TCP/IP

1. telnet：检查端口是否打开。
   • telnet的一个最大作用就是检查一个端口是否处于打开，使用的命令是 telnet[domainname or ip] [port]，这条命令能告诉我们到远端 server 指定端口的网连接是否可达。
2. netstat：用于显示各种网络相关信息。
   • -a(all)：显示所有选项，默认不显示LISTEN相关；
   • -t (tcp)仅显示tcp相关选项；
   • -u(udp)仅显示udp相关选项；
   • -n 拒绝显示别名，能显示数字的全部转化成数字-仅列出有在 Listen (监听)的服务状态；
   • -p显示建立相关链接的程序名；
   • -r显示路由信息，路由表；
   • -e 显示扩展信息，例如uid等；
   • -s按各个协议进行统计；
   • -c 每隔一个固定时间，执行该netstat命令

   •  netstat -a ：显示所有
      netstat -at：显示与tcp协议相关的
      netstat -au：udp相关
      netstat -l：显示正在监听的
      netstat -lt：显示正在监听的tcp协议相关的
      netstat -lu：显示正在监听的udp协议相关的

3. tcpdump：tcpdump 则是一个命令行的网络流量分析工具，功能非常强大,一般我们用来抓TCP的包。
   •  tcpdump -i any：监听任意网卡

   • # tcpdump -help
     tcpdump version 4.9.2
     libpcap version 1.5.3
     OpenSSL 1.0.2k-fips  26 Jan 2017
     Usage: tcpdump [-aAbdDefhHIJKlLnNOpqStuUvxX#] [ -B size ] [ -c count ]
                     [ -C file_size ] [ -E algo:secret ] [ -F file ] [ -G seconds ]
                     [ -i interface ] [ -j tstamptype ] [ -M secret ] [ --number ]
                     [ -Q|-P in|out|inout ]
                     [ -r file ] [ -s snaplen ] [ --time-stamp-precision precision ]
                     [ --immediate-mode ] [ -T type ] [ --version ] [ -V file ]
                     [ -w file ] [ -W filecount ] [ -y datalinktype ] [ -z postrotate-command ]
                     [ -Z user ] [ expression ]

   • tcpdump -i any host ip

监听本地80端口：

[root@huangdh-9930 ~]# tcpdump -nn -i eth0 port 80
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
12:03:15.556864 IP 172.28.208.175.53044 > 100.100.30.25.80: Flags [P.], seq 2246809072:2246810914, ack 1100304209, win 1432, length 1842: HTTP
12:03:15.584514 IP 100.100.30.25.80 > 172.28.208.175.53044: Flags [.], ack 1842, win 2843, length 0
12:03:17.341897 IP 172.28.208.175.43738 > 110.242.68.4.80: Flags [S], seq 1119341673, win 29200, options [mss 1460,sackOK,TS val 4058379371 ecr 0,nop,wscale 7], length 0
12:03:17.377351 IP 110.242.68.4.80 > 172.28.208.175.43738: Flags [S.], seq 3935201237, ack 1119341674, win 8192, options [mss 1452,sackOK,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,wscale 5], length 0
12:03:17.377389 IP 172.28.208.175.43738 > 110.242.68.4.80: Flags [.], ack 1, win 229, length 0
12:03:17.377520 IP 172.28.208.175.43738 > 110.242.68.4.80: Flags [P.], seq 1:78, ack 1, win 229, length 77: HTTP: GET / HTTP/1.1
12:03:17.413141 IP 110.242.68.4.80 > 172.28.208.175.43738: Flags [.], ack 78, win 908, length 0
12:03:17.414143 IP 110.242.68.4.80 > 172.28.208.175.43738: Flags [P.], seq 1:2782, ack 78, win 908, length 2781: HTTP: HTTP/1.1 200 OK
12:03:17.414158 IP 172.28.208.175.43738 > 110.242.68.4.80: Flags [.], ack 2782, win 272, length 0
12:03:17.414281 IP 172.28.208.175.43738 > 110.242.68.4.80: Flags [F.], seq 78, ack 2782, win 272, length 0
12:03:17.423564 IP 110.242.68.4.80 > 172.28.208.175.43738: Flags [P.], seq 1453:2782, ack 78, win 908, length 1329: HTTP
12:03:17.423586 IP 172.28.208.175.43738 > 110.242.68.4.80: Flags [.], ack 2782, win 272, options [nop,nop,sack 1 {1453:2782}], length 0
12:03:17.449763 IP 110.242.68.4.80 > 172.28.208.175.43738: Flags [.], ack 79, win 908, length 0
12:03:17.449797 IP 110.242.68.4.80 > 172.28.208.175.43738: Flags [F.], seq 2782, ack 79, win 908, length 0
12:03:17.449816 IP 172.28.208.175.43738 > 110.242.68.4.80: Flags [.], ack 2783, win 272, length 0
12:03:17.770320 IP 172.28.208.175.53044 > 100.100.30.25.80: Flags [P.], seq 1842:3568, ack 1, win 1432, length 1726: HTTP
12:03:17.797997 IP 100.100.30.25.80 > 172.28.208.175.53044: Flags [.], ack 3568, win 2843, length 0

客户端工具：wireshark