When the new Linux host completes the network configuration, that is, it can access the network normally, we can carry out network correlation detection through the relevant tools of Linux. For example, the most commonly used ping, netstat, ss, traceroute, ethtool and other related commands. This paper mainly describes the use of these commands, for your reference.
Refer to the following links for the basics of network configuration:
Network and TCP/IP Concise and Fast Foundation
Linux Host Network Access Configuration
Configuring Linux Network Based on ip route Command Set
I. Use of ping command
The ping command sends some data packets to the target host to check whether the target network is reachable. The protocol is based on icmp protocol.
Get help information for ping
# ping -help
Usage: ping [-aAbBdDfhLnOqrRUvV] [-c count] [-i interval] [-I interface]
[-m mark] [-M pmtudisc_option] [-l preload] [-p pattern] [-Q tos]
[-s packetsize] [-S sndbuf] [-t ttl] [-T timestamp_option]
[-w deadline] [-W timeout] [hop1 ...] destination
//Common usage is as follows
ping [options] ip
-c frequency
-w Test execution time
//Use example
###Current environment
# more /etc/redhat-release
CentOS Linux release 7.2.1511 (Core)
###ping local loop
# ping 127.0.0.1 -c 2
PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data.
64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.108 ms
64 bytes from 127.0.0.1: icmp_seq=2 ttl=64 time=0.037 ms
--- 127.0.0.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 0.037/0.072/0.108/0.036 ms
###ping native IP
# ping 192.168.81.144 -c 2
PING 192.168.81.144 (192.168.81.144) 56(84) bytes of data.
64 bytes from 192.168.81.144: icmp_seq=1 ttl=64 time=0.209 ms
64 bytes from 192.168.81.144: icmp_seq=2 ttl=64 time=0.058 ms
--- 192.168.81.144 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 0.058/0.133/0.209/0.076 ms
###ping External Network (URL, validating DNS parsing)
# ping www.baidu.com -w 2
PING www.baidu.com (14.215.177.38) 56(84) bytes of data.
64 bytes from 14.215.177.38: icmp_seq=1 ttl=128 time=5.92 ms
64 bytes from 14.215.177.38: icmp_seq=2 ttl=128 time=6.19 ms
--- www.baidu.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1002ms
rtt min/avg/max/mdev = 5.925/6.057/6.190/0.153 ms
###Specify the size of the ping package
# ping www.baidu.com -s 1024 -c 2
PING www.baidu.com (14.215.177.38) 1024(1052) bytes of data.
1032 bytes from 14.215.177.38: icmp_seq=1 ttl=128 time=6.21 ms
1032 bytes from 14.215.177.38: icmp_seq=2 ttl=128 time=6.47 ms
--- www.baidu.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1002ms
rtt min/avg/max/mdev = 6.218/6.348/6.478/0.130 ms2. Use of traceroute | mtr command
traceroute command
_This command captures the route (gateway) that the current host travels to the target host.
The command measures how long it takes by sending small packets to the destination device until it returns.
The most commonly used usage
traceroute HOST
Get traceroute help
# man traceroute
Use example
###traceroute local host
# traceroute 192.168.1.131
traceroute to 192.168.1.131 (192.168.1.131), 30 hops max, 60 byte packets
1 192.168.81.2 (192.168.81.2) 0.388 ms 0.341 ms 0.134 ms
2 * * *
3 * * * //Later part omitted
###traceroute URL
# traceroute www.baidu.com
traceroute to www.baidu.com (14.215.177.39), 30 hops max, 60 byte packets
1 192.168.81.2 (192.168.81.2) 0.178 ms 0.166 ms 0.179 ms
###The target URL is detected by bypassing the routing table, which indicates that the network is not reachable
# traceroute -r www.baidu.com
traceroute to www.baidu.com (14.215.177.39), 30 hops max, 60 byte packets
connect: Network is unreachablemtr command
_Network Connectivity Judgment Tool, which combines the relevant characteristics of ping, traceroute,nslookup
mtr HOST
Example
### mtr local host
# mtr 192.168.1.131
centos7-a.example.com (0.0.0.0) Wed Sep 6 15:55:39 2017
Keys: Help Display mode Restart statistics Order of fields quit
Packets Pings
Host Loss% Snt Last Avg Best Wrst StDev
1. 192.168.81.2 0.0% 77 0.2 0.3 0.1 1.5 0.1
2. ???
###mtr URL
# mtr www.baidu.com
centos7-a.example.com (0.0.0.0) Wed Sep 6 15:59:29 2017
Keys: Help Display mode Restart statistics Order of fields quit
Packets Pings
Host Loss% Snt Last Avg Best Wrst StDev
1. 192.168.81.2 0.0% 131 0.3 0.3 0.1 6.7 0.6
2. 192.168.1.1 0.0% 131 3.5 1.6 0.8 7.1 0.8
3. 58.61.29.9 0.0% 130 9.3 2.7 1.1 89.3 7.7
4. 14.215.177.39 2.3% 130 11.1 6.2 5.2 14.6 1.53. Use of tracepath command
Used to track and display the route information of a message to the destination host
tracepath [option] hostname
Common Options:
- n for each host node along the way, only get and output IP address
Do not use DNS to find the host name on each IP address node device to speed up testing.
- b displays IP address and host name at the same time for each host node along the way.
- l Packet Length - Sets the initial packet size.
- p port number - Set the UDP transport protocol port (default is 33434).
Example
# tracepath www.baidu.com
1: [LOCALHOST] pmtu 1500
1: 192.168.81.2 0.204ms
1: 192.168.81.2 0.387ms
2: no reply4. Use of netstat command
netstat
_This command is used to display various network-related information, such as network connections, routing tables, interface statistics.
masquerade connections, Multicast Memberships, etc.
Common options
-t: tcp Protocol Connection
-u: udp Links to protocols
-l: Connection of listening state
-a: Connections of all States
-p: Connect related processes
-n: Digital format display
-e: Display additional information
-r: Display the routing table, similar to route or ip route show
//Common combinations:
netstat -tan
netstat -tunlp
netstat -rn
//Example
###List all ports, including monitored and unmonitored
# netstat -a
###List the ports of all tcp protocols
# netstat -t ###Author : Leshami
Active Internet connections (w/o servers) ###Blog : http://blog.csdn.net/leshami
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 96 172.24.8.131:ssh 172.24.8.1:59658 ESTABLISHED
tcp 0 0 172.24.8.131:ssh 172.24.8.1:62097 ESTABLISHED
###Find ports for specific programs to run
# netstat -nltp|grep sshd
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1564/sshd
tcp6 0 0 :::22 :::* LISTEN 1564/sshd
###Finding Programs for Specific Ports
# netstat -nltp|grep 1521
tcp6 0 0 :::1521 :::* LISTEN 3708/tnslsnr
###View local routing information
# netstat -r
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
default 192.168.81.2 0.0.0.0 UG 0 0 0 eno33554960
172.24.8.0 0.0.0.0 255.255.255.0 U 0 0 0 eno16777728
192.168.81.0 0.0.0.0 255.255.255.0 U 0 0 0 eno335549605. Use of ss command
Short for socket state, you can see the status of sockets in the system
For example, display statistics of PACKET sockets, TCP sockets, UDP sockets, DCCP sockets, RAW sockets, Unix domain sockets, etc.
ss is a very practical, fast and effective new tool for tracking IP connections and sockets to replace netstat
Usage:
ss [ OPTIONS ] [ FILTER ]
//Common options
-t: tcp Protocol Connection
-u: udp Links to protocols
-l: Connection of listening state
-a: Connections of all States
-e: Display extended information
-m: Display memory information for socket connections
-p: Process andUDP
-n: Digital format display
-o state (established)
ss -o state established '( dport = :smtp or sport = :smtp )' Display all establishedSMTPConnect
ss -o state established '( dport = :http or sport = :http )' Display all establishedHTTPConnect
ss -x src /tmp/.X11-unix/* Find all connectionsXServer process ###*/
ss -s List current socket detailed information:
//Example
###View connections for all TCP protocols
# ss -ta
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:ssh *:*
LISTEN 0 128 127.0.0.1:ipp *:*
LISTEN 0 100 127.0.0.1:smtp *:*
ESTAB 0 96 172.24.8.131:ssh 172.24.8.1:59658
ESTAB 0 0 172.24.8.131:ssh 172.24.8.1:62097
###View all protocol listeners and list process numbers
# ss -nltup
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
udp UNCONN 0 0 *:44819 *:* users:(("avahi-daemon",pid=888,fd=13))
udp UNCONN 0 0 *:58348 *:* users:(("dhclient",pid=63962,fd=20))
udp UNCONN 0 0 *:68 *:* users:(("dhclient",pid=63962,fd=6))
udp UNCONN 0 0 *:68 *:* users:(("dhclient",pid=37433,fd=6))
udp UNCONN 0 0 *:5353 *:* users:(("avahi-daemon",pid=888,fd=12))
udp UNCONN 0 0 *:5384 *:* users:(("dhclient",pid=37433,fd=20))
udp UNCONN 0 0 :::19332 :::* users:(("dhclient",pid=37433,fd=21))
tcp LISTEN 0 128 *:22 *:* users:("sshd",pid=1564,fd=3))
tcp LISTEN 0 128 127.0.0.1:631 *:* users:(("cupsd",pid=1566,fd=13))
tcp LISTEN 0 100 127.0.0.1:25 *:* users:(("master",pid=2184,fd=13))
tcp LISTEN 0 128 :::22 :::* users:(("sshd",pid=1564,fd=4))
###View all ssh-based connection information
# ss -o state established '( dport = :ssh or sport = :ssh )'
Netid Recv-Q Send-Q Local Address:Port Peer Address:Port
tcp 0 96 172.24.8.131:ssh 172.24.8.1:59658 timer:(on,402ms,0)
tcp 0 0 172.24.8.131:ssh 172.24.8.1:62097 timer:(keepalive,60min,0) 6. ethtool command
Used to obtain configuration information for Ethernet cards, or to modify these configurations
Common usage
ethtool eth0 //Query the basic settings of ethx ports, where x is the number of the corresponding network card, such as eth0, eth1, etc.
ethtool –h //Display ethtool command help
ethtool –i eth0 //Query the relevant information of eth0 gateway
ethtool –d eth0 //Query the registration information of eth0
ethtool –r eth0 //Reset eth0 ports to adaptive mode
ethtool –S eth0 //Query eth0 network port receiving and receiving package statistics
ethtool –s eth0 [speed 10|100|1000] [duplex half|full] [autoneg on|off]
//Setting the rate of network ports 10/100/1000M, setting half/full duplex of network ports, setting whether the network ports are self-negotiating or not
//Example
###View the information of the specified network card
# ethtool eno16777728
Settings for eno16777728:
Supported ports: [ TP ]
Supported link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Full
Supported pause frame use: No
Supports auto-negotiation: Yes
Advertised link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Full
Advertised pause frame use: No
Advertised auto-negotiation: Yes
Speed: 1000Mb/s
Duplex: Full
Port: Twisted Pair
PHYAD: 0
Transceiver: internal
Auto-negotiation: on
MDI-X: off (auto)
Supports Wake-on: d
Wake-on: d
Current message level: 0x00000007 (7)
drv probe link
Link detected: yes
###View the status of receiving module RX, sending module TX and Autogotiate module in network card
# ethtool -a eno16777728
Pause parameters for eno16777728:
Autonegotiate: on
RX: off
TX: off
###Display network card driver information, such as driver name, version, etc.
# ethtool -i eno16777728
driver: e1000
version: 7.3.21-k8-NAPI
firmware-version:
bus-info: 0000:02:00.0
supports-statistics: yes
supports-test: yes
supports-eeprom-access: yes
supports-register-dump: yes
supports-priv-flags: no
###Query Statistical Information of Designated Network Card
# ethtool -S eno16777728
NIC statistics:
rx_packets: 12374
tx_packets: 9145
rx_bytes: 1572275
tx_bytes: 1939008
rx_broadcast: 0
tx_broadcast: 0
rx_multicast: 0
tx_multicast: 0
rx_errors: 0
tx_errors: 0
tx_dropped: 0
multicast: 0
collisions: 0
rx_length_errors: 0
