network troubleshoot
0.命令总结
nslookup host ping netstat traceroute route nmap arp ifconfig dhclient
1.网络信息查看
[root@localhost linux_shell]# yum -y install bind-utils #CentOS_7默认没有nslookup命令,需要安装 [root@localhost linux_shell]# nslookup www.baidu.com #nslookup:域名解析测试命令 Server: 10.0.0.1 #DNS服务器的地址 Address: 10.0.0.1#53 #DNS服务器使用UDP协议,端口为53 Non-authoritative answer: www.baidu.com canonical name = www.a.shifen.com. Name: www.a.shifen.com #一个域名可以对应多个IP地址 Address: 180.101.49.12 Name: www.a.shifen.com Address: 180.101.49.11
nslookup:完成IP地址和域名之间的相互映射。
配置文件:
1.局部:/etc/sysconfig/network-scripts/ifcfg-ens ——> DNS:ip 针对单独网卡,优先级最低
2.全局:/etc/resolv.conf ——> nameserver:ip 针对所有网卡,优先级次高
3.主机:/etc/hosts ——> 静态解析,优先级最高
[root@localhost linux_shell]# host www.baidu.com www.baidu.com is an alias for www.a.shifen.com. www.a.shifen.com has address 180.101.49.11 www.a.shifen.com has address 180.101.49.12
[root@localhost linux_shell]# host www.google.com www.google.com has address 199.59.149.136 www.google.com has IPv6 address 2404:6800:4012:1::2004
[root@localhost linux_shell]# host google.com google.com has address 46.82.174.69 google.com has IPv6 address 2404:6800:4012::200e google.com mail is handled by 30 alt2.aspmx.l.google.com. google.com mail is handled by 10 aspmx.l.google.com. google.com mail is handled by 20 alt1.aspmx.l.google.com. google.com mail is handled by 40 alt3.aspmx.l.google.com. google.com mail is handled by 50 alt4.aspmx.l.google.com.
host:列出某个域名所有的IP地址,测试域名系统工作是否正常。
2.网络节点测试
[root@localhost linux_shell]# netstat -antp [root@localhost linux_shell]# netstat -an [root@localhost linux_shell]# netstat -tlun
netstat:查看网络连接状态、路由信息、接口等
-a:显示所有活动连接
-n:以IP的形式显示Local Address,避开DNS解析
-t:查看TCP协议相关信息
-l:显示监听服务器的sockets
-p:显示PID和进程名
-u:显示UDP协议相关信息
3.网络连通测试
[root@localhost linux_shell]# traceroute www.baidu.com
[root@localhost linux_shell]# traceroute 180.101.49.11
traceroute:测试当前主机到目的主机之间经过的网络节点有哪些,跟踪数据包在网络传输的全部路径。默认情况下:数据包大小为40b、使用ICMP协议
-p:改用UDP协议进行测试,默认端口号33434
-q 3:指定测试时发送额数据包个数(就是有的行星号*个数为3)
-n:以IP的形式进行连接测试,避开DNS解析
现在多用于内网、局域网测试和故障排除,因为很多网站禁止被ping,节点后面只显示***
注意:VMware 主机网络采用NAT模式时,无法正常使用traceroute ~.~
[root@localhost linux_shell]# route #查看本地主机的路由表 Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default gateway 0.0.0.0 UG 0 0 0 ens33 default gateway 0.0.0.0 UG 100 0 0 ens33 10.0.0.0 0.0.0.0 255.255.255.0 U 100 0 0 ens33 link-local 0.0.0.0 255.255.0.0 U 1002 0 0 ens33 192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
4.网络地址解析
[root@localhost linux_shell]# ping www.baidu.com [root@localhost linux_shell]# ping -c 4 -i 3 180.101.49.11 PING 180.101.49.11 (180.101.49.11) 56(84) bytes of data. 64 bytes from 180.101.49.11: icmp_seq=1 ttl=53 time=22.9 ms 64 bytes from 180.101.49.11: icmp_seq=2 ttl=53 time=23.6 ms 64 bytes from 180.101.49.11: icmp_seq=3 ttl=53 time=24.1 ms 64 bytes from 180.101.49.11: icmp_seq=4 ttl=53 time=24.4 ms --- 180.101.49.11 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 9014ms rtt min/avg/max/mdev = 22.911/23.778/24.448/0.606 ms
ping:测试网络连通性
-i:指定间隔时间
-s:指定数据包大小,一般默认就好
-c:指定ping的次数
rtt:round trip time,单位ms,往返时间。 min最小rtt,avg平均rtt,max最大rtt,mdev表示平均偏差(mean deviation) ~.~
[root@localhost linux_shell]# ping -c 2 -i 2 127.0.0.1 PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data. PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data. 64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.109 ms 64 bytes from 127.0.0.1: icmp_seq=2 ttl=64 time=0.055 ms --- 127.0.0.1 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 2000ms rtt min/avg/max/mdev = 0.055/0.082/0.109/0.027 ms
ttl:time to live,单位ms,生存时间。 因为是127.0.0.1是环回地址,所以ttl不会发生变化,一直保持初始值64。ttl的实际值和初始值之差就是两个节点之间的跳数 ~.~
如上个例子中ttl=53,因为64-53=11,所以11就是本地和百度直接的跳数。
5.网络探测扫描
[root@localhost linux_shell]# arp -a #查看所有连接过的主机的MAC地址,必须要通信过才有记录~
[root@localhost linux_shell]# arp -d 10.0.0.1 #删除某条ARP记录
[root@localhost linux_shell]# yum -y install nmap #如果主机开启防火墙,则nmap命令啥也找不到 [root@localhost linux_shell]# nmap -sP 10.0.0.0/24 #探测网段内有哪些主机是存活的 [root@localhost linux_shell]# nmap -sT 10.0.0.10 #探测某主机开启了哪些TCP端口
Windows ——> Linux Xshell、SecureCRT等 Linux ——> Windows rdesktop命令,但要求Linux安装GUI界面 Linux ——> Linux ssh命令
6.网络接口显示
[root@localhost linux_shell]# ifconfig #查看所有网络接口的信息 ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.0.0.100 netmask 255.255.255.0 broadcast 10.0.0.255 inet6 fe80::d6ce:a6cb:20ff:8e21 prefixlen 64 scopeid 0x20<link> ether 00:0c:29:ec:35:3f txqueuelen 1000 (Ethernet) RX packets 269344 bytes 42934932 (40.9 MiB) RX errors 0 dropped 153 overruns 0 frame 0 TX packets 9658 bytes 752230 (734.5 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 1000 (Local Loopback) RX packets 286 bytes 29253 (28.5 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 286 bytes 29253 (28.5 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255 ether 52:54:00:48:29:c7 txqueuelen 1000 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@localhost linux_shell]# ifconfig ens33 #单独查看特定网络接口的信息 ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.0.0.100 netmask 255.255.255.0 broadcast 10.0.0.255 inet6 fe80::d6ce:a6cb:20ff:8e21 prefixlen 64 scopeid 0x20<link> ether 00:0c:29:ec:35:3f txqueuelen 1000 (Ethernet) RX packets 269362 bytes 42936460 (40.9 MiB) RX errors 0 dropped 153 overruns 0 frame 0 TX packets 9658 bytes 752230 (734.5 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ifconfig:列出当前所有的网络接口
ens0、eth1 普通网络接口
usb0 USB网络接口
wlan0 无线WLAN
tun0 隧道
lo 环回接口 lo即代表localhost
virbr0 虚拟接口 libvirt服务安装开启后,在服务器(host)上生成一个virtual network switch (virbr0), 服务器(host)上所有的虚拟机 (guest) 通过这个virbr0连接起来。
默认情况virtual network switch (virbr0) 使用的是NAT模式(采用IP Masquerade),所以这种情况下guest通过host才能访问外部。
virbr0 默认分配了一个IP 192.168.122.1,并为连接其上的其他虚拟网卡提供 DHCP 服务。
7.显示IP地址和子网掩码:
[root@localhost linux_shell]# ifconfig ens33 | egrep -o "inet [^ ]*" | grep -o "[0-9.]*" 10.0.0.100 [root@localhost linux_shell]# ifconfig ens33 | egrep -o "netmask [^ ]*" | grep -o "[0-9.]*" 255.255.255.0
[^ ]*表示非空格字符序列
[0-9.]*表示点分数字序列
8.MAC地址欺骗:
[root@localhost linux_shell]# ifconfig ens33 ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.0.0.100 netmask 255.255.255.0 broadcast 10.0.0.255 inet6 fe80::d6ce:a6cb:20ff:8e21 prefixlen 64 scopeid 0x20<link> ether 00:0c:29:ec:35:3f txqueuelen 1000 (Ethernet) RX packets 275069 bytes 43437888 (41.4 MiB) RX errors 0 dropped 153 overruns 0 frame 0 TX packets 9660 bytes 752371 (734.7 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@localhost linux_shell]# ifconfig ens33 hw ether 00:1c:bf:87:25:d5 [root@localhost linux_shell]# ifconfig ens33 ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.0.0.100 netmask 255.255.255.0 broadcast 10.0.0.255 inet6 fe80::d6ce:a6cb:20ff:8e21 prefixlen 64 scopeid 0x20<link> ether 00:1c:bf:87:25:d5 txqueuelen 1000 (Ethernet) RX packets 275332 bytes 43460741 (41.4 MiB) RX errors 0 dropped 156 overruns 0 frame 0 TX packets 9660 bytes 752371 (734.7 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
00:1c:bf:87:25:d5是新分配的MAC地址,某些运营商配置了MAC地址认证后才能访问Internet的功能,可以进行欺骗。新分配的MAC地址在机器重启后失效 ~.~