.112.254.106  9.547 ms  9.631 ms  9.715 ms
 3  10.200.135.73  5.395 ms  5.399 ms  5.410 ms
 4  14.18.199.58  2.477 ms  2.476 ms 14.18.199.78  2.186 ms
 5  * 14.119.117.133  2.142 ms *
 6  113.96.7.194  10.794 ms 183.60.112.5  6.716 ms 113.96.7.198  10.530 ms
 7  113.108.208.213  7.904 ms  7.900 ms  8.019 ms
 8  202.97.65.53  43.571 ms 202.97.65.205  40.436 ms 202.97.65.101  39.845 ms
 9  * * 180.149.159.14  44.081 ms
10  * * *
11  * * *
12  220.181.17.94  42.861 ms 220.181.17.22  43.363 ms 220.181.182.34  43.457 ms
13  * * *
14  220.181.57.216  44.007 ms  42.132 ms *

mtr
结合ping nslookup tracert 来判断网络的相关特性，通过mtr确认对应的路由节点丢包情况

[[email?protected] ~]# mtr -r api.mch.weixin.qq.com
HOST: www                         Loss%   Snt   Last   Avg  Best  Wrst StDev
  1. 10.112.81.1                   0.0%    10    2.9   2.6   1.5   5.5   1.5
  2. 10.112.254.104                0.0%    10    1.9   2.9   1.7  11.3   3.0
  3. 10.200.135.73                 0.0%    10    1.1   1.1   1.0   1.2   0.1
  4. 182.254.127.51                0.0%    10    6.5   6.5   6.4   6.7   0.1
  5. ???                          100.0    10    0.0   0.0   0.0   0.0   0.0
  6. 10.238.119.42                10.0%    10   30.6  26.1  10.3  39.8   9.6
  7. 182.254.33.35                 0.0%    10    5.2   5.2   5.1   5.2   0.0

其中说明：
-c –report-cycles COUNT
?-n 不用主机解释
-c 发送多少个数据包
-r --report 结果显示，并不动态显示。
-i 表示间隔时间

?第一列:显示的是IP地址和本机域名，这点和tracert很像
第二列:是显示的每个对应IP的丢包率
第三列:snt:10 设置每秒发送数据包的数量，默认值是10 可以通过参数 -c来指定。
第四列:显示的最近一次的返回时延
第五列:是平均值 这个应该是发送ping包的平均时延
第六列:是最好或者说时延最短的
第七列:是最差或者说时延最常的
第八列:是标准偏差

模拟网络抓包

一台机器上面ping 139.199.160.55

另一台机器上面tcpdump监听

[[email?protected] ~]# tcpdump -n icmp -i eth0 and src 59.37.125.48
tcpdump: verbose output suppressed,use -v or -vv for full protocol decode
listening on eth0,link-type EN10MB (Ethernet),capture size 65535 bytes
17:12:14.780171 IP 59.37.125.48 > 172.16.0.11: ICMP echo request,id 5479,seq 1,length 64
17:12:15.771386 IP 59.37.125.48 > 172.16.0.11: ICMP echo request,id 4099,seq 2,length 64
17:12:16.772649 IP 59.37.125.48 > 172.16.0.11: ICMP echo request,id 4111,seq 3,length 64
17:12:17.774895 IP 59.37.125.48 > 172.16.0.11: ICMP echo request,id 4121,seq 4,length 64
17:12:18.776877 IP 59.37.125.48 > 172.16.0.11: ICMP echo request,id 4125,seq 5,length 64
17:12:19.780618 IP 59.37.125.48 > 172.16.0.11: ICMP echo request,id 5684,seq 6,length 64

6 packets captured
6 packets received by filter
0 packets dropped by kernel

tcpdump -i eth0 -nnX port 21
选项：
-i 指定网卡接口
-nn 将数据包中的域名与服务转为ip和端口
-X 以十六进制和ASCII码的显示数据包内容
port 指定监听端口

[[email?protected] ~]# tcpdump -i eth0 -nnX port 21
tcpdump: verbose output suppressed,capture size 65535 bytes
17:54:08.047349 IP 59.37.125.48.3128 > 172.16.0.11.21: Flags [S],seq 913042176,win 8192,options [mss 1412,nop,wscale 0,sackOK],length 0
    0x0000:  4500 0034 01f4 4000 3106 e35f 3b25 7d30  [email?protected]_;%}0
    0x0010:  ac10 000b 0c38 0015 366b eb00 0000 0000  .....8..6k......
    0x0020:  8002 2000 bd1e 0000 0204 0584 0103 0300  ................
    0x0030:  0101 0402                                ....
17:54:08.047378 IP 172.16.0.11.21 > 59.37.125.48.3128: Flags [S.],seq 3851070068,ack 913042177,win 14600,options [mss 1460,sackOK,wscale 7],length 0
    0x0000:  4500 0034 0000 4000 4006 d653 ac10 000b  [email?protected]@..S....
    0x0010:  3b25 7d30 0015 0c38 e58a aa74 366b eb01  ;%}0...8...t6k..
    0x0020:  8012 3908 13cf 0000 0204 05b4 0101 0402  ..9.............
    0x0030:  0103 0307

nmap 主机扫描工具：主机探测，端口扫描，版本检测，系统检测等

1、用Nmap扫描特定IP地址

[[email?protected] ~]# nmap 127.0.0.1

Starting Nmap 5.51 ( http://nmap.org ) at 2018-03-12 09:43 CST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000012s latency).
Not shown: 995 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
23/tcp   open  telnet
25/tcp   open  smtp
80/tcp   open  http
3306/tcp open  mysql

Nmap done: 1 IP address (1 host up) scanned in 0.17 seconds

2.端口扫描 nmap -p1,12,22,34,254 127.0.0.1

[[email?protected] ~]# nmap -p1-50 127.0.0.1

Starting Nmap 5.51 ( http://nmap.org ) at 2018-03-12 09:46 CST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.0000050s latency).
Not shown: 47 closed ports
PORT   STATE SERVICE
22/tcp open  ssh
23/tcp open  telnet
25/tcp open  smtp

Nmap done: 1 IP address (1 host up) scanned in 0.06 seconds

3.扫描一个段的主机在线状况(对目标进行Ping检测)
nmap -sP 139.199.160.0/24

[[email?protected] ~]# nmap -sP 139.199.160.55-68

Starting Nmap 5.51 ( http://nmap.org ) at 2018-03-12 09:57 CST
Nmap scan report for 139.199.160.55
Host is up (0.0033s latency).
Nmap scan report for 139.199.160.56
Host is up (0.015s latency).
Nmap scan report for 139.199.160.57
Host is up (0.0070s latency).
Nmap scan report for 139.199.160.58
Host is up (0.014s latency).
Nmap scan report for 139.199.160.59

4.万能开关扫描

[[email?protected] ~]# nmap -A 127.0.0.1

Starting Nmap 5.51 ( http://nmap.org ) at 2018-03-15 15:52 CST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000036s latency).
Not shown: 996 closed ports
PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 5.3 (protocol 2.0)
| ssh-hostkey: 1024 2d:f8:06:ea:aa:3e:22:9b:bf:c7:ce:c5:dc:69:e6:78 (DSA)
|_2048 2e:3f:af:53:07:5a:fc:cf:09:a3:ac:27:39:1d:d5:e8 (RSA)
23/tcp open  telnet  Linux telnetd
25/tcp open  smtp    Postfix smtpd
80/tcp open  http    Apache httpd 2.2.34 ((Unix) DAV/2)
| http-methods: Potentially risky methods: TRACE
|_See http://nmap.org/nsedoc/scripts/http-methods.html
|_http-title: Site doesn‘t have a title (text/html).
No exact OS matches for host (If you know what OS is running on it,see http://nmap.org/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=5.51%D=3/15%OT=22%CT=1%CU=36121%PV=N%DS=0%DC=L%G=Y%TM=5AAA265C%P=
OS:x86_64-redhat-linux-gnu)SEQ(SP=106%GCD=1%ISR=108%TI=Z%CI=Z%II=I%TS=A)SEQ
OS:(SP=106%GCD=4%ISR=108%TI=Z%CI=Z%II=I%TS=A)OPS(O1=MFFD7ST11NW7%O2=MFFD7ST
OS:11NW7%O3=MFFD7NNT11NW7%O4=MFFD7ST11NW7%O5=MFFD7ST11NW7%O6=MFFD7ST11)WIN(
OS:W1=FFCB%W2=FFCB%W3=FFCB%W4=FFCB%W5=FFCB%W6=FFCB)ECN(R=Y%DF=Y%T=40%W=FFD7
OS:%O=MFFD7NNSNW7%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(
OS:R=N)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T5(R=Y%DF=Y%T=40%W=0%S=Z
OS:%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=Y
OS:%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R=Y%DF=N%T=40%IPL=164%UN=0%RI
OS:PL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=40%CD=S)

Network Distance: 0 hops
Service Info: Host:  www.localdomain; OS: Linux

OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 17.85 seconds

分析网络连接里面，正在连接的所有IP连接数，计数，连接状态数分析

[[email?protected] ~]# netstat -an |awk ‘/^tcp/ {++S[$NF]} END {for(key in S) print S[key],key }‘
2 ESTABLISHED
2 LISTEN

[[email?protected] ~]# netstat -an |grep ^tcp |awk -F ‘[ :]+‘ ‘/^tcp/ {print $6}‘|sort|uniq -c
2 0.0.0.0
1 169.254.0.15
1 169.254.0.55
1 59.37.125.48

[[email?protected] ~]# netstat -an |awk -F ‘[ :]+‘ ‘/^tcp/ {++S[$6]} END {for (key in S) print S[key],key}‘|sort
1 169.254.0.55
1 59.37.125.48
2 0.0.0.0

分析http服务，日志IP的访问次数，计数

去重uniq命令使用示例

[[email?protected] ~]# cat a.txt
10.0.0.2
10.0.0.2
10.0.0.2
10.0.0.4
10.0.0.5
10.0.0.5
10.0.0.8
[[email?protected] ~]# uniq a.txt
10.0.0.2
10.0.0.4
10.0.0.5
10.0.0.8
[[email?protected] ~]# uniq -c a.txt
3 10.0.0.2
1 10.0.0.4
2 10.0.0.5
1 10.0.0.8

sort排序使用示例（n数字排序，r倒序排序,t指定分割符号 ，k指定排序的列）

[[email?protected] ~]# sort -n a.txt
10.0.0.2
10.0.0.2
10.0.0.2
10.0.0.4
10.0.0.5
10.0.0.5
10.0.0.8

[[email?protected] ~]# sort -nr a.txt
10.0.0.8
10.0.0.5
10.0.0.5
10.0.0.4
10.0.0.2
10.0.0.2
10.0.0.2

[[email?protected] ~]# cat b.txt
10.0.0.2 d
10.0.0.2 s
10.0.0.2 t
10.0.0.4 a
10.0.0.5 z
10.0.0.5 g
10.0.0.8 c
[[email?protected] ~]# sort -t " " -k 2 b.txt
10.0.0.4 a
10.0.0.8 c
10.0.0.2 d
10.0.0.5 g
10.0.0.2 s
10.0.0.2 t
10.0.0.5 z

sort综合使用案例：对最后两位Ip进行排序，（逗号连接的是字段，点号连接的是字符）
[[email?protected] ~]# cat c.txt
10.0.1.2 d
10.0.0.213 s
10.0.6.11 t
10.0.0.4 a
10.0.4.54 z
10.0.9.6 g
10.0.2.82 c

[[email?protected] ~]# sort -n -t. -k3,3 -k4.1,4.3 c.txt
10.0.0.4 a
10.0.0.213 s
10.0.1.2 d
10.0.2.82 c
10.0.4.54 z
10.0.6.11 t
10.0.9.6 g

[[email?protected] ~]# cat a.log
://www.baidu.com/
://www.baidu.com/
://www.taobao.com/
http://news.sina.com.cn/
://www.baidu.com/
http://news.sina.com.cn/
://www.baidu.com/
http://www.qq.com/
://www.baidu.com/
https://www.bilibili.com/
http://news.sina.com.cn/
http://news.sina.com.cn/

[[email?protected] ~]# awk -F "/" {‘print $3‘} a.log |sort |uniq -c|sort -r
5 www.baidu.com
4 news.sina.com.cn
1 www.taobao.com
1 www.qq.com
1 www.bilibili.com

[[email?protected] ~]# awk -F "/" ‘{++S[$3]} END {for (key in S) print S[key],key} ‘ a.log |sort -r
5 www.baidu.com
4 news.sina.com.cn
1 www.taobao.com
1 www.qq.com
1 www.bilibili.com

[[email?protected] ~]# awk ‘/^tcp/ {print $NF}‘ netstat.log |sort |uniq -c
2 ESTABLISHED
2 LISTEN

[[email?protected] ~]# awk ‘/^tcp/ {++S[$NF]} END {for(key in S) print S[key],key }‘ netstat.log 2 ESTABLISHED2 LISTEN