Linux命令幫助的獲—iproute家族
iproute家族命令:
ip命令
ss命令
nmcli命令
nmtui命令
ip命令
- 功能:顯示或控制路由設備、策略路由和隧道
- 格式:
ip [OPTION] OBJECT {COMMAND | help}
常用OBJECT:
link,addr,route,netns
註意: OBJECT可簡寫,各OBJECT的子命令也可簡寫,接上OBJECT之後可以在後面再接上具體的OBJECT 支持的選項
help:例如# ip link help可以顯示簡要的使用信息
1、ip link
-
- 功能:網絡設備配置(網絡接口)
- 格式:
- 功能:網絡設備配置(網絡接口)
# ip link set dev IFACE
網絡接口的設置(dev表示設備),IFCAE後可接一些屬性,dev可以省略
[email protected]# ip link set etho down
# ip link show:顯示網卡信息
[dev IFACE] :指定接口
eg:ip link show dev ens33
[up] :僅顯示處於激活狀態的接口
# ip link name NAME :為網絡接口重命名
eg:
[[email protected] ~]# ip link set eno33554984 down --------改名前先禁用網卡 [[email protected] ~]# ip link set eno33554984 name eno33333333 [[email protected] ~]# ip link show ------------------網卡重命名成功 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eno16777736: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000 link/ether 00:0c:29:90:fa:11 brd ff:ff:ff:ff:ff:ff 3: eno33333333: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN mode DEFAULT qlen 1000 link/ether 00:0c:29:90:fa:1b brd ff:ff:ff:ff:ff:ff
2、ip addr
-
- 功能 :ip地址的刪除或者添加
- 格式:
- # ip addr {add | del} IFADDR dev STRING
STRING:
[label LABEL] : 添加地址時指明網卡別名
[scope {global | link |shost}] :作用域
global :全局可用
link:僅鏈接可用
host :本機可用
[broadcast ADDRESS] :指明廣播地址
-
-
- # ip address show : look at protocol addresses
-
[dev DEVICE]
[label PATTERN]
[primary and secondary]
-
-
- # ip address flush : flush protocal address
-
3、#ip route
routing table management
1、添加新路由 : ip route add
# ip route add TARGET via GW dev IFACE src SOURCE_IP
TARGET src
說明:
當為主機路由時:ip
當為網絡路由時 :ip/mask,要加子網掩碼
src:只有當網卡ip地址被設置多個時才使用這個
eg:
# 指定設備為eth0添加一個路由192.168.1.3,網關為172.16.0.1,這是一個主機路由。網絡路由和默認路由參考ifcfg裏面的route命令
[[email protected] ~]# ip route addr 192.168.1.3 via 172.16.0.1 dev eth0
2、改變路由 :ip route change
格式:# ip route del TYPE PRIEFIX
eg:
[[email protected] ~]# ip route del 192.168.1.0/24
3、替換或添加一個新路由 :ip route replace
4、刪除路由 :ip route delete
格式:# ip route del TARGET
5、查看路由 :ip route show
6、清空路由 :ip route flush
格式:# ip route flush [dev IFACE] [VIA PREFIX]
[dev IFACE] :僅清空和某個接口相關聯的路由,若省略,則表示所有的
[via PREFIX] :只清空或者顯示與指定網關相關的
eg:
# 刪除主機路由
[[email protected] ~]# ip route del 192.168.1.3
# 刪除網絡路由,要加子網掩碼
[[email protected] ~]# ip route del 192.168.1.3/24
# 清空某類路由
[[email protected] ~]# ip route flush 169/8 ---凡是169網段的都刪掉,但不一定能刪掉系統創建的路由 [[email protected] ~]# ip route list 192.168.0.0/24 dev eth1 proto kernel scope link src 192.168.0.106 metric 1 172.16.0.0/16 dev eth1 proto kernel scope link src 172.16.10.20 169.254.0.0/16 dev eth0 scope link metric 1002 default via 172.16.0.10 dev eth1 src 172.16.10.20 [[email protected] ~]# ip route flush 169.254/16---在上面的基礎上把範圍再精確一些,發現就能刪掉了 [[email protected] ~]# ip route list 192.168.0.0/24 dev eth1 proto kernel scope link src 192.168.0.106 metric 1 172.16.0.0/16 dev eth1 proto kernel scope link src 172.16.10.20 default via 172.16.0.10 dev eth1 src 172.16.10.20
一些eg:
# 顯示當前網絡地址
[[email protected] ~]# ip addr show 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:d3:73:49 brd ff:ff:ff:ff:ff:ff inet 192.168.22.133/24 brd 192.168.22.255 scope global dynamic ens33 valid_lft 1467sec preferred_lft 1467sec inet6 fe80::e508:e81e:801f:4073/64 scope link valid_lft forever preferred_lft forever 3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN qlen 1000 link/ether 52:54:00:84:35:64 brd ff:ff:ff:ff:ff:ff inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0 valid_lft forever preferred_lft forever 4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN qlen 1000 link/ether 52:54:00:84:35:64 brd ff:ff:ff:ff:ff:ff [[email protected] ~]#
# 增加一個地址,如果已經有了,則添加的作為備用。ip addr del...用法類似
[[email protected] ~]# ip addr add 172....
# 同一塊網卡的另一個地址,並給其指明別名label
[[email protected] ~]# ip addr add 172.... dev eth0 label "eth0:0"
# 替換,沒指明替換哪一個的話,相當於上面的add
[[email protected] ~]# ip addr replace 172....
ss命令
- 功能:網絡狀態查看工具
- 格式: ss [OPTION]...[FILTER]
選項:
-t :tcp協議相關
-u :udp協議相關
-w :裸套接字相關
-x :unix sock相關
-l :listen狀態的連接
-a :所有
-n :數字格式
-p :相關的程序及PID
-e :擴展的信息
-m:內存用量
-o:計時器信息
FILTER := [ state STATE-FILTER ] [ EXPRESSION ]
常用組合:
-tan,-tanl,-tanlp,-uan
說明:FILTER是過濾器
格式:
[ state STATE-FILTER ] :顯示特定狀態的連接
[ EXPRESSION ] :自己給定表達式
即( dport = :ssh or sport = :ssh )‘
sport、deport表示僅顯示源端口或者目標端口
eg:
# 把源端口和目標端口是22且狀態為連接的都顯示出來
[[email protected] ~]# ss -tan state ESTABLISHED `(dport=:22 or sport=:22)` Recv-Q Send-Q Local Address:Port Peer Address:Port 0 52 192.168.0.110:22 192.168.0.104:5115
# 把源端口和目標端口是22的都顯示出來
[[email protected] ~]# ss -tan ‘( dport = :22 or sport = :22 )‘ State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 :::22 :::* LISTEN 0 128 *:22 *:* ESTAB 0 52 192.168.0.110:22 192.168.0.104:5115
- TCP的常見狀態:
LISTEN :監聽,等待別人來訪問時的服務狀態
ESTABLISEHD:已建立的連接,正在通信中
FIN_WAIT_1:斷開之類的
FIN_WAIT_2:斷開之類的
SYN_SENT:SYN已發送
sYN_RECV:SYN已接送
CLOSED:已關閉
eg:
# 顯示所有狀態為ESTABLISHED的連接
[[email protected] ~]# ss -tan state ESTABLISHED Recv-Q Send-Q Local Address:Port Peer Address:Port 0 52 192.168.22.133:22 192.168.22.1:50084 0 0 192.168.22.133:22 192.168.22.1:50083 [[email protected] ~]# ^C
# 顯示狀態為LISTEN的連接,LISTEN可以簡寫為l
[[email protected] ~]# ss -tanl State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 *:111 *:* LISTEN 0 5 192.168.122.1:53 *:* LISTEN 0 128 *:22 *:* LISTEN 0 128 127.0.0.1:631 *:*
Linux命令幫助的獲—iproute家族