目录
一、网络配置
1、NAT和仅主机
NAT(网络地址转换)和仅主机模式为常见的虚拟机网络配置方式。
NAT
⚪虚拟机通过宿主机的NAT功能访问外部网络(如互联网),但外部网络无法直接访问虚拟机(除非配置端口转发)。
⚪虚拟机与宿主机处于不同网段,宿主机充当“路由器”角色,为虚拟机分配私有IP地址,与主机之间双向通信。
⚪虚拟机与外部网络隔离,仅能通过宿主机中转流量,安全性较高。
仅主机
⚪虚拟机仅能与宿主机双向通信,无法访问外部网络(如互联网)。
⚪虚拟机与宿主机处于同一私有网段,通过虚拟交换机(如VMnet1)连接。
⚪ 完全隔离外部网络,安全性最高,适合需要严格网络控制的场景。
2、统一网卡名称
① 持久化配置
#启用并配置统一命名
#rocky8
#rocky9中/etc/sysconfig/network-scripts/ifcfg-ens160已被替换为NetworkManager服务配置网卡文件:
cd /etc/sysconfig/network-scripts/
vim ifcfg-ens160-将文件内的ens160替换成eth0,并修改文件名,将ifcfg-ens160修改为ifcfg-eth0
#ubuntu
grub-mkconfig -o /boot/grub/grub.cfg
cd /etc/netplan
vim 50-cloud-init.yaml-将文件内的ens33替换成eth0
#禁用统一名称
编辑GRUB配置:
vim /etc/default/grub 在 GRUB_CMDLINE_LINUX 行添加 net.ifnames=0
重新生成GRUB配置:rocky
BIOS系统:grub2-mkconfig -o /boot/grub2/grub.cfg
UEFI系统:grub2-mkconfig -o /boot/efi/EFI/rocky/grub.cfg
...
重启
reboot
② 临时修改
[root@ubuntu-152 ~]#ip a s eth1
3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 00:0c:29:e9:68:27 brd ff:ff:ff:ff:ff:ff
altname enp2s5
altname ens37
altname enx000c29e96827
[root@ubuntu-152 ~]#ip link set eth1 down
[root@ubuntu-152 ~]#ip link set eth1 name eth101
[root@ubuntu-152 ~]#ip a
...
3: eth101: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 00:0c:29:e9:68:27 brd ff:ff:ff:ff:ff:ff
altname enp2s5
altname ens37
altname enx000c29e96827
3、网卡配置
将主机接入到网络,需要进行网络配置,每个网卡,都需要有对应的配置文件,才能永久生效。
两种方式:
静态指定:static,写在配置文件中,不会根据环境的改变而发生变化。
动态分配:DHCP,根据动态主机配置协议生成相应的配置
① Red Hat系列网卡
配置文件
网卡配置文件存在于 /etc/sysconfig/network-scripts/ 目录中,以 ifcfg-xxx 的格式来命名。路径是固定的,文件命名规则也是固定的。
[root@rocky8-153 ~]#cat /etc/sysconfig/network-scripts/ifcfg-eth0
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=dhcp
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=eui64
NAME=eth0
UUID=90d3195d-a157-4714-a4e3-923a117e48df
DEVICE=eth0
ONBOOT=yes
添加一块网卡,指定NAT模式
[root@rocky8-153 network-scripts]#cp ifcfg-eth0 ifcfg-eth1
[root@rocky8-153 network-scripts]#vim ifcfg-eth1
#配置
[root@rocky8-153 network-scripts]#cat ifcfg-eth1
TYPE=Ethernet
BOOTPROTO=none
NAME=eth0
DEVICE=eth1 #DEVICE指定该配置文件作用于哪个网卡
ONBOOT=yes
IPADDR=10.0.0.110
PREFIX=24
GATEWAY=10.0.0.2
DNS1=10.0.0.2
DNS2=114.114.114.114
#查看当前网络连接
[root@rocky8-153 network-scripts]#nmcli con
NAME UUID TYPE DEVICE
eth0 90d3195d-a157-4714-a4e3-923a117e48df ethernet eth0
[root@rocky8-153 network-scripts]#ip a
...
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:b4:f4:a3 brd ff:ff:ff:ff:ff:ff
altname enp11s0
altname ens192
#修改了网络配置文件,要重新加载
[root@rocky8-153 network-scripts]#nmcli con reload
#激活连接
[root@rocky8-153 network-scripts]#nmcli con up eth1
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/3)
#再次查看
[root@rocky8-153 network-scripts]# nmcli con
NAME UUID TYPE DEVICE
eth0 90d3195d-a157-4714-a4e3-923a117e48df ethernet eth0
eth1 9c92fad9-6ecb-3e6c-eb4d-8a47c6f50c04 ethernet eth1
[root@rocky8-153 network-scripts]#ip a s eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:b4:f4:a3 brd ff:ff:ff:ff:ff:ff
altname enp11s0
altname ens192
inet 10.0.0.110/24 brd 10.0.0.255 scope global noprefixroute eth1
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:feb4:f4a3/64 scope link
valid_lft forever preferred_lft forever
#测试
[C:\~]$ ping 10.0.0.110
正在 Ping 10.0.0.110 具有 32 字节的数据:
来自 10.0.0.110 的回复: 字节=32 时间<1ms TTL=64
来自 10.0.0.110 的回复: 字节=32 时间=1ms TTL=64
来自 10.0.0.110 的回复: 字节=32 时间<1ms TTL=64
来自 10.0.0.110 的回复: 字节=32 时间<1ms TTL=64
10.0.0.110 的 Ping 统计信息:
数据包: 已发送 = 4,已接收 = 4,丢失 = 0 (0% 丢失),
往返行程的估计时间(以毫秒为单位):
最短 = 0ms,最长 = 1ms,平均 = 0ms
查看DNS
[root@rocky8-153 ~]#cat /etc/resolv.conf
# Generated by NetworkManager
search localdomain
nameserver 10.0.0.2
#新增DNS 114.114.114.114
[root@rocky8-153 ~]#cat /etc/resolv.conf
# Generated by NetworkManager
search localdomain
nameserver 10.0.0.2
nameserver 114.114.114.114查看DNS解析域名
[root@rocky8-153 ~]yum install bind-utils -y
[root@rocky8-153 ~]#host www.baidu.com
www.baidu.com is an alias for www.a.shifen.com.
www.a.shifen.com has address 220.181.111.1
www.a.shifen.com has address 220.181.111.232
www.a.shifen.com has IPv6 address 2408:871a:2100:186c:0:ff:b07e:3fbc
www.a.shifen.com has IPv6 address 2408:871a:2100:1b23:0:ff:b07a:7ebc
[root@rocky8-153 ~]#host www.baidu.com 114.114.114.114
Using domain server:
Name: 114.114.114.114
Address: 114.114.114.114#53
Aliases:
www.baidu.com is an alias for www.a.shifen.com.
www.a.shifen.com has address 220.181.111.232
www.a.shifen.com has address 220.181.111.1
www.a.shifen.com has IPv6 address 240e:83:205:1cd:0:ff:b0b8:dee9
www.a.shifen.com has IPv6 address 240e:83:205:381:0:ff:b00f:96a2
域后缀
[root@rocky8-153 network-scripts]#cat /etc/resolv.conf
# Generated by NetworkManager
search localdomain
nameserver 10.0.0.2
nameserver 114.114.114.114
[root@rocky8-153 network-scripts]#cat ifcfg-eth1
TYPE=Ethernet
BOOTPROTO=none
NAME=eth1
DEVICE=eth1
ONBOOT=yes
IPADDR=10.0.0.110
PREFIX=24
GATEWAY=10.0.0.2
DNS1=10.0.0.2
DNS2=114.114.114.114
DOMAIN=baidu.com
[root@rocky8-153 network-scripts]#nmcli con reload;nmcli con up eth1
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/9)
[root@rocky8-153 network-scripts]#cat /etc/resolv.conf
# Generated by NetworkManager
search localdomain baidu.com
nameserver 10.0.0.2
nameserver 114.114.114.114
#默认补全
[root@rocky8-153 network-scripts]]# ping www
PING www.a.shifen.com (220.181.111.232) 56(84) bytes of data.
64 bytes from 220.181.111.232 (220.181.111.232): icmp_seq=1 ttl=128 time=9.29 ms
添加一块网卡,指定仅主机模式
[root@rocky8-153 network-scripts]#vim ifcfg-eth2
[root@rocky8-153 network-scripts]#cat ifcfg-eth2
TYPE=Ethernet
NAME=eth2
IPADDR=192.168.10.88
PREFIX=24
[root@rocky8-153 network-scripts]#nmcli con reload;nmcli con
NAME UUID TYPE DEVICE
eth2 3a73717e-65ab-93e8-b518-24f5af32dc0d ethernet eth2
eth0 90d3195d-a157-4714-a4e3-923a117e48df ethernet eth0
eth1 9c92fad9-6ecb-3e6c-eb4d-8a47c6f50c04 ethernet eth1
[root@rocky8-153 network-scripts]#ip a s eth2
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:b4:f4:ad brd ff:ff:ff:ff:ff:ff
altname enp19s0
altname ens224
inet 192.168.10.88/24 brd 192.168.10.255 scope global noprefixroute eth2
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:feb4:f4ad/64 scope link
valid_lft forever preferred_lft forever
Centos7中网卡生效方法
#centos7.8版本通用
nmcli connection reload;nmcli connection up con-eth1
#仅centos7支持
systemctl restart network
#centos6
service network restart
后续确认
#ip确认 #路由确认 #DNS确认
ip a route -n cat /etc/resolv.conf
ip a show device ip route
ifconfig
ifconfig device
② Ubuntu系列网卡
配置文件
网卡配置文件存在于 /etc/netplan/ 目录中,以 xxx.yaml 的格式来命名。路径是固定的,文件命名规则也是固定的。
[root@ubuntu-152 ~]#cd /etc/netplan/
[root@ubuntu-152 netplan]#ls
50-cloud-init.yaml
[root@ubuntu-152 netplan]#cat 50-cloud-init.yaml
network:
version: 2
ethernets:
eth0:
dhcp4: true
添加一块网卡,指定NAT模式
[root@ubuntu-152 netplan]#cp eth0.yaml eth1.yaml
[root@ubuntu-152 netplan]#vim eth1.yaml
#配置
[root@ubuntu-152 netplan]#cat eth1.yaml
network:
version: 2
ethernets:
eth1:
#dhcp4: true
addresses: [10.0.0.112/24]
nameservers:
search: [baidu.com]
addresses: [10.0.0.2]
#修改了网络配置文件,立即生效,无需重启
[root@ubuntu-152 netplan]#netplan apply
#查看
[root@ubuntu-152 netplan]#ip a s eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:e9:68:27 brd ff:ff:ff:ff:ff:ff
altname enp2s5
altname ens37
altname enx000c29e96827
inet 10.0.0.112/24 brd 10.0.0.255 scope global eth1
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fee9:6827/64 scope link proto kernel_ll
valid_lft forever preferred_lft forever
#测试
[C:\~]$ ping 10.0.0.112
正在 Ping 10.0.0.112 具有 32 字节的数据:
来自 10.0.0.112 的回复: 字节=32 时间=1ms TTL=64
来自 10.0.0.112 的回复: 字节=32 时间<1ms TTL=64
来自 10.0.0.112 的回复: 字节=32 时间<1ms TTL=64
来自 10.0.0.112 的回复: 字节=32 时间<1ms TTL=64
10.0.0.112 的 Ping 统计信息:
数据包: 已发送 = 4,已接收 = 4,丢失 = 0 (0% 丢失),
往返行程的估计时间(以毫秒为单位):
最短 = 0ms,最长 = 1ms,平均 = 0ms
添加一块网卡,指定仅主机模式
[root@ubuntu-152 netplan]#vim eth2.yaml
[root@ubuntu-152 netplan]#cat eth2.yaml
network:
version: 2
ethernets:
eth2:
#dhcp4: true
addresses:
- 192.168.10.66/24
[root@ubuntu-152 netplan]#netplan apply
[root@ubuntu-152 netplan]#ip a s eth2
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:e9:68:31 brd ff:ff:ff:ff:ff:ff
altname enp2s6
altname ens38
altname enx000c29e96831
inet 192.168.10.66/24 brd 192.168.10.255 scope global eth2
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fee9:6831/64 scope link proto kernel_ll
valid_lft forever preferred_lft forever
查看路由
[root@ubuntu-152 netplan]#route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.0.0.2 0.0.0.0 UG 100 0 0 eth0
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
10.0.0.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0
10.0.0.2 0.0.0.0 255.255.255.255 UH 100 0 0 eth0
192.168.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2
查看DNS
#ubuntu中默认自带DNS
#看不到
[root@ubuntu-152 netplan]#cat /etc/resolv.conf
...
nameserver 127.0.0.53
options edns0 trust-ad
search baidu.com
[root@ubuntu-152 netplan]#resolvectl status
Global
Protocols: -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: stub
Link 2 (eth0)
Current Scopes: DNS
Protocols: +DefaultRoute -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
DNS Servers: 10.0.0.2
Default Route: yes
Link 3 (eth1)
Current Scopes: DNS
Protocols: +DefaultRoute -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 10.0.0.2
DNS Servers: 10.0.0.2 180.76.76.76
DNS Domain: baidu.com
Default Route: yes
Link 4 (eth2)
Current Scopes: none
Protocols: -DefaultRoute -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Default Route: no
Centos网卡配置多个地址-永久有效
[root@rocky8-153 network-scripts]#cat ifcfg-eth1
TYPE=Ethernet
BOOTPROTO=none
NAME=eth1
DEVICE=eth1
ONBOOT=yes
IPADDR=10.0.0.110
PREFIX=24
GATEWAY=10.0.0.2
DNS1=10.0.0.2
DNS2=114.114.114.114
IPADDR2=10.0.0.111
PREFIX2=24
IPADDR3=10.0.0.113
PREFIX3=24
#重新生效
[root@rocky8-153 network-scripts]#nmcli con reload;nmcli con down eth1;nmcli con up eth1
Connection 'eth1' successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/9)
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/11)
[root@rocky8-153 network-scripts]#ip addr s eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:b4:f4:a3 brd ff:ff:ff:ff:ff:ff
altname enp11s0
altname ens192
inet 10.0.0.110/24 brd 10.0.0.255 scope global noprefixroute eth1
valid_lft forever preferred_lft forever
inet 10.0.0.111/24 brd 10.0.0.255 scope global secondary noprefixroute eth1
valid_lft forever preferred_lft forever
inet 10.0.0.113/24 brd 10.0.0.255 scope global secondary noprefixroute eth1
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:feb4:f4a3/64 scope link
valid_lft forever preferred_lft forever
#新增别名文件
[root@rocky8-153 network-scripts]#cp ifcfg-eth1 ifcfg-eth1:1
[root@rocky8-153 network-scripts]#vim ifcfg-eth1:1
[root@rocky8-153 network-scripts]#cat ifcfg-eth1:1
DEVICE=eth1:1
IPADDR=10.0.0.119
PREFIX=24
[root@rocky8-153 network-scripts]#nmcli con reload;nmcli con down eth1;nmcli con up eth1
Connection 'eth1' successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/12)
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/13)
[root@rocky8-153 network-scripts]#ip addr s eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:b4:f4:a3 brd ff:ff:ff:ff:ff:ff
altname enp11s0
altname ens192
inet 10.0.0.110/24 brd 10.0.0.255 scope global noprefixroute eth1
valid_lft forever preferred_lft forever
inet 10.0.0.111/24 brd 10.0.0.255 scope global secondary noprefixroute eth1
valid_lft forever preferred_lft forever
inet 10.0.0.113/24 brd 10.0.0.255 scope global secondary noprefixroute eth1
valid_lft forever preferred_lft forever
inet 10.0.0.119/24 brd 10.0.0.255 scope global secondary noprefixroute eth1:1
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:feb4:f4a3/64 scope link
valid_lft forever preferred_lft foreverubuntu网卡配置多个地址-永久有效
[root@ubuntu-152 ~]#ip addr s eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:e9:68:27 brd ff:ff:ff:ff:ff:ff
altname enp2s5
altname ens37
altname enx000c29e96827
inet 10.0.0.112/24 brd 10.0.0.255 scope global eth1
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fee9:6827/64 scope link proto kernel_ll
valid_lft forever preferred_lft forever
[root@ubuntu-152 ~]#cd /etc/netplan
[root@ubuntu-152 netplan]#ls
eth0.yaml eth1.yaml eth2.yaml
[root@ubuntu-152 netplan]#vim eth1.yaml
[root@ubuntu-152 netplan]#cat eth1.yaml
network:
version: 2
ethernets:
eth1:
#dhcp4: true
addresses: [10.0.0.112/24,10.0.0.55/25,10.0.0.66/24]
nameservers:
search: [baidu.com]
addresses: [10.0.0.2,180.76.76.76]
[root@ubuntu-152 netplan]#netplan apply
[root@ubuntu-152 netplan]#ip addr s eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:e9:68:27 brd ff:ff:ff:ff:ff:ff
altname enp2s5
altname ens37
altname enx000c29e96827
inet 10.0.0.112/24 brd 10.0.0.255 scope global eth1
valid_lft forever preferred_lft forever
inet 10.0.0.55/25 brd 10.0.0.127 scope global eth1
valid_lft forever preferred_lft forever
inet 10.0.0.66/24 brd 10.0.0.255 scope global secondary eth1
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fee9:6827/64 scope link proto kernel_ll
valid_lft forever preferred_lft forever
4、网络配置命令
① 主机名
hostname 临时生效,重启消失
hostname [-b] {hostname|-F file} set host name (from file)
hostname [-a|-A|-d|-f|-i|-I|-s|-y] display formatted name
hostname display host name
#常用选项
-a|--alias #显示别名
-F|--file #从文件中读取
-i|--ip-address #显示IP地址,仅显示能解析的地址
-I|--all-ip-addresses #显示所有IP地址,包含不能被解析的,但不显示IPV6地址,不显示回环地址#显示主机名
[root@ubuntu-152 ~]#hostname
ubuntu-152
#显示别名
[root@ubuntu-152 ~]#hostname -a
#文件读取主机名
[root@ubuntu-152 ~]#echo test >> hn.txt
[root@ubuntu-152 ~]#cat hn.txt
test
[root@ubuntu-152 ~]#hostname -F hn.txt
[root@ubuntu-152 ~]#hostname
test
#显示IP地址,DNS反解主机名
[root@ubuntu-152 ~]#hostname -i
220.181.107.196
#显示所有IPV4地址
[root@ubuntu-152 ~]#hostname -I
10.0.0.152 10.0.0.112 192.168.10.66hostnamectl 写配置文件 /etc/hostname,永久生效
[root@ubuntu-152 ~]#hostnamectl status
Static hostname: ubuntu-152
Transient hostname: test
Icon name: computer-vm
Chassis: vm 🖴
Machine ID: e2bf822941ec4712b321a9de59ea0d71
Boot ID: ceb497e088cd42a69a44b35725c96fa2
Product UUID: 33954d56-4169-3294-d702-1a6a0ce9681d
AF_VSOCK CID: 216623133
Virtualization: vmware
Operating System: Ubuntu 25.04
Kernel: Linux 6.14.0-32-generic
Architecture: x86-64
Hardware Vendor: VMware, Inc.
Hardware Model: VMware Virtual Platform
Hardware Serial: VMware-56 4d 95 33 69 41 94 32-d7 02 1a 6a 0c e9 68 1d
Firmware Version: 6.00
Firmware Date: Thu 2020-11-12
Firmware Age: 4y 10month 2w 4d
[root@test ~]#hostnamectl hostname ubuntu-152
[root@test ~]#cat /etc/hostname
ubuntu-152
[root@test ~]#hostnamectl
Static hostname: ubuntu-152
Icon name: computer-vm
Chassis: vm 🖴
Machine ID: e2bf822941ec4712b321a9de59ea0d71
Boot ID: ceb497e088cd42a69a44b35725c96fa2
Product UUID: 33954d56-4169-3294-d702-1a6a0ce9681d
AF_VSOCK CID: 216623133
Virtualization: vmware
Operating System: Ubuntu 25.04
Kernel: Linux 6.14.0-32-generic
Architecture: x86-64
Hardware Vendor: VMware, Inc.
Hardware Model: VMware Virtual Platform
Hardware Serial: VMware-56 4d 95 33 69 41 94 32-d7 02 1a 6a 0c e9 68 1d
Firmware Version: 6.00
Firmware Date: Thu 2020-11-12
Firmware Age: 4y 10month 2w 4d
② ifconfig命令
网络配置工具,用于查看和配置 Linux 系统中的网络接口信息(如 IP 地址、子网掩码、MAC 地址等),该命令来自net-tools包,建议使用ip代替。
[root@ubuntu-152 ~]#which ifconfig
/usr/sbin/ifconfig[root@ubuntu-152 ~]#dpkg -S /usr/sbin/ifconfig
net-tools: /usr/sbin/ifconfig
ifconfig [-a] [-v] [-s] <interface> [[<AF>] <address>]
[add <address>[/<prefixlen>]]
[del <address>[/<prefixlen>]]
[[-]broadcast [<address>]] [[-]pointopoint [<address>]]
[netmask <address>] [dstaddr <address>] [tunnel <address>]
[outfill <NN>] [keepalive <NN>]
[hw <HW> <address>] [mtu <NN>]
[[-]trailers] [[-]arp] [[-]allmulti]
[multicast] [[-]promisc]
[mem_start <NN>] [io_addr <NN>] [irq <NN>] [media <type>]
[txqueuelen <NN>]
[[-]dynamic]
[up|down] ...
#常用选项
-a #显示所有
-s #以短格式显示
-v #显示详细错误信息
<HW> #硬件类型
#loop|slip|cslip|slip6|cslip6|adaptive|ash|ether|ax25|netrom|rose|tunnel|ppp|hdlc|lapb|arcnet|dlci|frad|sit|fddi|hippi|irda|x25|infiniband|eui64
<AF> #地址类型,协议族
unix|inet|inet6|ax25|netrom|ipx|ddp|ddp
#常用子命令
add #给设备添加IPV6地址
del #删除IPV6地址
netmask #设定子网掩码
dstaddr #设定目标地址
up #启用设备
down #禁用设备
tunnel #建立隧道
hw #指定硬件类型
mtu #指定设备最大传输单元(单位:字节)
arp|-arp #指定设备是否支持ARP协议
allmulti|-allmulti #指定设备是否支持多播
multicast #指定组播
promisc|-promisc #指定设备支持promiscuous模式
broadcast|-broadcast #给设备添加广播地址|删除广播地址
pointtopoint|-pointtopoint #设定点对点通讯协议#查看所有启用的设备
[root@ubuntu-152 ~]#ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.0.152 netmask 255.255.255.0 broadcast 10.0.0.255
inet6 fe80::20c:29ff:fee9:681d prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:e9:68:1d txqueuelen 1000 (Ethernet)
RX packets 7468 bytes 7340991 (7.3 MB) #接收到的数据包相关信息
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 3047 bytes 311221 (311.2 KB) #发送的数据包相关信息
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.0.112 netmask 255.255.255.0 broadcast 10.0.0.255
inet6 fe80::20c:29ff:fee9:6827 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:e9:68:27 txqueuelen 1000 (Ethernet)
RX packets 1976 bytes 165049 (165.0 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1319 bytes 173897 (173.8 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.10.66 netmask 255.255.255.0 broadcast 192.168.10.255
inet6 fe80::20c:29ff:fee9:6831 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:e9:68:31 txqueuelen 1000 (Ethernet)
RX packets 4 bytes 992 (992.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 20 bytes 1496 (1.4 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 150 bytes 16875 (16.8 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 150 bytes 16875 (16.8 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
#查看所有设备,包括禁用的 -a
#禁用设备上无UP RUNNING
[root@ubuntu-152 ~]#ifconfig eth2 down
[root@ubuntu-152 ~]#ifconfig eth1 down
[root@ubuntu-152 ~]#ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.0.152 netmask 255.255.255.0 broadcast 10.0.0.255
inet6 fe80::20c:29ff:fee9:681d prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:e9:68:1d txqueuelen 1000 (Ethernet)
RX packets 7500 bytes 7343592 (7.3 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 3064 bytes 312763 (312.7 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 168 bytes 18162 (18.1 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 168 bytes 18162 (18.1 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@ubuntu-152 ~]#ifconfig -a
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.0.152 netmask 255.255.255.0 broadcast 10.0.0.255
inet6 fe80::20c:29ff:fee9:681d prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:e9:68:1d txqueuelen 1000 (Ethernet)
RX packets 7530 bytes 7345812 (7.3 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 3081 bytes 315223 (315.2 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth1: flags=4098<BROADCAST,MULTICAST> mtu 1500
ether 00:0c:29:e9:68:27 txqueuelen 1000 (Ethernet)
RX packets 2487 bytes 204082 (204.0 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1627 bytes 212062 (212.0 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth2: flags=4098<BROADCAST,MULTICAST> mtu 1500
ether 00:0c:29:e9:68:31 txqueuelen 1000 (Ethernet)
RX packets 4 bytes 992 (992.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 29 bytes 2222 (2.2 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 168 bytes 18162 (18.1 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 168 bytes 18162 (18.1 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
#直接修改设备信息,临时生效
[root@ubuntu-152 ~]#ifconfig eth1 10.0.0.55 netmask 255.255.255.0
[root@ubuntu-152 ~]#ifconfig eth1
eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.0.55 netmask 255.255.255.0 broadcast 10.0.0.255
inet6 fe80::20c:29ff:fee9:6827 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:e9:68:27 txqueuelen 1000 (Ethernet)
RX packets 2659 bytes 216902 (216.9 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1739 bytes 223666 (223.6 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
#清除设备信息,临时有效,0.0.0.0可以写成 0
[root@ubuntu-152 ~]#ifconfig eth2 0.0.0.0
[root@ubuntu-152 ~]#ifconfig eth2
eth2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::20c:29ff:fee9:6831 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:e9:68:31 txqueuelen 1000 (Ethernet)
RX packets 7 bytes 1268 (1.2 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 44 bytes 3368 (3.3 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
#启用禁用
ifconfig eth0 up
ifconfig eth0 down#简介格式显示网络接口信息
[root@ubuntu-152 ~]#ifconfig -s
Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0 1500 7581 0 0 0 3122 0 0 0 BMRU
eth1 1500 2967 0 0 0 1936 0 0 0 BMRU
eth2 1500 8 0 0 0 49 0 0 0 BMRU
lo 65536 168 0 0 0 168 0 0 0 LRU
#字段说明
Iface #网络设备
MTU #该接口设备最大传输单元,单位是字节,就是一个数据包不能超1500字节
RX-OK #收包时成功接收的数据包数量
RX-ERR #收包时出错的数据包的数量
RX-DRP #收包时丢弃的数据包的数量
RX-OVR #收包时由于过速(接收设备收不过来)而丢弃的数据包数量
TX-OK #发包时成功发送的包的数量
TX-ERR #发包时出错的数据包的数量
TX-DRP #发包时被丢弃的数据包的数量
TX-OVR #发包时由于过速而丢弃的数据包的数量
Flg #标志位
#Flg字段说明
B #该设备已经设置了广播地址
L #该设备是一个回环设备
M #该设备能接收所有经过它的数据包,而不论其目的地址是否是它本身(混乱模式)
N #该设备不能被追踪
O #在该设备上禁用ARP
P #这是一个点到点链接
R #当前设备正在运行
U #当前设备处于活动状态③ netstat命令
网络统计工具,用于显示网络连接、路由表、接口统计、伪装连接和多播成员等信息,用于网络故障排查、性能监控和安全审计。同样来自net-tools包。建议使用ss代替。
[root@ubuntu-152 ~]#which netstat
/usr/bin/netstat
[root@ubuntu-152 ~]#dpkg -S /usr/bin/netstat
net-tools: /usr/bin/netstat
netstat [--tcp|-t] [--udp|-u] [--raw|-w] [--listening|-l] [--all|-a] [--numeric|-n] [--extend|-e[--extend|-e]] [--program|-p]
#常用选项
-a #显示所有连接
-A #指定网络类型inet|inet6|unix|ipx|ax25|netrom|econet|ddp|bluetooth
-r|--route #显示路由表
-t|--tcp #显示tcp端口连接
-u|--udp #显示udp端口连接
-w|--raw #raw socket相关
-l|--listening #仅显示处于监听状态的端口
-a|--all #所有数据
-n|--numeric #以数字显示IP和端口
-s|--statistice #显示统计数据
-p|--program #显示相关进程及PID
-x|--unix #同 -A unix
-ip|--inet #同 -A
-I|--interfaces=<Iface> #指定设备
-i #显示接口统计信息
#常用组合
-tan, -uan, -tnl, -unl#数字形式显示路由表
[root@ubuntu-152 ~]#netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 10.0.0.2 0.0.0.0 UG 0 0 0 eth0
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
10.0.0.2 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
192.168.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2
#显示所有连接
[root@ubuntu-152 ~]#netstat
#数字形式显示
[root@ubuntu-152 ~]#netstat -n
#显示所有tcp连接
[root@ubuntu-152 ~]#netstat -t
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 ubuntu-152:ssh 10.0.0.1:59249 ESTABLISHED
tcp 0 52 ubuntu-152:ssh 10.0.0.1:62813 ESTABLISHED
#数字形式显示所有tcp端口连接 - 仅显示已建立连接的
[root@ubuntu-152 ~]#netstat -nt
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 10.0.0.112:22 10.0.0.1:59249 ESTABLISHED
tcp 0 0 10.0.0.152:22 10.0.0.1:62813 ESTABLISHED
#数字形式显示所有tcp、udp连接
[root@ubuntu-152 ~]#netstat -ntua
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 127.0.0.1:6011 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:6010 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.54:53 0.0.0.0:* LISTEN
tcp 0 0 10.0.0.112:22 10.0.0.1:59249 ESTABLISHED
tcp 0 52 10.0.0.152:22 10.0.0.1:62813 ESTABLISHED
tcp6 0 0 ::1:6010 :::* LISTEN
tcp6 0 0 ::1:6011 :::* LISTEN
tcp6 0 0 :::22 :::* LISTEN
udp 0 0 127.0.0.54:53 0.0.0.0:*
udp 0 0 127.0.0.53:53 0.0.0.0:*
udp 0 0 10.0.0.152:68 0.0.0.0:*
#显示监听状态的tcp、udp连接,并显示对应程序及进程id
[root@ubuntu-152 ~]#netstat -nltup
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:6011 0.0.0.0:* LISTEN 2605/sshd-session:
tcp 0 0 127.0.0.1:6010 0.0.0.0:* LISTEN 3320/sshd-session:
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 513/systemd-resolve
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1/init
tcp 0 0 127.0.0.54:53 0.0.0.0:* LISTEN 513/systemd-resolve
tcp6 0 0 ::1:6010 :::* LISTEN 3320/sshd-session:
tcp6 0 0 ::1:6011 :::* LISTEN 2605/sshd-session:
tcp6 0 0 :::22 :::* LISTEN 1/init
udp 0 0 127.0.0.54:53 0.0.0.0:* 513/systemd-resolve
udp 0 0 127.0.0.53:53 0.0.0.0:* 513/systemd-resolve
udp 0 0 10.0.0.152:68 0.0.0.0:* 676/systemd-network
#字段说明
Proto(协议类型)
Recv-Q(接收队列长度):当前接收缓冲区中 尚未被用户进程读取 的数据量(字节)
end-Q(发送队列长度):已发送但 尚未被远程主机确认 的数据量(字节)
Local Address(本地地址和端口):本地主机的 IP 地址和端口号 #监听本地ipv4/6地址的端口
Foreign Address(远程地址和端口):远程主机的 IP 地址和端口号
State(连接状态)
PID/Program name:进程ID和程序
#连接状态
LISTEN:服务端正在监听指定端口,等待客户端连接。
ESTABLISHED:连接已建立,数据可以双向传输。
SYN_SENT:客户端已发送 SYN 包,等待服务端响应。
SYN_RECV:服务端收到 SYN 包,已发送 SYN+ACK,等待客户端确认。
FIN_WAIT1:主动关闭方发送 FIN 包,等待对方确认。
FIN_WAIT2:收到对方 ACK,等待对方发送 FIN 包。
TIME_WAIT:主动关闭方收到 FIN 包并发送 ACK 后,进入等待状态(默认 2MSL)。
CLOSE_WAIT:被动关闭方收到 FIN 包并发送 ACK,等待应用层关闭。
LAST_ACK:被动关闭方发送 FIN 包,等待对方 ACK。
CLOSED:连接完全关闭。#ubuntu中没有 -I 选项
#统计指定网卡数据
[root@rocky8-153 ~]#netstat -Ieth0
Kernel Interface table
Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0 1500 31052 0 0 0 12507 0 0 0 BMRU
[root@rocky8-153 ~]#netstat -I=eth0
Kernel Interface table
Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0 1500 31132 0 0 0 12559 0 0 0 BMRU#显示网络接口统计数据
#统计所有网卡信息
[root@rocky8-153 ~]#netstat -i
Kernel Interface table
Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0 1500 31245 0 0 0 12645 0 0 0 BMRU
eth1 1500 109 0 0 0 122 0 0 0 BMRU
eth2 1500 23 0 0 0 19 0 0 0 BMRU
lo 65536 246 0 0 0 246 0 0 0 LRU
[root@rocky8-153 ~]#ifconfig -s
Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0 1500 31326 0 0 0 12696 0 0 0 BMRU
eth1 1500 109 0 0 0 122 0 0 0 BMRU
eth2 1500 23 0 0 0 19 0 0 0 BMRU
lo 65536 246 0 0 0 246 0 0 0 LRU
[root@rocky8-153 ~]#cat /proc/net/dev
Inter-| Receive | Transmit
face |bytes packets errs drop fifo frame compressed multicast|bytes packets errs drop fifo colls carrier compressed
lo: 20634 246 0 0 0 0 0 0 20634 246 0 0 0 0 0 0
eth0: 37843718 31382 0 0 0 0 0 0 995852 12732 0 0 0 0 0 0
eth1: 17238 109 0 0 0 0 0 0 8676 122 0 0 0 0 0 0
eth2: 4845 23 0 0 0 0 0 0 1342 19 0 0 0 0 0 0
#统计指定信息
netstat -Ieth0
netstat -I=eth0
ifconfig -s eth0
cat /proc/net/dev|grep eth0面试题:如何查看是哪个程序在监听端口?
netstat -ntulp | grep ":port"
ss -ntulp | grep ":port"
lsof -i :port
#lsof 用于列出当前系统中 被进程打开的文件和网络连接,显示网络连接,类似:netstat、ss,用于诊断资源占用(检查文件/端口被哪个进程占用),安全审计(发现可疑进程访问敏感文件或网络)
#常用选项
-i #显示网络连接(类似 netstat) lsof -i :80
-p #指定进程 ID(PID) lsof -p 1234
-c #按进程名过滤 lsof -c apache
-u #按用户名过滤 lsof -u root
-P #禁止将端口号转换为服务名 lsof -i -P
-n #禁止将 IP 转换为主机名 lsof -i -n
-s #显示文件大小或协议状态 lsof -i -s TCP:LISTEN
+D #递归列出目录下被打开的文件 lsof +D /var/log
④ ip命令
来自于iproute包,可代替ifconfig
ip [ OPTIONS ] OBJECT { COMMAND | help }
ip [ -force ] -batch filename
#操作对象
#网络接口(link)、IP 地址(address)、路由表(route)...
OBJECT := {
address|addrlabel|fou|help|ila|ioam|l2tp|link|macsec|maddress|monitor|mptcp|mroute|mrule|neighbor|neighbour|netconf|netns|nexthop|ntable|ntbl|route|rule|sr|tap|tcpmetrics|token|tunnel|tuntap|vrf|xfrm}
#常用选项
OPTIONS := {
-V[ersion]|-s[tatistics]|-d[etails]|-r[esolve]|-h[uman-readable]|-iec|-j[son]|-p[retty]|-f[amily]{inet|inet6|mpls|bridge|link}|-4|-6|-M|-B|-0|-l[oops]{maximumaddr-flushattempts}|-br[ief]|-o[neline]|-t[imestamp]|-ts[hort]|-b[atch][filename]|-rc[vbuf][size]|-n[etns]name|-N[umeric]|-a[ll]|-c[olor]}网络属性配置
#网络接口管理 add #创建虚拟网络接口(如 veth、bridge、vlan) delete #删除虚拟接口 set #修改接口属性(如状态、MAC、MTU) show #显示接口信息(默认动作,可省略) help #显示帮助信息 [root@rocky8-153 ~]#ip link add delete help set show#显示网络接口信息 [root@rocky8-153 ~]#ip link show | ip link | ip l 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000 link/ether 00:0c:29:b4:f4:99 brd ff:ff:ff:ff:ff:ff altname enp3s0 altname ens160 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000 link/ether 00:0c:29:b4:f4:a3 brd ff:ff:ff:ff:ff:ff altname enp11s0 altname ens192 4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000 link/ether 00:0c:29:b4:f4:ad brd ff:ff:ff:ff:ff:ff altname enp19s0 altname ens224 ———————————————————————————————————————————————————————————————————————————————————————— #启用禁用网卡 [root@rocky8-153 ~]#ip link set eth2 down [root@rocky8-153 ~]#ip link show eth2 4: eth2: <BROADCAST,MULTICAST> mtu 1500 qdisc mq state DOWN mode DEFAULT group default qlen 1000 link/ether 00:0c:29:b4:f4:ad brd ff:ff:ff:ff:ff:ff altname enp19s0 altname ens224 [root@rocky8-153 ~]#ip link set eth2 up [root@rocky8-153 ~]#ip link show eth2 4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000 link/ether 00:0c:29:b4:f4:ad brd ff:ff:ff:ff:ff:ff altname enp19s0 altname ens224 ———————————————————————————————————————————————————————————————————————————————————————— #改名 [root@rocky8-153 ~]#ip link set eth2 name test-eth2 RTNETLINK answers: Device or resource busy [root@rocky8-153 ~]#ip link set eth2 down [root@rocky8-153 ~]#ip link set eth2 name test-eth2 [root@rocky8-153 ~]#ip link set eth2 up Cannot find device "eth2" [root@rocky8-153 ~]#ip link set test-eth2 up [root@rocky8-153 ~]#ip link show test-eth2 4: test-eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000 link/ether 00:0c:29:b4:f4:ad brd ff:ff:ff:ff:ff:ff altname enp19s0 altname ens224 ——————————————————————————————————————————————————————————————————————————————————————— #
#IP地址管理 add #添加 IP 地址 del #删除 IP 地址 show #显示 IP 地址(默认动作,可省略) flush #清除接口的所有 IP 地址 help #显示帮助信息 change/replace #修改现有 IP 地址属性(如 valid_lft、preferred_lft) [root@rocky8-153 ~]#ip address add change del flush help replace show#显示所有网络接口IP地址信息 [root@rocky8-153 ~]#ip address show | ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 00:0c:29:b4:f4:99 brd ff:ff:ff:ff:ff:ff altname enp3s0 altname ens160 inet 10.0.0.153/24 brd 10.0.0.255 scope global dynamic noprefixroute eth0 valid_lft 1572sec preferred_lft 1572sec inet6 fe80::20c:29ff:feb4:f499/64 scope link noprefixroute valid_lft forever preferred_lft forever 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 00:0c:29:b4:f4:a3 brd ff:ff:ff:ff:ff:ff altname enp11s0 altname ens192 inet 10.0.0.110/24 brd 10.0.0.255 scope global noprefixroute eth1 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:feb4:f4a3/64 scope link valid_lft forever preferred_lft forever 4: test-eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 00:0c:29:b4:f4:ad brd ff:ff:ff:ff:ff:ff altname enp19s0 altname ens224 inet 192.168.10.88/24 brd 192.168.10.255 scope global noprefixroute test-eth2 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:feb4:f4ad/64 scope link valid_lft forever preferred_lft forever ———————————————————————————————————————————————————————————————————————————————————————— #指定网络接口的IP地址信息 [root@rocky8-153 ~]#ip addr show test-eth2 4: test-eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 00:0c:29:b4:f4:ad brd ff:ff:ff:ff:ff:ff altname enp19s0 altname ens224 inet 192.168.10.88/24 brd 192.168.10.255 scope global noprefixroute test-eth2 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:feb4:f4ad/64 scope link valid_lft forever preferred_lft forever ———————————————————————————————————————————————————————————————————————————————————————— #指定网络接口添加ip地址 [root@rocky8-153 ~]#ip addr add 10.0.0.108/24 dev eth1 [root@rocky8-153 ~]#ip addr show eth1 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 00:0c:29:b4:f4:a3 brd ff:ff:ff:ff:ff:ff altname enp11s0 altname ens192 inet 10.0.0.110/24 brd 10.0.0.255 scope global noprefixroute eth1 valid_lft forever preferred_lft forever inet 10.0.0.108/24 scope global secondary eth1 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:feb4:f4a3/64 scope link valid_lft forever preferred_lft forever [C:\~]$ ping 10.0.0.108 正在 Ping 10.0.0.108 具有 32 字节的数据: 来自 10.0.0.108 的回复: 字节=32 时间<1ms TTL=64 #但是ifconfig只能看到一个IP地址 [root@rocky8-153 ~]#ifconfig eth1 eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.0.0.110 netmask 255.255.255.0 broadcast 10.0.0.255 inet6 fe80::20c:29ff:feb4:f4a3 prefixlen 64 scopeid 0x20<link> ether 00:0c:29:b4:f4:a3 txqueuelen 1000 (Ethernet) RX packets 147 bytes 21558 (21.0 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 123 bytes 8746 (8.5 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 ———————————————————————————————————————————————————————————————————————————————————————— #指定网络接口添加ip地址并添加别名 [root@rocky8-153 ~]#ip addr add 10.0.0.106/24 dev eth1 label test-001 [root@rocky8-153 ~]#ip addr s eth1 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 00:0c:29:b4:f4:a3 brd ff:ff:ff:ff:ff:ff altname enp11s0 altname ens192 inet 10.0.0.110/24 brd 10.0.0.255 scope global noprefixroute eth1 valid_lft forever preferred_lft forever inet 10.0.0.108/24 scope global secondary eth1 valid_lft forever preferred_lft forever inet 10.0.0.106/24 scope global secondary test-001 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:feb4:f4a3/64 scope link valid_lft forever preferred_lft forever [C:\~]$ ping 10.0.0.106 正在 Ping 10.0.0.106 具有 32 字节的数据: 来自 10.0.0.106 的回复: 字节=32 时间<1ms TTL=64 ———————————————————————————————————————————————————————————————————————————————————————— #删除ip [root@rocky8-153 ~]#ip addr del 10.0.0.108/24 dev eth1 [root@rocky8-153 ~]#ip addr s eth1 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 00:0c:29:b4:f4:a3 brd ff:ff:ff:ff:ff:ff altname enp11s0 altname ens192 inet 10.0.0.110/24 brd 10.0.0.255 scope global noprefixroute eth1 valid_lft forever preferred_lft forever inet 10.0.0.106/24 scope global secondary test-001 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:feb4:f4a3/64 scope link valid_lft forever preferred_lft forever [root@rocky8-153 ~]#ip addr del 10.0.0.106/24 dev eth1 label test-001 [root@rocky8-153 ~]#ip addr s eth1 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 00:0c:29:b4:f4:a3 brd ff:ff:ff:ff:ff:ff altname enp11s0 altname ens192 inet 10.0.0.110/24 brd 10.0.0.255 scope global noprefixroute eth1 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:feb4:f4a3/64 scope link valid_lft forever preferred_lft forever ———————————————————————————————————————————————————————————————————————————————————————— #添加ip,30s生命周期 #preferred_lft 30:首选生命周期为 30 秒(首选生命周期,IP 地址的优先使用时间) #valid_lft 30:有效生命周期为 30 秒(有效生命周期) [root@rocky8-153 ~]#ip addr change 10.0.0.99/24 dev eth1 preferred_lft 30 valid_lft 30 [root@rocky8-153 ~]#ip addr s eth1 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 00:0c:29:b4:f4:a3 brd ff:ff:ff:ff:ff:ff altname enp11s0 altname ens192 inet 10.0.0.110/24 brd 10.0.0.255 scope global noprefixroute eth1 valid_lft forever preferred_lft forever inet 10.0.0.99/24 scope global secondary dynamic eth1 valid_lft 25sec preferred_lft 25sec inet6 fe80::20c:29ff:feb4:f4a3/64 scope link valid_lft forever preferred_lft forever [root@rocky8-153 ~]#ip addr s eth1 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 00:0c:29:b4:f4:a3 brd ff:ff:ff:ff:ff:ff altname enp11s0 altname ens192 inet 10.0.0.110/24 brd 10.0.0.255 scope global noprefixroute eth1 valid_lft forever preferred_lft forever inet 10.0.0.99/24 scope global secondary dynamic eth1 valid_lft 15sec preferred_lft 15sec inet6 fe80::20c:29ff:feb4:f4a3/64 scope link valid_lft forever preferred_lft forever #测试 [C:\~]$ ping 10.0.0.99 正在 Ping 10.0.0.99 具有 32 字节的数据: 来自 10.0.0.99 的回复: 字节=32 时间=1ms TTL=64 #30s后 [root@rocky8-153 ~]#ip addr change 10.0s eth1 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 00:0c:29:b4:f4:a3 brd ff:ff:ff:ff:ff:ff altname enp11s0 altname ens192 inet 10.0.0.110/24 brd 10.0.0.255 scope global noprefixroute eth1 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:feb4:f4a3/64 scope link valid_lft forever preferred_lft forever #测试 [C:\~]$ ping 10.0.0.99 正在 Ping 10.0.0.99 具有 32 字节的数据: 请求超时。 ———————————————————————————————————————————————————————————————————————————————————————— #清除网卡上所有ip [root@rocky8-153 ~]#ip addr flush dev eth1 [root@rocky8-153 ~]#ip addr s eth1 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 00:0c:29:b4:f4:a3 brd ff:ff:ff:ff:ff:ff altname enp11s0 altname ens192
#路由表管理 add #添加路由 del #删除路由 show / list #显示路由表(默认动作,可省略) flush #清空路由表 get #查询特定目标的路由 change / replace #修改现有路由 append #在路由表中追加路由(不覆盖已有路由) monitor #实时监控路由变化 help #显示帮助信息 [root@rocky8-153 ~]#ip route add append change del flush get help list monitor replace#添加路由 ip route add TARGET via GW dev IFACE src SOURCE_IP #添加网关 ip route add default via GW dev IFACE #删除路由 ip route del TARGET #显示路由 ip route show|list #清空路由表 ip route flush [dev IFACE] [via PREFIX] #查看路由过程 ip route get IP
⑤ ss命令
用于显示套接字统计信息的实用工具,通常更高效且输出更清晰。ss 可以显示关于 TCP、UDP、RAW 和 UNIX 域套接字的详细信息。
来自于iproute包,代替netstat,netstat 通过遍历 /proc来获取 socket信息,ss 使用 netlink与内核tcp_diag 模块通信获取 socket 信息。
ss [ OPTIONS ] [ FILTER ]
#常用选项
-n|--numeric #不以主机名的格式显示
-r|--resolve #以主机名的形式显示IP
-a|--all #显示所有数据
-l|--listening #仅显示listen状态的连接
-m|--memory #显示连接内存使用情况
-p|--processes #显示对应的进程
-i|--info #显示TCP连接的详细信息
--tipcinfo #显示TIPC连接的详细信息
-s|--summary #显示统计信息
-4|--ipv4 #仅显示IPV4连接数据
-6|--ipv6 #仅显示IPV6连接数据
-0|--packet #仅显示PACKET数据
-t|--tcp #仅显示tcp数据
-M|--mptcp #仅显示mptcp数据
-S|--sctp #仅显示sctp数据
-u|--udp #仅显示udp数据
-d|--dccp #仅显示dccp数据
-w|--raw #仅显示原生套接字数据
-x|--unix #仅显示unix数据
--tipc #仅显示tipc数据
--vsock #仅显示vsock数据
-f|--family=FAMILY #根据类型过滤{inet|inet6|link|unix|netlink|vsock|tipc|xdp|help}
-A|--query=QUERY|--socket=QUERY #根据连接类型过滤{all|inet|tcp|mptcp|udp|raw|unix|unix_dgram|unix_stream|unix_seqpacket|packet|netlink|vsock_stream|vsock_dgram|tipc}[,QUERY]
#常用组合
-tan, -uan, -tnl, -un#以IP的格式显示所有连接数据
[root@ubuntu ~]# ss -n
#显示所有TCP连接 - 正处于连接状态
[root@ubuntu ~]# ss -tn
#显示所有TCP连接
[root@ubuntu ~]# ss -tan
#显示所有处于监听状态的TCP,UDP连接,并显示程序和进程ID
[root@ubuntu ~]# ss -tunlp
#同上,并显示统计信息
[root@ubuntu ~]# ss -tunlps⑥ 网络配置工具 nmcli
nmcli是 Linux 系统中 NetworkManager 的命令行工具,用于管理网络连接,如:查看网络状态、启用/禁用连接、配置静态 IP/DHCP/DNS、管理 Wi-Fi/VPN,修改配网络配置实时生效配置无需重启服务。它功能强大,可以替代图形化工具(如 nmtui)或直接编辑配置文件。
nmcli [OPTIONS] OBJECT { COMMAND | help }
#常用选项
-a|--ask #询问
-c|--colors #输出时是否显示颜色 auto|yes|no
-e|--escape #是否转义分隔符 yes|no
-f|--fields #指定输出列 <field,...>|all|common
-m|--mode #显示模式 tabular|multiline
-o|--overview #预览模式输出
-p|--pretty #完美格式输出
-t|--terse #简洁格式输出
-v|--version #显示版本信息
-h|--help #显示帮助
#OBJECT
g[eneral] #一般状态管理
n[etworking] #整体网络管理
r[adio] #网络连接切换
c[onnection] #网络连接管理
d[evice] #网络设备管理
a[gent] #网络中的代理
m[onitor] #网络中的流量数据监测#查看所有网络连接
nmcli con
nmcli con show
#查看active状态的连接
nmcli con show --active
#查看网络设备状态
nmcli device status
#显示网络接口属性
nmcli dev show eth1
#删除链接
nmcli con del eth1
#启用禁用
nmcli con up con-eth1
nmcli con down con-eth1
#刷新
nmcli connection reload#nmcli con add con-name <名称> type <类型> ifname <接口> [其他可选参数]
#新增,从dhcp获取ip地址
[root@rocky8-153 network-scripts]#ip addr s eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:b4:f4:a3 brd ff:ff:ff:ff:ff:ff
altname enp11s0
altname ens192
inet 10.0.0.110/24 brd 10.0.0.255 scope global noprefixroute eth1
valid_lft forever preferred_lft forever
inet 10.0.0.111/24 brd 10.0.0.255 scope global secondary noprefixroute eth1
valid_lft forever preferred_lft forever
inet 10.0.0.113/24 brd 10.0.0.255 scope global secondary noprefixroute eth1
valid_lft forever preferred_lft forever
inet 10.0.0.119/24 brd 10.0.0.255 scope global secondary noprefixroute eth1:1
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:feb4:f4a3/64 scope link
valid_lft forever preferred_lft forever
[root@rocky8-153 network-scripts]#nmcli con del eth1
Connection 'eth1' (9c92fad9-6ecb-3e6c-eb4d-8a47c6f50c04) successfully deleted.
[root@rocky8-153 network-scripts]#nmcli con
NAME UUID TYPE DEVICE
eth0 90d3195d-a157-4714-a4e3-923a117e48df ethernet eth0
eth2 20122f1e-d740-4018-abb5-31776651c1ea ethernet eth2
[root@rocky8-153 network-scripts]#ls
ifcfg-eth0 ifcfg-eth2
[root@rocky8-153 network-scripts]#nmcli con add con-name eth1 type ethernet ifname eth1
Connection 'eth1' (718b47cc-ffa4-41f5-a193-c67a7ea59468) successfully added.
[root@rocky8-153 network-scripts]#nmcli con
NAME UUID TYPE DEVICE
eth0 90d3195d-a157-4714-a4e3-923a117e48df ethernet eth0
eth1 718b47cc-ffa4-41f5-a193-c67a7ea59468 ethernet eth1
eth2 20122f1e-d740-4018-abb5-31776651c1ea ethernet eth2
[root@rocky8-153 network-scripts]#ls
ifcfg-eth0 ifcfg-eth1 ifcfg-eth2
[root@rocky8-153 network-scripts]#vim ifcfg-eth1
[root@rocky8-153 network-scripts]#cat ifcfg-eth1
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=dhcp
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=default
NAME=eth1
UUID=718b47cc-ffa4-41f5-a193-c67a7ea59468
DEVICE=eth1
ONBOOT=yes
[root@rocky8-153 network-scripts]#ip addr s eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:b4:f4:a3 brd ff:ff:ff:ff:ff:ff
altname enp11s0
altname ens192
inet 10.0.0.155/24 brd 10.0.0.255 scope global dynamic noprefixroute eth1
valid_lft 1721sec preferred_lft 1721sec
inet6 fe80::80d8:1444:da5:b134/64 scope link noprefixroute
valid_lft forever preferred_lft forever
————————————————————————————————————————————————————————————————————————————————————————
#新增,静态地址
[root@rocky8-153 network-scripts]#nmcli con del eth1
Connection 'eth1' (718b47cc-ffa4-41f5-a193-c67a7ea59468) successfully deleted.
[root@rocky8-153 network-scripts]#nmcli con add con-name eth1 ipv4.addresses 10.0.0.120/24 ipv4.method manual type ethernet ifnam
Connection 'eth1' (73b6a6a7-000e-4e86-b386-84ff43ca3373) successfully added.
[root@rocky8-153 network-scripts]#ls
ifcfg-eth0 ifcfg-eth1 ifcfg-eth2
[root@rocky8-153 network-scripts]#cat ifcfg-eth1
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=none
IPADDR=10.0.0.120
PREFIX=24
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=default
NAME=eth1
UUID=73b6a6a7-000e-4e86-b386-84ff43ca3373
DEVICE=eth1
ONBOOT=yes
[root@rocky8-153 network-scripts]#nmcli con
NAME UUID TYPE DEVICE
eth0 90d3195d-a157-4714-a4e3-923a117e48df ethernet eth0
eth1 73b6a6a7-000e-4e86-b386-84ff43ca3373 ethernet eth1
eth2 20122f1e-d740-4018-abb5-31776651c1ea ethernet eth2
[root@rocky8-153 network-scripts]#nmcli con reload;nmcli con up eth1
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/18)
[root@rocky8-153 network-scripts]#ip addr s eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:b4:f4:a3 brd ff:ff:ff:ff:ff:ff
altname enp11s0
altname ens192
inet 10.0.0.120/24 brd 10.0.0.255 scope global noprefixroute eth1
valid_lft forever preferred_lft forever
inet6 fe80::a1bd:edb4:71a7:603a/64 scope link noprefixroute
valid_lft forever preferred_lft forever
————————————————————————————————————————————————————————————————————————————————————————
#同一设备新增配置
#nmcli con mod con-eth1 +ipv4.addresses 10.0.0.119/24
#nmcli con mod con-eth1 +ipv4.dns 8.8.8.8
[root@rocky8-153 network-scripts]#nmcli con mod eth1 +ipv4.addresse 10.0.0.119/24
[root@rocky8-153 network-scripts]#nmcli con reload;nmcli con up eth1
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/19)
[root@rocky8-153 network-scripts]#ip addr s eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:b4:f4:a3 brd ff:ff:ff:ff:ff:ff
altname enp11s0
altname ens192
inet 10.0.0.120/24 brd 10.0.0.255 scope global noprefixroute eth1
valid_lft forever preferred_lft forever
inet 10.0.0.119/24 brd 10.0.0.255 scope global secondary noprefixroute eth1
valid_lft forever preferred_lft forever
inet6 fe80::a1bd:edb4:71a7:603a/64 scope link noprefixroute
valid_lft forever preferred_lft forever
————————————————————————————————————————————————————————————————————————————————————————
#同一设备删除配置
#nmcli con mod con-eth1 -ipv4.addresses 10.0.0.119/24
#nmcli con mod con-eth1 -ipv4.dns 8.8.8.8
[root@rocky8-153 network-scripts]#nmcli con mod eth1 -ipv4.addresse 10.0.0.119/24
[root@rocky8-153 network-scripts]#nmcli con reload;nmcli con up eth1
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/20)
[root@rocky8-153 network-scripts]#ip addr s eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:b4:f4:a3 brd ff:ff:ff:ff:ff:ff
altname enp11s0
altname ens192
inet 10.0.0.120/24 brd 10.0.0.255 scope global noprefixroute eth1
valid_lft forever preferred_lft forever
inet6 fe80::a1bd:edb4:71a7:603a/64 scope link noprefixroute
valid_lft forever preferred_lft forever
————————————————————————————————————————————————————————————————————————————————————————
#同一设备修改配置
#nmcli con mod con-eth1 connection.autoconnect no
#nmcli con mod con-eth1 ipv4.addresses 10.0.0.119/24
#nmcli con mod con-eth1 ipv4.dns 8.8.8.8
[root@rocky8-153 network-scripts]#nmcli con mod eth1 ipv4.addresse 10.0.0.108/24
[root@rocky8-153 network-scripts]#vim ifcfg-eth1
[root@rocky8-153 network-scripts]#cat ifcfg-eth1
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=none
IPADDR=10.0.0.108
PREFIX=24
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=default
NAME=eth1
UUID=73b6a6a7-000e-4e86-b386-84ff43ca3373
DEVICE=eth1
ONBOOT=yes一块网卡可以有多套配置,然后写在不同的配置文件,在不同的环境下进行切换:
[root@rocky8-153 network-scripts]#nmcli con add con-name eth-001 ipv4.addresses 10.0.0.54/24 ipv4.method manual type ethernet ifname eth1 Connection 'eth-001' (dfdf2d2d-0ae3-4a18-b6b8-afc90675b990) successfully added. [root@rocky8-153 network-scripts]#ls ifcfg-eth0 ifcfg-eth-001 ifcfg-eth2 [root@rocky8-153 network-scripts]#nmcli con add con-name eth-002 ipv4.addresses 10.0.0.55/24 ipv4.method manual type ethernet ifname eth1 Connection 'eth-002' (512a9eaa-d2cf-45ff-8545-597e0f09208d) successfully added. [root@rocky8-153 network-scripts]#ls ifcfg-eth0 ifcfg-eth-001 ifcfg-eth2 [root@rocky8-153 network-scripts]#nmcli con reload;nmcli con NAME UUID TYPE DEVICE eth0 90d3195d-a157-4714-a4e3-923a117e48df ethernet eth0 eth-001 dfdf2d2d-0ae3-4a18-b6b8-afc90675b990 ethernet eth1 eth2 20122f1e-d740-4018-abb5-31776651c1ea ethernet eth2 eth-002 512a9eaa-d2cf-45ff-8545-597e0f09208d ethernet -- [root@rocky8-153 network-scripts]#nmcli con up eth-001 Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/22) [root@rocky8-153 network-scripts]#ip addr s eth1 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 00:0c:29:b4:f4:a3 brd ff:ff:ff:ff:ff:ff altname enp11s0 altname ens192 inet 10.0.0.54/24 brd 10.0.0.255 scope global noprefixroute eth1 valid_lft forever preferred_lft forever inet6 fe80::d73d:1197:5ef9:a7d8/64 scope link noprefixroute valid_lft forever preferred_lft forever [root@rocky8-153 network-scripts]#nmcli con down eth-001 Connection 'eth-001' successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/22) [root@rocky8-153 network-scripts]#nmcli con up eth-002 Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/24) [root@rocky8-153 network-scripts]#nmcli con NAME UUID TYPE DEVICE eth0 90d3195d-a157-4714-a4e3-923a117e48df ethernet eth0 eth-002 512a9eaa-d2cf-45ff-8545-597e0f09208d ethernet eth1 eth2 20122f1e-d740-4018-abb5-31776651c1ea ethernet eth2 [root@rocky8-153 network-scripts]#ip a s eth1 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 00:0c:29:b4:f4:a3 brd ff:ff:ff:ff:ff:ff altname enp11s0 altname ens192 inet 10.0.0.55/24 brd 10.0.0.255 scope global noprefixroute eth1 valid_lft forever preferred_lft forever inet6 fe80::88b6:e777:506:295f/64 scope link noprefixroute valid_lft forever preferred_lft forever
命令中的配置项和配置文件中的配置项对应关系
在ubuntu中使用nmcli
[root@ubuntu-152 ~]#apt install network-manager
[root@ubuntu-152 ~]#vim /etc/NetworkManager/NetworkManager.conf
#修改managed=true
[root@ubuntu-152 netplan]#cat /etc/NetworkManager/NetworkManager.conf
...
[ifupdown]
managed=true
...
[root@ubuntu-152 ~]#systemctl restart NetworkManager.service
[root@ubuntu-152 netplan]#vim eth1.yaml
[root@ubuntu-152 netplan]#cat eth1.yaml
network:
version: 2
renderer: NetworkManager #添加nmc
ethernets:
eth1:
#dhcp4: true
addresses: [10.0.0.112/24,10.0.0.55/25,10.0.0.66/24]
nameservers:
search: [baidu.com]
addresses: [10.0.0.2,180.76.76.76]
[root@ubuntu-152 netplan]#netplan apply
[root@ubuntu-152 netplan]#nmcli con
NAME UUID TYPE DEVICE
netplan-eth0 626dd384-8b3d-3690-9511-192b2c79b3fd ethernet eth0
netplan-eth1 8bf25856-ca0b-388e-823c-b898666ab9d2 ethernet eth1
netplan-eth2 e4f315ef-c9bc-3458-827e-dbff93a2bac6 ethernet eth2
lo ed306e4f-043f-4fd3-b65d-10033cc3e30c loopback lo
⑦ route命令
该命令来自于net-tools包,建议使用 ip 代替
route [-CFvnNee] [-A family |-4|-6]
route [-v] [-A family |-4|-6] add [-net|-host] target [netmask Nm] [gw Gw] [metric N] [mss M] [window W] [irtt I] [reject] [mod] [dyn] [reinstate] [[dev] If]
route [-v] [-A family |-4|-6] del [-net|-host] target [gw Gw] [netmask Nm] [metric M] [[dev] If]
route [-V] [--version] [-h] [--help]
#常用选项
-v|--verbose #显示详细信息
-n|--numeric #以IP格式显示,而不是以主机名显示
-e|--extend #显示扩展字段
-F|--fib #显示转发信息
-C|--cache #显示路由缓存
-V|--version #显示版本信息
-h|--help #显示帮助信息
-f #清除网关入口处路由表
-net #目标是一个网络
-host #目标是一个主机
#常用子命令
add
del
flush
netmask
gw
metric
Destination
Gateway#查看路由表
[root@rocky8-153 ~]#route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default _gateway 0.0.0.0 UG 100 0 0 eth0
10.0.0.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0
#查看路由表,以IP格式显示
[root@rocky8-153 ~]#route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.0.0.2 0.0.0.0 UG 100 0 0 eth0
10.0.0.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0
路由表字段
#添加路由
#route add [-net|-host|default] <目标网络或主机> netmask <子网掩码> gw <网关> [dev <接口>]
#目标:192.168.1.3 网关:172.16.0.1
route add -host 192.168.1.3 gw 172.16.0.1 dev eth0
#目标:192.168.0.0 网关:172.16.0.1
route add -net 192.168.0.0 netmask 255.255.255.0 gw 172.16.0.1 dev eth0
route add -net 192.168.0.0/24 gw 172.16.0.1 dev eth0
route add -net 192.168.8.0/24 dev eth1 metric 200
#默认路由,网关:172.16.0.1
route add -net 0.0.0.0 netmask 0.0.0.0 gw 172.16.0.1
route add -net 0.0.0.0/0 gw 172.16.0.1
route add default gw 172.16.0.1
#删除
#route del [-net|-host] target [gw Gw] [netmask Nm] [[dev] If]
#目标:192.168.1.3 网关:172.16.0.1
route del -host 192.168.1.3
#目标:192.168.0.0 网关:172.16.0.1
route del -net 192.168.0.0 netmask 255.255.255.0
———————————————————————————————————————————————————————————————————————————————————————————
ip route命令
#添加
ip route add 20.0.0.0/24 dev eth0 via 10.0.0.123
#查看
ip route
ip route show
#删除
ip route del 20.0.0.0/24 dev eth0 via 10.0.0.1235、网络配置文件(浅)
① 网络基本配置文件
Centos系列:
/etc/sysconfig/network-scripts/ifcfg-xxx
Ubuntu系列:
/etc/netplan/*.yaml
② 配置当前主机的主机名
Centos 6前:
/etc/sysconfig/network
Centos 7后:
/etc/hostname
#默认没有此文件,通过DNS反向解析获取主机名,主机名默认为:localhost.localdomain
#删除文件/etc/hostname,恢复主机名localhost.localdomain
Ubuntu:
/etc/hostname
③ 本地主机名和IP地址的映射
本地主机名和IP地址的映射通过 /etc/hosts 文件实现,以静态条目形式将主机名(如example.com)关联到对应的本地或网络IP地址(如127.0.0.1),用于本地解析和测试环境。
④ DNS域名解析
DNS域名解析是将用户输入的域名通过层级查询转换为服务器IP地址的过程,依赖本地缓存、递归服务器与根/顶级域权威服务器的协作完成。
该文件内容根据网卡设备自动生成 /etc/reslov.conff,没有DNS,将无法ping通域名
6、网卡别名
将多个IP地址绑定到一个MAC上,每个IP绑定到独立逻辑网卡,即网络别名,命名格式: ethX:Y,如:eth0:1 、eth0:2、eth0:3。
[root@rocky8-153 network-scripts]#cat ifcfg-eth1
TYPE=Ethernet
BOOTPROTO=none
NAME=eth1
DEVICE=eth1
IPADDR=10.0.0.110
PREFIX=24
[root@rocky8-153 network-scripts]#cat ifcfg-eth1:1
DEVICE=eth1:1
IPADDR=10.0.0.123
PREFIX=24
[root@rocky8-153 network-scripts]#nmcli con reload;nmcli con down eth1;nmcli con up eth1
Connection 'eth1' successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/25)
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/26)
[root@rocky8-153 network-scripts]#ip a s eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:b4:f4:a3 brd ff:ff:ff:ff:ff:ff
altname enp11s0
altname ens192
inet 10.0.0.110/24 brd 10.0.0.255 scope global noprefixroute eth1
valid_lft forever preferred_lft forever
inet 10.0.0.123/24 brd 10.0.0.255 scope global secondary noprefixroute eth1:1
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:feb4:f4a3/64 scope link
valid_lft forever preferred_lft forever7、多网卡
Bonding 聚合链路工作模式
Mode 0 (balance-rr)
采用轮询策略,按包顺序交替通过各物理接口发送数据,实现带宽叠加与容错。但同一连接的数据包可能因路径不同导致乱序,需重传降低吞吐量,且依赖交换机端口绑定。适用于对带宽需求高、容忍短暂乱序的场景(如内部非关键业务)。
Mode 1 (active-backup)
主备模式,仅一个接口活跃,其余备份,故障时自动切换。提供高可用性但资源利用率低(N接口仅1工作),无负载均衡。适用于对冗余要求极高、带宽需求低的场景(如关键服务单链路备份)。
Mode 2 (balance-xor)
基于源/目的MAC、IP、端口哈希决定路径,实现负载均衡与容错。但流量可能集中于单一路径(如单网关环境),需交换机配置端口聚合。适用于需要哈希均衡且网络拓扑复杂的场景(如多对端通信)。
Mode 3 (broadcast)
所有数据包复制后通过所有接口发送,提供极致容错性但浪费带宽。适用于金融等对可靠性要求严苛、允许带宽冗余的场景(如交易系统零中断需求)。
Mode 4 (802.3ad)
动态链路聚合,通过LACP协议自动协商链路状态,支持哈希负载均衡与容错。定期发送LACPDU维护链路质量,需交换机支持LACP。适用于企业级环境,兼顾带宽与可靠性(如数据中心核心链路)。
Mode 5 (balance-tlb)
自适应传输负载均衡,根据接口负载分配发送流量,接收流量固定于当前活动接口。无需交换机支持,但接收端无均衡。适用于发送端高负载、接收端无特殊要求的场景(如单向数据流应用)。
Mode 6 (balance-alb)
在Mode 5基础上增加接收负载均衡,通过ARP协商动态分配流量,无需交换机支持。但可能因ARP更新导致短暂不均衡,且带宽分配不均(先占满主接口)。适用于中小型网络中需要双向负载均衡的场景(如一般企业办公网)。
#说明:
常用的模式为 0,1,3,6
mode 1、5、6 不需要交换机设置
mode 0、2、3、4需要交换机设置,而且不同类型的交换机设置的时候会有不一样,如Cisco交换机需要在0,2,3模式中使用 EtherChannel,在4模式中需要使用 LACP和EtherChannel
① Rocky实现
添加两块仅主机网卡
[root@rocky8-153 network-scripts]#ip a s
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:b4:f4:99 brd ff:ff:ff:ff:ff:ff
altname enp3s0
altname ens160
inet 10.0.0.153/24 brd 10.0.0.255 scope global dynamic noprefixroute eth0
valid_lft 1141sec preferred_lft 1141sec
inet6 fe80::20c:29ff:feb4:f499/64 scope link noprefixroute
valid_lft forever preferred_lft forever
5: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:b4:f4:c1 brd ff:ff:ff:ff:ff:ff
altname enp27s0
altname ens256
6: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:b4:f4:b7 brd ff:ff:ff:ff:ff:ff
altname enp4s0
altname ens161
[root@rocky8-153 network-scripts]#nmcli con
NAME UUID TYPE DEVICE
eth0 90d3195d-a157-4714-a4e3-923a117e48df ethernet eth0
修改配置文件实现
#bond配置文件
[root@rocky8-153 network-scripts]#vim ifcfg-bond0
[root@rocky8-153 network-scripts]#cat ifcfg-bond0
NAME=bond0
TYPE=bond
DEVICE=bond0
BOOTPROTO=none
IPADDR=192.168.10.100
PREFIX=24
BONDING_OPTS="mode=1 miimon=100 fail_over_mac=1" #绑定参数
#mode=1主备模式 miimon表示每100ms检测心链路状态
#网卡配置
[root@rocky8-153 network-scripts]#cat ifcfg-eth1
NAME=eth1
DEVICE=eth1
BOOTPROTO=none
MASTER=bond0 #指定主绑定接口名称
SLAVE=yes #声明此接口为从属设备
ONBOOT=yes
[root@rocky8-153 network-scripts]#cat ifcfg-eth2
NAME=eth2
DEVICE=eth2
BOOTPROTO=none
MASTER=bond0
SLAVE=yes
ONBOOT=yes
[root@rocky8-153 network-scripts]#nmcli con reload;nmcli con
NAME UUID TYPE DEVICE
eth0 90d3195d-a157-4714-a4e3-923a117e48df ethernet eth0
bond0 ad33d8b0-1f7b-cab9-9447-ba07f855b143 bond bond0
eth1 9c92fad9-6ecb-3e6c-eb4d-8a47c6f50c04 ethernet eth1
eth2 3a73717e-65ab-93e8-b518-24f5af32dc0d ethernet eth2
#查看
[root@rocky8-153 network-scripts]#ip a s
...
5: eth1: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc mq master bond0 state UP group default qlen 1000
link/ether 00:0c:29:b4:f4:c1 brd ff:ff:ff:ff:ff:ff
altname enp27s0
altname ens256
6: eth2: <NO-CARRIER,BROADCAST,MULTICAST,SLAVE,UP> mtu 1500 qdisc mq master bond0 state DOWN group default qlen 1000
link/ether 00:0c:29:b4:f4:b7 brd ff:ff:ff:ff:ff:ff
altname enp4s0
altname ens161
7: bond0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 00:0c:29:b4:f4:c1 brd ff:ff:ff:ff:ff:ff
inet 192.168.10.100/24 brd 192.168.10.255 scope global noprefixroute bond0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:feb4:f4c1/64 scope link
valid_lft forever preferred_lft forever
#查看网络绑定接口bond0状态信息
[root@rocky8-153 network-scripts]#cat /proc/net/bonding/bond0
Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011)
Bonding Mode: fault-tolerance (active-backup) (fail_over_mac active) #绑定模式(主备)
Primary Slave: None
Currently Active Slave: eth1 #当前活动的从属接口
MII Status: up #绑定接口整体状态
MII Polling Interval (ms): 100 #链路检测间隔
Up Delay (ms): 0
Down Delay (ms): 0
Peer Notification Delay (ms): 0
Slave Interface: eth1 #从属接口1
MII Status: up #接口链路状态
Speed: 10000 Mbps #速率
Duplex: full #双工模式
Link Failure Count: 1 #连链路故障次数
Permanent HW addr: 00:0c:29:b4:f4:c1 #硬件地址
Slave queue ID: 0
Slave Interface: eth2
MII Status: up
Speed: 10000 Mbps
Duplex: full
Link Failure Count: 2
Permanent HW addr: 00:0c:29:b4:f4:b7
Slave queue ID: 0
查看
#实时监控网络接口流量和状态
[root@rocky8-153 network-scripts]#watch -n 1 netstat -i
Every 1.0s: netstat -i rocky8-153: Thu Oct 2 11:25:15 2025
Kernel Interface table
Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
bond0 1500 368 0 0 0 400 0 0 0 BMmRU
eth0 1500 2627 0 0 0 2024 0 0 0 BMRU
eth1 1500 305 0 0 0 328 0 0 0 BMsRU
eth2 1500 59 0 0 0 59 0 0 0 BMsU
lo 65536 216 0 0 0 216 0 0 0 LRU
#测试
C:\Users\HhAosocool>ping 192.168.10.100 -t
正在 Ping 192.168.10.100 具有 32 字节的数据:
来自 192.168.10.100 的回复: 字节=32 时间<1ms TTL=64
来自 192.168.10.100 的回复: 字节=32 时间<1ms TTL=64
...
#断开一块网卡查看,另一块网卡工作
[root@rocky8-153 network-scripts]#cat /proc/net/bonding/bond0
Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011)
Bonding Mode: fault-tolerance (active-backup) (fail_over_mac active)
Primary Slave: None
Currently Active Slave: eth2
MII Status: up
MII Polling Interval (ms): 100
Up Delay (ms): 0
Down Delay (ms): 0
Peer Notification Delay (ms): 0
Slave Interface: eth1
MII Status: down
Speed: Unknown
Duplex: Unknown
Link Failure Count: 2
Permanent HW addr: 00:0c:29:b4:f4:c1
Slave queue ID: 0
Slave Interface: eth2
MII Status: up
Speed: 10000 Mbps
Duplex: full
Link Failure Count: 2
Permanent HW addr: 00:0c:29:b4:f4:b7
Slave queue ID: 0
#网卡再次上线,bond不会改变,因为切换网卡可能会引起网络震荡
nmcli命令实现
#删除 - 前置工作
[root@rocky8-153 network-scripts]#nmcli con
NAME UUID TYPE DEVICE
eth0 90d3195d-a157-4714-a4e3-923a117e48df ethernet eth0
bond0 ad33d8b0-1f7b-cab9-9447-ba07f855b143 bond bond0
eth1 9c92fad9-6ecb-3e6c-eb4d-8a47c6f50c04 ethernet eth1
eth2 3a73717e-65ab-93e8-b518-24f5af32dc0d ethernet eth2
[root@rocky8-153 network-scripts]#nmcli con down bond0
Connection 'bond0' successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/7)
[root@rocky8-153 network-scripts]#ls
ifcfg-bond0 ifcfg-eth0 ifcfg-eth1 ifcfg-eth2
[root@rocky8-153 network-scripts]#rm -rf ifcfg-bond0 ifcfg-eth1 ifcfg-eth2
[root@rocky8-153 network-scripts]#nmcli con reload;nmcli con
NAME UUID TYPE DEVICE
eth0 90d3195d-a157-4714-a4e3-923a117e48df ethernet eth0
[root@rocky8-153 network-scripts]#ls
ifcfg-eth0添加bonding接口
[root@rocky8-153 network-scripts]#nmcli con add type bond con-name bond0 ifname bond0 mode active-backup ipv4.method manual ipv4.addresses 192.168.10.100/24
Connection 'bond0' (840af086-5257-41a5-9c2a-ed6a5d874146) successfully added.
添加从属接口
[root@rocky8-153 network-scripts]#nmcli con add type bond-slave ifname eth1 master bond0
Connection 'bond-slave-eth1' (4dd1d326-92a3-43b7-9606-8e6037b5001b) successfully added.
[root@rocky8-153 network-scripts]#nmcli con add type bond-slave ifname eth2 master bond0
Connection 'bond-slave-eth2' (2c68b8dc-1deb-4827-83d7-b29f922f4885) successfully added.
查看
[root@rocky8-153 network-scripts]#ls
ifcfg-bond0 ifcfg-bond-slave-eth1 ifcfg-bond-slave-eth2 ifcfg-eth0
[root@rocky8-153 network-scripts]#nmcli con
NAME UUID TYPE DEVICE
eth0 90d3195d-a157-4714-a4e3-923a117e48df ethernet eth0
bond0 840af086-5257-41a5-9c2a-ed6a5d874146 bond bond0
bond-slave-eth1 4dd1d326-92a3-43b7-9606-8e6037b5001b ethernet eth1
bond-slave-eth2 2c68b8dc-1deb-4827-83d7-b29f922f4885 ethernet eth2
[root@rocky8-153 network-scripts]#nmcli con reload;nmcli con up bond0;nmcli con up bond-slave-eth1;nmcli con up bond-slave-eth2
Connection successfully activated (master waiting for slaves) (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/16)
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/19)
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/20)
[root@rocky8-153 network-scripts]#cat /proc/net/bonding/bond0
Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011)
Bonding Mode: fault-tolerance (active-backup)
Primary Slave: None
Currently Active Slave: eth1
MII Status: up
MII Polling Interval (ms): 100
Up Delay (ms): 0
Down Delay (ms): 0
Peer Notification Delay (ms): 0
Slave Interface: eth1
MII Status: up
Speed: 10000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: 00:0c:29:b4:f4:c1
Slave queue ID: 0
Slave Interface: eth2
MII Status: up
Speed: 10000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: 00:0c:29:b4:f4:b7
Slave queue ID: 0② Ubuntu实现
添加两块仅主机网卡
[root@ubuntu-158 netplan]#ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host noprefixroute
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:e9:68:1d brd ff:ff:ff:ff:ff:ff
altname enp2s1
altname ens33
altname enx000c29e9681d
inet 10.0.0.158/24 metric 100 brd 10.0.0.255 scope global dynamic eth0
valid_lft 1745sec preferred_lft 1745sec
inet6 fe80::20c:29ff:fee9:681d/64 scope link proto kernel_ll
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 00:0c:29:e9:68:3b brd ff:ff:ff:ff:ff:ff
altname enp2s7
altname ens39
altname enx000c29e9683b
4: eth2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 00:0c:29:e9:68:45 brd ff:ff:ff:ff:ff:ff
altname enp2s8
altname ens40
altname enx000c29e96845
修改配置文件并测试
[root@ubuntu-158 netplan]#cat bond0.yaml
network:
ethernets:
eth1:
addresses: []
dhcp4: false
eth2:
addresses: []
dhcp4: false
version: 2
bonds:
bond0:
addresses: [192.168.10.123/24]
interfaces: [eth1,eth2]
parameters:
mode: balance-rr #bond工作模式,轮询
[root@ubuntu-158 netplan]#netplan apply
#测试
[root@ubuntu-158 ~]#watch -n 1 netstat -i
C:\Users\HhAosocool>ping 192.168.10.123 -t8、网络组
网络组(Network Teaming) 是一种将多个物理网卡逻辑地聚合在一起的技术,旨在提高网络的可用性、冗余度和吞吐量。与传统的网卡绑定(Bonding)技术相比,网络组提供了更好的性能和扩展性,尤其适用于需要高可靠性和高带宽的网络环境。
网络组的工作模式:
broadcast:广播模式
所有数据包复制到所有端口,确保高可靠性,但带宽利用率低。
roundrobin:轮询模式按顺序轮流使用每个端口发送数据包,实现负载均衡,但可能乱序。
activebackup:主备模式(默认)一个端口为主,其他为备。主端口故障时自动切换,无需交换机支持。
loadbalance:负载均衡模式基于哈希算法分配流量,实现发送和接收的负载均衡,需交换机支持。
lacp:动态链路聚合(802.3ad)遵循IEEE 802.3ad标准,动态协商链路聚合,需交换机支持LACP协议。
① Rocky实现
修改配置文件并测试
#添加两块仅主机网卡
#配置team接口文件
[root@rocky8-153 network-scripts]#cat ifcfg-team0
DEVICE=team0 #网络组接口名称
DEVICETYPE=Team #声明是网络组主接口
TEAM_CONFIG="{\"runner\":{\"name\":\"activebackup\"}}" #主备模式
BOOTPROTO=none
IPADDR=192.168.10.100
PREFIX=24
NAME=team0
ONBOOT=yes
#配置port文件
[root@rocky8-153 network-scripts]#cat ifcfg-team0-eth1
DEVICE=eth1
DEVICETYPE=TeamPort
TEAM_MASTER=team0
NAME=team0-eth1
ONBOOT=yes
[root@rocky8-153 network-scripts]#cat ifcfg-team0-eth2
DEVICE=eth2
DEVICETYPE=TeamPort #声明是网络组从属端口
TEAM_MASTER=team0 #指定该网卡从属的网络组接口名称
NAME=team0-eth2
ONBOOT=yes
#启用
[root@rocky8-153 network-scripts]#nmcli con up team0
Connection successfully activated (master waiting for slaves) (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/34)
[root@rocky8-153 network-scripts]#nmcli con up team0-eth1
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/37)
[root@rocky8-153 network-scripts]#nmcli con up team0-eth2
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/38)
#查看
[root@rocky8-153 network-scripts]#nmcli con
NAME UUID TYPE DEVICE
eth0 90d3195d-a157-4714-a4e3-923a117e48df ethernet eth0
team0 702de3eb-2e80-897c-fd52-cd0494dd8123 team team0
team0-eth1 7465825a-f775-d608-7222-8f2fb493423f ethernet eth1
team0-eth2 7b86983f-9f30-5ef5-4e97-269d4af8e492 ethernet eth2
[root@rocky8-153 network-scripts]#teamdctl team0 state
setup:
runner: loadbalance
ports:
eth1
link watches:
link summary: up
instance[link_watch_0]:
name: ethtool
link: up
down count: 0
eth2
link watches:
link summary: up
instance[link_watch_0]:
name: ethtool
link: up
down count: 0
#测试
[root@rocky8-153 network-scripts]#watch -n 1 netstat -i
C:\Users\HhAosocool>ping 192.168.10.100 -tnmcli命令实现
#创建网络组接口
nmcli con add type team con-name CON-NAME ifname TEAM-NAME config 'CONFIG-JSON-STRING'
CON-NAME #连接名
TEAM-NAME #接口名
CONFIG-JSON-STRING #配置项,例如 '{"runner": {"name": "METHOD"}}'
METHOD #流量算法
broadcast|roundrobin|activebackup|loadbalance|lacp
#创建port接口
nmcli con add type team-slave con-name CON-PORT-NAME ifname CON-TEAM-NAME master TEAM-NAME
CON-PORT-NAME #连接名,连接名若不指定,默认为team-slave-IFACE
CON-TEAM-NAME #网络接口名
TEAM-NAME #要绑定的网络组接口名
#添加team
[root@rocky8-153 network-scripts]#nmcli con anmcli con add type team con-name team0 ifname team0 conf
Connection 'team0' (d2ff1728-b607-48cc-9447-6c66a9d53f9e) successfully added.
#添加网卡
[root@rocky8-153 network-scripts]#nmcli con anmcli con add con-name team0-eth1 type team-slave ifname
Connection 'team0-eth1' (7ede121b-efeb-441b-b32a-e422b7753aa4) successfully added.
[root@rocky8-153 network-scripts]#nmcli con add con-name team0-eth2 type team-slave ifname eth2 maste
Connection 'team0-eth2' (2a008590-ae2f-4e27-bb70-3148e80efc14) successfully added.
#启用
[root@rocky8-153 network-scripts]#nmcli con reload;nmcli con
NAME UUID TYPE DEVICE
eth0 90d3195d-a157-4714-a4e3-923a117e48df ethernet eth0
team0 d2ff1728-b607-48cc-9447-6c66a9d53f9e team team0
team0-eth1 7ede121b-efeb-441b-b32a-e422b7753aa4 ethernet eth1
team0-eth2 2a008590-ae2f-4e27-bb70-3148e80efc14 ethernet eth2
[root@rocky8-153 network-scripts]#nmcli con up team0-eth1
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnectio
[root@rocky8-153 network-scripts]#nmcli con up team0-eth2
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnectio
[root@rocky8-153 network-scripts]#nmcli con up team0
Connection successfully activated (master waiting for slaves) (D-Bus active path: /org/freedesktop/Ne
[root@rocky8-153 network-scripts]#teamdctl team0 state
setup:
runner: activebackup
ports:
eth1
link watches:
link summary: up
instance[link_watch_0]:
name: ethtool
link: up
down count: 0
eth2
link watches:
link summary: up
instance[link_watch_0]:
name: ethtool
link: up
down count: 0
runner:
active port: eth1
#删除
[root@rocky8-153 network-scripts]#nmcli con del team0
Connection 'team0' (d2ff1728-b607-48cc-9447-6c66a9d53f9e) successfully deleted.
[root@rocky8-153 network-scripts]#nmcli con del team0-eth1
Connection 'team0-eth1' (7ede121b-efeb-441b-b32a-e422b7753aa4) successfully deleted.
[root@rocky8-153 network-scripts]#nmcli con del team0-eth2
Connection 'team0-eth2' (2a008590-ae2f-4e27-bb70-3148e80efc14) successfully deleted.
[root@rocky8-153 network-scripts]#nmcli con reload;nmcli con
NAME UUID TYPE DEVICE
eth0 90d3195d-a157-4714-a4e3-923a117e48df ethernet eth0
② Ubuntu实现
#用nmcli命令工具添加team,设置主备模式
nmcli con add type team con-name team0 ifname team0 config '{"runner":{"name":"activebackup"}}' ipv4.addresses 192.168.10.100/24 ipv4.method manual
nmcli con add con-name team0-eth1 type team-slave ifname eth1 master team0
nmcli con add con-name team0-eth2 type team-slave ifname eth2 master team0
...
nmcli con reload;nmcli con
nmcli con up team0
nmcli con up team0-eth1
nmcli con up team0-eth2
#生成配置文件
ll /etc/NetworkManager/system-connections/team0*
#安装temdctl
apt install libteam-utils -y
#查看
teamdctl team0 state
#测试
ping 192.168.10.1009、网桥(交换机)
桥接:把一台机器上的若干个网络接口“连接”起来。其结果是,其中一个网口收到的报文会被复制给其他网口并发送出去。以使得网口之间的报文能够互相转发。
网桥就是这样一个设备,它有若干个网口,并且这些网口是桥接起来的。与网桥相连的主机就能通过交换机的报文转发而互相通信。
配置实现网桥
| 主机 | 网卡模式 | IP地址 | Port |
| Client1 | 两块网卡,仅主机保证连通Client2,NAT保证连通Client3 | 无地址 | vmnet1,vmnet8 |
| Client2 | 仅主机 | 172.16.1.110 | vmnet1 |
| Clien3 | NAT | 172.16.1.114 | vmnet8 |
#client2 配置
root@ubuntu22:~# cd /etc/netplan/
root@ubuntu22:/etc/netplan# vim eth0.yaml
network:
renderer: networkd
ethernets:
eth0:
addresses: [172.16.1.110/16]
version: 2
root@ubuntu22:/etc/netplan# netplan apply
root@ubuntu22:/etc/netplan# ip a show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode
DEFAULT group default qlen 1000
link/ether 00:0c:29:f3:44:a4 brd ff:ff:ff:ff:ff:ff
altname ens2s6
altname ens38
inet 172.16.1.110/16 brd 172.16.255.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe29:5571/64 scope link
valid_lft forever preferred_lft forever
root@ubuntu22:/etc/netplan# netplan apply
#client3 配置
root@ubuntu22:~# cd /etc/netplan/
root@ubuntu22:/etc/netplan# vim ens33.yaml
network:
renderer: networkd
ethernets:
ens33:
addresses: [172.16.1.114/16]
version: 2
root@ubuntu22:/etc/netplan# netplan apply
root@ubuntu22:/etc/netplan# ip a show ens33
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode
DEFAULT group default qlen 1000
link/ether 00:0c:29:a3:1c:89 brd ff:ff:ff:ff:ff:ff
altname enp2s6
inet 172.16.1.114/16 brd 172.16.255.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fea3:1c89/64 scope link
valid_lft forever preferred_lft forever
#client2 ping client3
root@ubuntu22:/etc/netplan# ping 172.16.1.114
Ping 172.16.1.114 (172.16.1.114) 56(84) bytes of data.
From 172.16.1.110 icmp_Seq=1 Destination Host Unreachable
From 172.16.1.110 icmp_Seq=2 Destination Host Unreachable
......
#client3 ping client2
root@ubuntu22:/etc/netplan# ping 172.16.1.110
Ping 172.16.1.110 (172.16.1.110) 56(84) bytes of data.
From 172.16.1.114 icmp_Seq=1 Destination Host Unreachable
From 172.16.1.114 icmp_Seq=2 Destination Host Unreachable
......
网桥配置
#添加网桥
[root@rocky86 network-scripts]# nmcli con add type bridge con-name br0 ifname br0
Connection 'br0' (deedb558-72d9-4cd9-b136-08917304d777) successfully added.
#启用
[root@rocky86 network-scripts]# nmcli con up br0
Connection successfully activated (master waiting for slaves) (D-Bus active
path: /org/freedesktop/NetworkManager/ActiveConnection/4)
#加网卡
[root@rocky86 network-scripts]# nmcli con add type bridge-slave con-name br0-port0 ifname ens160 master br0
Connection 'br0-port0' (0ec95062-a194-423c-b120-662f8c9f7bb3) successfully added.
[root@rocky86 network-scripts]# nmcli con add type bridge-slave con-name br0-port1 ifname ens192 master br0
Connection 'br0-port1' (49eba769-25e6-4794-945e-6190e5795cd6) successfully added.
#启用网卡
[root@rocky86 network-scripts]# nmcli con reload
[root@rocky86 network-scripts]# nmcli con up br0
Connection successfully activated (master waiting for slaves) (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/4)
[root@rocky86 network-scripts]# nmcli con up br0-port0
Connection successfully activated (D-Bus active path:/org/freedesktop/NetworkManager/ActiveConnection/7)
[root@rocky86 network-scripts]# nmcli con up br0-port1
Connection successfully activated (D-Bus active path:
/org/freedesktop/NetworkManager/ActiveConnection/8)
#查看
[root@rocky86 network-scripts]# nmcli con
NAME UUID TYPE DEVICE
br0 deedb558-72d9-4cd9-b136-08917304d777 bridge br0
virbr0 68d52b85-639b-4019-9c1b-d192e17b1c0a bridge virbr0
br0-port0 0ec95062-a194-423c-b120-662f8c9f7bb3 ethernet ens160
br0-port1 49eba769-25e6-4794-945e-6190e5795cd6 ethernet ens192查看网桥并测试
[root@rocky86 network-scripts]# nmcli dev show br0
GENERAL.DEVICE: br0
GENERAL.TYPE: bridge
GENERAL.HWADDR: 00:0C:29:23:22:1E
GENERAL.MTU: 1500
GENERAL.STATE: 100 (connected)
GENERAL.CONNECTION: br0
GENERAL.CON-PATH:
/org/freedesktop/NetworkManager/ActiveConnection/27
IP4.ADDRESS[1]: 10.0.0.157/24
IP4.GATEWAY: 10.0.0.2
IP4.ROUTE[1]: dst = 10.0.0.0/24, nh = 0.0.0.0, mt =
425
IP4.ROUTE[2]: dst = 0.0.0.0/0, nh = 10.0.0.2, mt = 425
IP4.DNS[1]: 10.0.0.2
IP4.DOMAIN[1]: localdomain
IP6.ADDRESS[1]: fe80::69df:b09e:30a8:b251/64
IP6.GATEWAY: --
IP6.ROUTE[1]: dst = fe80::/64, nh = ::, mt = 1024
[root@rocky86 network-scripts]# bridge link show
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br0 state forwarding priority 32 cost 100
3: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br0 state forwarding priority 32 cost 100
[root@rocky86 network-scripts]# ip link show master br0
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master br0 state
UP mode DEFAULT group default qlen 1000
link/ether 00:0c:29:23:22:1e brd ff:ff:ff:ff:ff:ff
3: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master br0 state
UP mode DEFAULT group default qlen 1000
link/ether 00:0c:29:23:22:28 brd ff:ff:ff:ff:ff:ff
#测试
#client2 ping client3
root@ubuntu22:/etc/netplan# ping 172.16.1.114
Ping 172.16.1.114 (172.16.1.114) 56(84) bytes of data.
From 172.16.1.110 icmp_Seq=1 ttl=64 time=2.05ms
From 172.16.1.110 icmp_Seq=2 ttl=64 time=2.01ms
......
#client3 ping client2
root@ubuntu22:/etc/netplan# ping 172.16.1.110
Ping 172.16.1.110 (172.16.1.110) 56(84) bytes of data.
From 172.16.1.114 icmp_Seq=1 ttl=64 time=2.23ms
From 172.16.1.114 icmp_Seq=2 ttl=64 time=1.12ms
...... 删除
[root@rocky86 network-scripts]# nmcli con down br0
[root@rocky86 network-scripts]# nmcli con del br0brctl命令实现
#工具包
yum install bridge-utils
rpm -qi bridge-utils
#查看网桥
brctl show
#查看CAM(content addressable memory内容可寻址存储器)表
brctl showmacs br0
#添加和删除网桥
brctl {addbr|delbr} br0
#添加和删除网桥中网卡
brctl {addif|delif} br0 eth0
#默认br0 是down,必须启用
ifconfig br0 up
#启用STP
[root@centos7 ~]#brctl show
bridge name bridge id STP enabled interfaces
br0 8000.000c297e67a3 no eth1 eth2
[root@centos7 ~]#brctl stp br0 on
[root@centos7 ~]#brctl show
bridge name bridge id STP enabled interfaces
br0 8000.000c297e67a3 yes eth1 eth2
#ubuntu
[root@ubuntu ~]# apt install bridge-utilsSTP生成树协议
正常情况下,三台交换机,连两条网线,但这种情况下,如果断掉了一条线,则网络就会中断,为了解决此问题,三台交换机,连三线网线,这样,如果断了一条线,网络还是可用的,但这样会形成一个环形网络,由于交换机执行广播请求,那这种网络会造成网络风暴,所以需要启用STP规避此问题。
二、网络测试诊断工具
| 作用分类 | 工具/命令 |
| 测试网络连通性 | fping |
| 显示正确的路由表 | ip route,route |
| 跟踪路由 | traceroute,tracepath,mtr |
| 确定名称服务器使用 | nslookup,host,dig |
| 抓包工具 | tcpdump,wireshark |
| 安全扫描工具 | nmap,netcat(即nc) |
| 流量控制工具 | tc |
1、fping
fping 是一个用于网络连通性测试的命令行工具,与传统的 ping 命令不同,fping 能够同时向多个主机发送 ICMP 请求,从而提高了测试效率,特别适用于批量测试多个主机的可达性。网络监控,批量测试,脚本集成。
#安装
[root@ubuntu-158 ~]#apt install fping
[root@ubuntu-158 ~]#fping 10.0.0.153
10.0.0.153 is alive
[root@ubuntu-158 ~]#fping 10.0.0.151
ICMP Host Unreachable from 10.0.0.158 for ICMP Echo sent to 10.0.0.151
ICMP Host Unreachable from 10.0.0.158 for ICMP Echo sent to 10.0.0.151
ICMP Host Unreachable from 10.0.0.158 for ICMP Echo sent to 10.0.0.151
ICMP Host Unreachable from 10.0.0.158 for ICMP Echo sent to 10.0.0.151
10.0.0.151 is unreachable
#作用:让系统忽略所有传入的 ICMP Echo 请求(ping 请求)
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
#-g 选项可指定网段or地址范围
[root@ubuntu-158 ~]#fping -g 10.0.0.0/24
10.0.0.1 is alive
10.0.0.2 is alive
ICMP Host Unreachable from 10.0.0.158 for ICMP Echo sent to 10.0.0.7
ICMP Host Unreachable from 10.0.0.158 for ICMP Echo sent to 10.0.0.7
...
[root@ubuntu-158 ~]#fping -g 10.0.0.150 10.0.0.155
10.0.0.153 is alive
10.0.0.154 is alive
ICMP Host Unreachable from 10.0.0.158 for ICMP Echo sent to 10.0.0.150
...
#对文件中的主机测试
[root@ubuntu-158 ~]#cat host.txt
10.0.0.140
10.0.0.152
10.0.0.153
[root@ubuntu-158 ~]#fping < host.txt
10.0.0.153 is alive
ICMP Host Unreachable from 10.0.0.158 for ICMP Echo sent to 10.0.0.152
...
#-s 统计选项
[root@ubuntu-158 ~]#fping -s < host.txt
10.0.0.153 is alive
ICMP Host Unreachable from 10.0.0.158 for ICMP Echo sent to 10.0.0.140
...
3 targets
1 alive
2 unreachable
0 unknown addresses
8 timeouts (waiting for response)
9 ICMP Echos sent
1 ICMP Echo Replies received
8 other ICMP received
0.717 ms (min round trip time)
0.717 ms (avg round trip time)
0.717 ms (max round trip time)
4.076 sec (elapsed real time)2、tcpdump
网络抓包分析工具,捕获经过网络接口的数据包。支持针对网络层、协议、主机、网络或端口的过滤。并提供and、or、not等逻辑语句帮助去除无用的信息。
Usage: tcpdump [-AbdDefhHIJKlLnNOpqStuUvxX#] [ -B size ] [ -c count ] [--count]
[ -C file_size ] [ -E algo:secret ] [ -F file ] [ -G seconds ]
[ -i interface ] [ --immediate-mode ] [ -j tstamptype ]
[ -M secret ] [ --number ] [ --print ] [ -Q in|out|inout ]
[ -r file ] [ -s snaplen ] [ -T type ] [ --version ]
[ -V file ] [ -w file ] [ -W filecount ] [ -y datalinktype ]
[ --time-stamp-precision precision ] [ --micro ] [ --nano ]
[ -z postrotate-command ] [ -Z user ] [ expression ]
#常用选项
-a #以主机名来显示
-c #达到数量后就不再抓包
-d #友好格式显示
-dd #友好格式显示
-ddd #十进制格式显示
-e #显示链路层信息
-f #以数字格式显示IP
-i #指定设备
-n #不转换主机名和IP地址
-nn #在-n基础上,禁用主机名和端口名的解析,直接显示 IP 地址和端口号
-N #不显示域名
-q #快速输出,只显示少量指标
-r #从指定的文件读取数据
-s #指定数据包大小
-S #用绝对数字显示TCP关联数
-t #不显示时间
-tt #显示时间戳
-T #指定输出的类型
-v #详细显示指令执行过程。
-vv #显示详细过程
-x #十六进制输出
-w #将输出内容写到指定文件#查看网卡
[root@ubuntu ~]# tcpdump -D
1.eth0 [Up, Running, Connected]
2.eth2 [Up, Running, Connected]
3.any (Pseudo-device that captures on all interfaces) [Up, Running]
4.lo [Up, Running, Loopback]
5.eth1 [Up, Disconnected]
6.bluetooth0 (Bluetooth adapter number 0) [Wireless, Association status unknown]
7.bluetooth-monitor (Bluetooth Linux Monitor) [Wireless]
8.nflog (Linux netfilter log (NFLOG) interface) [none]
9.nfqueue (Linux netfilter queue (NFQUEUE) interface) [none]
10.dbus-system (D-Bus system bus) [none]
11.dbus-session (D-Bus session bus) [none]
#不指定任何参数,监听第一块网卡上经过的数据包。主机上可能有不止一块网卡,所以经常需要指定网卡。
[root@ubuntu ~]# tcpdump
#监听特定网卡
[root@ubuntu ~]# tcpdump -i eth0
#监听特定主机,监听主机10.0.0.100 的通信包,注意:出、入的包都会被监听, 前提同一网段
[root@ubuntu ~]# tcpdump host 10.0.0.100
#特定来源、目标地址的通信
#特定来源
[root@ubuntu ~]# tcpdump src host hostname
#特定目标地址
[root@ubuntu ~]# tcpdump dst host hostname
#如果不指定src跟dst,那么来源或者目标是hostname的通信都会被监听
[root@ubuntu ~]# tcpdump host hostname
#面试题
[root@ubuntu ~]# tcpdump -i eth0 -nn icmp and src host 10.0.0.6 and dst host
10.0.0.7
#特定端口
tcpdump port 3000
#监听TCP/UDP,服务器上不同服务分别用了TCP、UDP作为传输层,假如只想监听TCP的数据包
tcpdump tcp
#来源主机+端口+TCP,监听来自主机10.0.0.100在端口22上的TCP数据包
tcpdump tcp port 22 and src host 10.0.0.100
#监听特定主机之间的通信
tcpdump ip host 10.0.0.101 and 10.0.0.102
#10.0.0.101和除了10.0.0.1之外的主机之间的通信
tcpdump ip host 10.0.0.101 and ! 10.0.0.1
#详细示例
tcpdump tcp -i eth1 -t -s 0 -c 100 and dst port ! 22 and src net 192.168.1.0/24
-w ./target.cap
(1)tcp: ip icmp arp rarp 和 tcp、udp、icmp这些选项等都要放到第一个参数的位置,用来过滤数据
报的类型
(2)-i eth1 : 只抓经过接口eth1的包
(3)-t : 不显示时间戳
(4)-s 0 :设置为0表示使用默认值262144字节抓取每个包,以便与tcpdump的旧版本兼容
(5)-c 100 : 只抓取100个数据包
(6)dst port ! 22 : 不抓取目标端口是22的数据包
(7)src net 192.168.1.0/24 : 数据包的源网络地址为192.168.1.0/24
(8)-w ./target.cap : 保存成cap文件,方便用wireshark分析
#限制抓包的数量,如下,抓到1000个包后,自动退出
tcpdump -c 1000
#保存到本地,tcpdump默认会将输出写到缓冲区,只有缓冲区内容达到一定的大小,或者tcpdump退出时,
才会将输出写到本地磁盘,可以加上-U强制立即写到本地磁盘(一般不建议,性能相对较差)
tcpdump -n -vvv -c 1000 -w /tmp/tcpdump_save.cap
3、nmap
扫描远程主机工具,比发送 ICMP 报文的 ping 命令的功能要强大很多
nmap [Scan Type(s)] [Options] {target specification}
#命令选项
-sT #TCP connect() 扫描,这是最基本的 TCP 扫描方式。
-sS #TCP 同步扫描 (TCP SYN),因为不必全部打开一个 TCP 连接,所以这项技术通常称为半开扫描
-sF|-sX|-sN #秘密扫描模式
-sP #ping 扫描,主机阻塞ICMP echo请求包是ping扫描是无效的
-sU #UDP 的数据包进行扫描,想知道在某台主机上提供哪些 UDP 服务,可以使用此选项
-sA #ACK 扫描,这项高级的扫描方法通常可以用来穿过防火墙。
-sW #滑动窗口扫描,非常类似于 ACK 的扫描
-sR #RPC 扫描,和其它不同的端口扫描方法结合使用。
-b #FTP 反弹攻击 (bounce attack),连接到防火墙后面的一台 FTP 服务器做代理,接着进行端口扫描。
-P0 #在扫描之前,不 ping 主机。
-PT #扫描之前,使用 TCP ping 确定哪些主机正在运行
-PS #对于 root 用户,这个选项让 nmap 使用 SYN 包而不是 ACK 包来对目标主机进行扫描。 -PI #设置这个选项,让 nmap 使用真正的 ping(ICMP echo 请求)来扫描目标主机是否正在运行。
-PB #默认的ping扫描选项,使用 ACK(-PT) 和 ICMP(-PI) 两种扫描类型并行扫描,能够穿过防火墙。
-O #这个选项激活对 TCP/IP 指纹特征 (fingerprinting) 的扫描,获得远程主机的操作系统类型
-I #打开 nmap 的反向标志扫描功能。
-f #使用碎片 IP 数据包发送 SYN、FIN、XMAS、NULL。包增加包过滤、入侵检测系统的难度
-v #冗余模式。强烈推荐使用这个选项,它会给出扫描过程中的详细信息。
-S IP #在一些情况下,nmap 可能无法确定你的源地址 。在这种情况使用这个选项给出指定 IP 地址
-g port #设置扫描的源端口
-oN #把扫描结果重定向到一个可读的文件 logfilename 中
-oS #扫描结果输出到标准输出。
--host_timeout #设置扫描时间,以毫秒为单位。默认的情况下,没有超时限制
--max_rtt_timeout #设置对每次探测的等待时间,以毫秒为单位。如果超过这个时间限制就重传或者超时
--min_rtt_timeout #设置 nmap 对每次探测至少等待你指定的时间,以毫秒为单位
-M count #置进行 TCP connect() 扫描时,最多使用多少个套接字进行并行的扫描#安装
apt install nmap
#Tcp ack 扫描,并发2000,速度快
nmap -n -PA --min-parallelism 2000 172.16.0.0/16
#仅列出指定网段上的每台主机,不发送任何报文到目标主机.
[root@ubuntu ~]# nmap -sL 10.0.0.0/24
Starting Nmap 7.70 ( https://nmap.org ) at 2020-04-23 12:28 CST
Nmap scan report for 10.0.0.0
Nmap scan report for 10.0.0.1
......
Nmap scan report for 10.0.0.254
Nmap scan report for 10.0.0.255
Nmap done: 256 IP addresses (0 hosts up) scanned in 1.04 seconds
#可以指定一个IP地址范围
[root@ubuntu ~]# nmap -sP 10.0.0.1-10
Starting Nmap 7.70 ( https://nmap.org ) at 2020-04-23 12:30 CST
Nmap scan report for 10.0.0.1
Host is up (0.000081s latency).
...
#批量扫描一个网段的主机存活数
nmap -sP -v 192.168.1.0/24
nmap –v –sn ip/24
#有些主机关闭了ping检测,所以可以使用-P0跳过ping的探测,可以加快扫描速度.
nmap -P0 192.168.1.100
#扫描主机
nmap –v –A IP
#一次性扫描多台目标主机
[root@ubuntu ~]# nmap 10.0.0.6 10.0.0.7
Starting Nmap 7.70 ( https://nmap.org ) at 2020-04-23 12:39 CST
Nmap scan report for 10.0.0.6
Host is up (0.00055s latency).
Not shown: 998 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
MAC Address: 00:0C:29:4D:EF:2C (VMware)
Nmap scan report for 10.0.0.7
Host is up (0.00050s latency).
Not shown: 999 closed ports
PORT STATE SERVICE
22/tcp open ssh
MAC Address: 00:0C:29:29:F9:26 (VMware)
Nmap done: 2 IP addresses (2 hosts up) scanned in 101.01 seconds
#从一个文件中导入IP地址,并进行扫描
[root@ubuntu ~]# cat hosts.txt
10.0.0.7
10.0.0.6
58.87.87.99
[root@ubuntu ~]# nmap -iL hosts.txt
Starting Nmap 7.70 ( https://nmap.org ) at 2020-04-23 12:43 CST
Nmap scan report for 10.0.0.7
Host is up (0.0024s latency).
Not shown: 999 closed ports
PORT STATE SERVICE
22/tcp open ssh
MAC Address: 00:0C:29:29:F9:26 (VMware)
Nmap scan report for 10.0.0.6
Host is up (0.0032s latency).
Not shown: 998 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
MAC Address: 00:0C:29:4D:EF:2C (VMware)
Nmap scan report for 58.87.87.99
Host is up (0.016s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE
80/tcp open http
3306/tcp open mysql
Nmap done: 3 IP addresses (3 hosts up) scanned in 120.33 seconds
#探测目标主机开放的端口,可指定一个以逗号分隔的端口列表(如-PS22,443,80)
[root@ubuntu ~]# nmap -PS22,80,443 10.0.0.1
Starting Nmap 7.70 ( https://nmap.org ) at 2020-04-23 12:31 CST
Nmap scan report for 10.0.0.1
Host is up (0.00042s latency).
Not shown: 996 filtered ports
PORT STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
8082/tcp open blackice-alerts
MAC Address: 00:50:56:C0:00:08 (VMware)
Nmap done: 1 IP address (1 host up) scanned in 12.65 seconds
#使用SYN半开放扫描
[root@ubuntu ~]# nmap -sS 10.0.0.1
Starting Nmap 7.70 ( https://nmap.org ) at 2020-04-23 12:33 CST
Nmap scan report for 10.0.0.1
Host is up (-0.052s latency).
Not shown: 996 filtered ports
PORT STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
8082/tcp open blackice-alerts
MAC Address: 00:50:56:C0:00:08 (VMware)
Nmap done: 1 IP address (1 host up) scanned in 10.07 seconds
#扫描开放了TCP端口的设备
[root@ubuntu ~]# nmap -sT 10.0.0.1
Starting Nmap 7.70 ( https://nmap.org ) at 2020-04-23 12:34 CST
Nmap scan report for 10.0.0.1
Host is up (0.00040s latency).
Not shown: 996 filtered ports
PORT STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
8082/tcp open blackice-alerts
MAC Address: 00:50:56:C0:00:08 (VMware)
Nmap done: 1 IP address (1 host up) scanned in 4.52 seconds
#扫描开放了UDP端口的设备
[root@ubuntu ~]# nmap -sU 10.0.0.1
Starting Nmap 7.70 ( https://nmap.org ) at 2020-04-23 12:34 CST
Nmap scan report for 10.0.0.1
Host is up (0.00046s latency).
Not shown: 999 open|filtered ports
PORT STATE SERVICE
137/udp open netbios-ns
MAC Address: 00:50:56:C0:00:08 (VMware)
Nmap done: 1 IP address (1 host up) scanned in 18.52 seconds
#只扫描UDP端口
nmap –e eth1 -sU -O 10.0.0.1
#扫描TCP和UDP端口
nmap -sTU -O 10.0.0.1
#用于扫描目标主机服务版本号
[root@ubuntu ~]# nmap -sV 10.0.0.7
Starting Nmap 7.70 ( https://nmap.org ) at 2020-04-23 12:37 CST
Nmap scan report for 10.0.0.7
Host is up (0.0011s latency).
Not shown: 999 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 7.4 (protocol 2.0)
MAC Address: 00:0C:29:29:F9:26 (VMware)
Service detection performed. Please report any incorrect results at
https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 1.97 seconds
#查看主机当前开放的端口
nmap localhost
#查看主机端口(1024-65535)中开放的端口
nmap -p 1024-65535 localhost
#探测目标主机开放的端口
nmap -PS 10.0.0.1
#探测所列出的目标主机端口
nmap -PS22,80,3306 10.0.0.1
#探测目标主机操作系统类型
nmap -O 10.0.0.1
#探测目标主机操作系统类型
nmap -A 10.0.0.13、nc
实现任意TCP/UDP端口的侦听,nc可以作为server以TCP或UDP方式侦听指定端口
端口的扫描,nc可以作为client发起TCP或UDP连接
机器之间传输文件
机器之间网络测速
ncat [options] [hostname] [port]
#常用选项
-g #设置路由器跃程通信网关,最多可设置8个
-G #设置来源路由指向器,其数值为4的倍数
-i|--idle-timeout #设置时间间隔,以便传送信息及扫描通信端口。
-l| --listen #使用监听模式,管控传入的资料。
-n|--nodns #直接使用IP地址,而不通过域名服务器。
-o|--output #将输出内容写文件
-p|--source-port #指定本机端口
-s|--source #指定本机IP
-u|--udp #使用UDP传输协议
-v|--verbose #显示过程
-w|--wait #设置超时时间
-z #扫描模式
-k #持续监听(连接断开不退出)#安装nc
[root@ubuntu ~]# apt -y install netcat-openbsd
[root@centos8 ~]# yum -y install nc
#探测TCP协议
[root@ubuntu ~]# nc -zv 10.0.0.101 22
Connection to 10.0.0.101 22 port [tcp/ssh] succeeded!
[root@ubuntu1804 ~]#nc -zv 10.0.0.101 2222
nc: connect to 10.0.0.101 port 2222 (tcp) failed: Connection refused
#探测UDP协议
[root@ubuntu ~]# nc -zv -u 10.0.0.101 2049
Connection to 10.0.0.101 2049 port [udp/nfs] succeeded!
[root@ubuntu ~]# nc -zv -u 10.0.0.101 111
Connection to 10.0.0.101 111 port [udp/sunrpc] succeeded!
[root@ubuntu ~]# nc -zv -u 10.0.0.101 123
#监听端口
nc -l 8080
#持续监听
nc -kl 8080
扫一扫
2257
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
