network troubleshoot

0.命令总结

  nslookup  host  ping  netstat  traceroute  route   nmap  arp  ifconfig  dhclient

1.网络信息查看

[root@localhost linux_shell]# yum -y install bind-utils    #CentOS_7默认没有nslookup命令,需要安装

[root@localhost linux_shell]# nslookup www.baidu.com      #nslookup:域名解析测试命令
Server:        10.0.0.1                       #DNS服务器的地址
Address:    10.0.0.1#53                       #DNS服务器使用UDP协议,端口为53

Non-authoritative answer:
www.baidu.com    canonical name = www.a.shifen.com.    
Name:    www.a.shifen.com                      #一个域名可以对应多个IP地址
Address: 180.101.49.12
Name:    www.a.shifen.com
Address: 180.101.49.11

nslookup:完成IP地址和域名之间的相互映射。

配置文件:

   1.局部:/etc/sysconfig/network-scripts/ifcfg-ens ——> DNS:ip        针对单独网卡,优先级最低

   2.全局:/etc/resolv.conf            ——> nameserver:ip  针对所有网卡,优先级次高

   3.主机:/etc/hosts               ——>  静态解析,优先级最高

[root@localhost linux_shell]# host www.baidu.com    
www.baidu.com is an alias for www.a.shifen.com.
www.a.shifen.com has address 180.101.49.11
www.a.shifen.com has address 180.101.49.12

[root@localhost linux_shell]# host www.google.com www.google.com has address 199.59.149.136 www.google.com has IPv6 address 2404:6800:4012:1::2004

[root@localhost linux_shell]# host google.com google.com has address 46.82.174.69 google.com has IPv6 address 2404:6800:4012::200e google.com mail is handled by 30 alt2.aspmx.l.google.com. google.com mail is handled by 10 aspmx.l.google.com. google.com mail is handled by 20 alt1.aspmx.l.google.com. google.com mail is handled by 40 alt3.aspmx.l.google.com. google.com mail is handled by 50 alt4.aspmx.l.google.com.

host:列出某个域名所有的IP地址,测试域名系统工作是否正常。

2.网络节点测试

[root@localhost linux_shell]# netstat -antp

[root@localhost linux_shell]# netstat -an

[root@localhost linux_shell]# netstat -tlun

netstat:查看网络连接状态、路由信息、接口等

  -a:显示所有活动连接

  -n:以IP的形式显示Local Address,避开DNS解析

  -t:查看TCP协议相关信息

  -l:显示监听服务器的sockets

  -p:显示PID和进程名

  -u:显示UDP协议相关信息

3.网络连通测试

[root@localhost linux_shell]# traceroute www.baidu.com

[root@localhost linux_shell]# traceroute 180.101.49.11

traceroute:测试当前主机到目的主机之间经过的网络节点有哪些,跟踪数据包在网络传输的全部路径。默认情况下:数据包大小为40b、使用ICMP协议

  -p:改用UDP协议进行测试,默认端口号33434

  -q 3:指定测试时发送额数据包个数(就是有的行星号*个数为3)

  -n:以IP的形式进行连接测试,避开DNS解析

现在多用于内网、局域网测试和故障排除,因为很多网站禁止被ping,节点后面只显示***

注意:VMware 主机网络采用NAT模式时,无法正常使用traceroute  ~.~

[root@localhost linux_shell]# route        #查看本地主机的路由表
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         gateway         0.0.0.0         UG    0      0        0 ens33
default         gateway         0.0.0.0         UG    100    0        0 ens33
10.0.0.0        0.0.0.0         255.255.255.0   U     100    0        0 ens33
link-local      0.0.0.0         255.255.0.0     U     1002   0        0 ens33
192.168.122.0   0.0.0.0         255.255.255.0   U     0      0        0 virbr0

4.网络地址解析

[root@localhost linux_shell]# ping www.baidu.com
[root@localhost linux_shell]#  ping -c 4 -i 3 180.101.49.11
PING 180.101.49.11 (180.101.49.11) 56(84) bytes of data.
64 bytes from 180.101.49.11: icmp_seq=1 ttl=53 time=22.9 ms
64 bytes from 180.101.49.11: icmp_seq=2 ttl=53 time=23.6 ms
64 bytes from 180.101.49.11: icmp_seq=3 ttl=53 time=24.1 ms
64 bytes from 180.101.49.11: icmp_seq=4 ttl=53 time=24.4 ms

--- 180.101.49.11 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 9014ms
rtt min/avg/max/mdev = 22.911/23.778/24.448/0.606 ms

ping:测试网络连通性

  -i:指定间隔时间

  -s:指定数据包大小,一般默认就好

  -c:指定ping的次数

rtt:round trip time,单位ms,往返时间。  min最小rtt,avg平均rtt,max最大rtt,mdev表示平均偏差(mean deviation)  ~.~

[root@localhost linux_shell]# ping -c 2 -i 2 127.0.0.1
PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data.
PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data.
64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.109 ms
64 bytes from 127.0.0.1: icmp_seq=2 ttl=64 time=0.055 ms

--- 127.0.0.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 0.055/0.082/0.109/0.027 ms

ttl:time to live,单位ms,生存时间。  因为是127.0.0.1是环回地址,所以ttl不会发生变化,一直保持初始值64。ttl的实际值和初始值之差就是两个节点之间的跳数   ~.~

如上个例子中ttl=53,因为64-53=11,所以11就是本地和百度直接的跳数。

5.网络探测扫描

[root@localhost linux_shell]# arp -a       #查看所有连接过的主机的MAC地址,必须要通信过才有记录~
[root@localhost linux_shell]# arp -d 10.0.0.1 #删除某条ARP记录
[root@localhost linux_shell]# yum -y install nmap   #如果主机开启防火墙,则nmap命令啥也找不到

[root@localhost linux_shell]# nmap -sP 10.0.0.0/24  #探测网段内有哪些主机是存活的

[root@localhost linux_shell]# nmap -sT 10.0.0.10    #探测某主机开启了哪些TCP端口
Windows ——> Linux  Xshell、SecureCRT等
Linux ——> Windows  rdesktop命令,但要求Linux安装GUI界面
Linux ——> Linux   ssh命令 

 6.网络接口显示

[root@localhost linux_shell]# ifconfig                  #查看所有网络接口的信息
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.0.0.100  netmask 255.255.255.0  broadcast 10.0.0.255
        inet6 fe80::d6ce:a6cb:20ff:8e21  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:ec:35:3f  txqueuelen 1000  (Ethernet)
        RX packets 269344  bytes 42934932 (40.9 MiB)
        RX errors 0  dropped 153  overruns 0  frame 0
        TX packets 9658  bytes 752230 (734.5 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 286  bytes 29253 (28.5 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 286  bytes 29253 (28.5 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

virbr0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 192.168.122.1  netmask 255.255.255.0  broadcast 192.168.122.255
        ether 52:54:00:48:29:c7  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[root@localhost linux_shell]# ifconfig ens33              #单独查看特定网络接口的信息
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.0.0.100  netmask 255.255.255.0  broadcast 10.0.0.255
        inet6 fe80::d6ce:a6cb:20ff:8e21  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:ec:35:3f  txqueuelen 1000  (Ethernet)
        RX packets 269362  bytes 42936460 (40.9 MiB)
        RX errors 0  dropped 153  overruns 0  frame 0
        TX packets 9658  bytes 752230 (734.5 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

ifconfig:列出当前所有的网络接口

  ens0、eth1  普通网络接口  

  usb0        USB网络接口

  wlan0      无线WLAN

  tun0      隧道

  lo        环回接口   lo即代表localhost

  virbr0       虚拟接口   libvirt服务安装开启后,在服务器(host)上生成一个virtual network switch (virbr0), 服务器(host)上所有的虚拟机 (guest) 通过这个virbr0连接起来

                 默认情况virtual network switch (virbr0) 使用的是NAT模式(采用IP Masquerade),所以这种情况下guest通过host才能访问外部

                 virbr0 默认分配了一个IP 192.168.122.1,并为连接其上的其他虚拟网卡提供 DHCP 服务。

7.显示IP地址和子网掩码:

[root@localhost linux_shell]# ifconfig ens33 | egrep -o "inet [^ ]*" | grep -o "[0-9.]*"
10.0.0.100
[root@localhost linux_shell]# ifconfig ens33 | egrep -o "netmask [^ ]*" | grep -o "[0-9.]*"
255.255.255.0

  [^ ]*表示非空格字符序列

  [0-9.]*表示点分数字序列

8.MAC地址欺骗:

[root@localhost linux_shell]# ifconfig ens33
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.0.0.100  netmask 255.255.255.0  broadcast 10.0.0.255
        inet6 fe80::d6ce:a6cb:20ff:8e21  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:ec:35:3f  txqueuelen 1000  (Ethernet)
        RX packets 275069  bytes 43437888 (41.4 MiB)
        RX errors 0  dropped 153  overruns 0  frame 0
        TX packets 9660  bytes 752371 (734.7 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[root@localhost linux_shell]# ifconfig ens33 hw ether 00:1c:bf:87:25:d5

[root@localhost linux_shell]# ifconfig ens33
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.0.0.100  netmask 255.255.255.0  broadcast 10.0.0.255
        inet6 fe80::d6ce:a6cb:20ff:8e21  prefixlen 64  scopeid 0x20<link>
        ether 00:1c:bf:87:25:d5  txqueuelen 1000  (Ethernet)
        RX packets 275332  bytes 43460741 (41.4 MiB)
        RX errors 0  dropped 156  overruns 0  frame 0
        TX packets 9660  bytes 752371 (734.7 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
00:1c:bf:87:25:d5是新分配的MAC地址,某些运营商配置了MAC地址认证后才能访问Internet的功能,可以进行欺骗。新分配的MAC地址在机器重启后失效  ~.~

 
posted @ 2020-04-19 21:59  3月の狮子  阅读(245)  评论(0编辑  收藏  举报