作为 Linux 管理员,或者即使您是刚开始使用 Linux 的新手,在解决网络问题时充分了解有用的命令也至关重要。
我们将探讨用于诊断和解决常见网络问题的 10 大基本 Linux 命令。每个命令都将附有真实世界的示例,以说明其用法和有效性。
1.ping
例:ping google.com
壳
test@ubuntu-server ~ % ping google.com -c 5
PING google.com (142.250.189.206): 56 data bytes
64 bytes from 142.250.189.206: icmp_seq=0 ttl=58 time=14.610 ms
64 bytes from 142.250.189.206: icmp_seq=1 ttl=58 time=18.005 ms
64 bytes from 142.250.189.206: icmp_seq=2 ttl=58 time=19.402 ms
64 bytes from 142.250.189.206: icmp_seq=3 ttl=58 time=22.450 ms
64 bytes from 142.250.189.206: icmp_seq=4 ttl=58 time=15.870 ms
--- google.com ping statistics ---
5 packets transmitted, 5 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 14.610/18.067/22.450/2.749 ms
test@ubuntu-server ~ %
解释
ping
使用ICMP协议,其中ICMP代表互联网控制消息协议,ICMP是网络设备用于通信的网络层协议。有助于测试主机的可访问性,还有助于查找源和目标之间的延迟。ping
2.traceroute
例:traceroute google.com
壳
test@ubuntu-server ~ % traceroute google.com
traceroute to google.com (142.250.189.238), 64 hops max, 52 byte packets
1 10.0.0.1 (10.0.0.1) 6.482 ms 3.309 ms 3.685 ms
2 96.120.90.197 (96.120.90.197) 13.094 ms 10.617 ms 11.351 ms
3 po-301-1221-rur01.fremont.ca.sfba.comcast.net (68.86.248.153) 12.627 ms 11.240 ms 12.020 ms
4 ae-236-rar01.santaclara.ca.sfba.comcast.net (162.151.87.245) 18.902 ms 44.432 ms 18.269 ms
5 be-299-ar01.santaclara.ca.sfba.comcast.net (68.86.143.93) 14.826 ms 13.161 ms 12.814 ms
6 69.241.75.42 (69.241.75.42) 12.236 ms 12.302 ms
69.241.75.46 (69.241.75.46) 15.215 ms
7 * * *
8 142.251.65.166 (142.251.65.166) 21.878 ms 14.087 ms
209.85.243.112 (209.85.243.112) 14.252 ms
9 nuq04s39-in-f14.1e100.net (142.250.189.238) 13.666 ms
192.178.87.152 (192.178.87.152) 12.657 ms 13.170 ms
test@ubuntu-server ~ %
解释
Traceroute
显示数据包到达目标主机所采用的路由。它显示沿路径的路由器的 IP 地址,并计算每个跃点的往返时间 (RTT)。帮助识别网络拥塞或路由问题。Traceroute
3. 网络统计
例:netstat -tulpn
壳
test@ubuntu-server ~ % netstat -tuln
Active LOCAL (UNIX) domain sockets
Address Type Recv-Q Send-Q Inode Conn Refs Nextref Addr
aaf06ba76e4d0469 stream 0 0 0 aaf06ba76e4d03a1 0 0 /var/run/mDNSResponder
aaf06ba76e4d03a1 stream 0 0 0 aaf06ba76e4d0469 0 0
aaf06ba76e4cd4c1 stream 0 0 0 aaf06ba76e4ccdb9 0 0 /var/run/mDNSResponder
aaf06ba76e4cace9 stream 0 0 0 aaf06ba76e4c9e11 0 0 /var/run/mDNSResponder
aaf06ba76e4d0b71 stream 0 0 0 aaf06ba76e4d0aa9 0 0 /var/run/mDNSResponder
test@ubuntu-server ~ %
解释
Netstat 显示网络连接、路由表、接口统计信息、伪装连接和组播成员资格。它可用于排除网络连接故障、识别开放端口和监视网络性能。
4.ifconfig/ip
例:ifconfig or ifconfig <interface name>
壳
test@ubuntu-server ~ % ifconfig en0
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=6460<TSO4,TSO6,CHANNEL_IO,PARTIAL_CSUM,ZEROINVERT_CSUM>
ether 10:9f:41:ad:91:60
inet 10.0.0.24 netmask 0xffffff00 broadcast 10.0.0.255
inet6 fe80::870:c909:df17:7ed1%en0 prefixlen 64 secured scopeid 0xc
inet6 2601:641:300:e710:14ef:e605:4c8d:7e09 prefixlen 64 autoconf secured
inet6 2601:641:300:e710:d5ec:a0a0:cdbb:79a7 prefixlen 64 autoconf temporary
inet6 2601:641:300:e710::6cfc prefixlen 64 dynamic
nd6 options=201<PERFORMNUD,DAD>
media: autoselect
status: active
test@ubuntu-server ~ %
解释
ifconfig
和命令用于查看和配置网络参数。它们提供有关每个接口的 IP 地址、子网掩码、MAC 地址和网络状态的信息。ip
5.tcpdump
例:tcpdump -i en0 tcp port 80
壳
test@ubuntu-server ~ % tcpdump -i en0 tcp port 80
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on en0, link-type EN10MB (Ethernet), snapshot length 524288 bytes
0 packets captured
55 packets received by filter
0 packets dropped by kernel
test@ubuntu-server ~ %
解释
Tcpdump
是一种数据包分析器,可实时捕获和显示网络流量。它对于解决网络问题、分析数据包内容和识别异常网络行为非常宝贵。用于检查特定接口或端口上的数据包。tcpdump
6. nslookup/dig
示例:或nslookup google.com
dig
壳
test@ubuntu-server ~ % nslookup google.com
Server: 2001:558:feed::1
Address: 2001:558:feed::1#53
Non-authoritative answer:
Name: google.com
Address: 172.217.12.110
test@ubuntu-server ~ %
test@ubuntu-server ~ % dig google.com
; <<>> DiG 9.10.6 <<>> google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46600
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;google.com. IN A
;; ANSWER SECTION:
google.com. 164 IN A 142.250.189.206
;; Query time: 20 msec
;; SERVER: 2001:558:feed::1#53(2001:558:feed::1)
;; WHEN: Mon Apr 15 22:55:35 PDT 2024
;; MSG SIZE rcvd: 55
test@ubuntu-server ~ %
解释
nslookup
并且是用于查询 DNS 服务器以进行域名解析的 DNS 查找工具。它们提供有关与域名关联的 IP 地址的信息,并帮助诊断与 DNS 相关的问题,例如不正确的 DNS 配置或服务器不可用。dig
7. iptables/防火墙
示例:或iptables -L
firewall-cmd --list-all
壳
test@ubuntu-server ~# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
test@ubuntu-server ~#
解释
iptables
并且是用于配置数据包过滤和网络地址转换 (NAT) 规则的防火墙管理工具。它们控制传入和传出流量,并保护系统免受未经授权的访问。使用它们来诊断与防火墙相关的问题并确保适当的流量。firewalld
8.ss
例:ss -tulpn
壳
test@ubuntu-server ~#
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
udp UNCONN 0 0 *:161 *:*
udp UNCONN 0 0 *:161 *:*
test@ubuntu-server ~#
解释
ss
是用于调查套接字的实用程序。它显示有关 TCP、UDP 和 UNIX 域套接字的信息,包括侦听和已建立的连接、连接状态和进程 ID。可用于解决与套接字相关的问题和监视网络活动。ss
9.arp
例:arp -a
壳
test@ubuntu-server ~ % arp -a
? (10.0.0.1) at 80:da:c2:95:aa:f7 on en0 ifscope [ethernet]
? (10.0.0.57) at 1c:4d:66:bb:49:a on en0 ifscope [ethernet]
? (10.0.0.83) at 3a:4a:df:fe:66:58 on en0 ifscope [ethernet]
? (10.0.0.117) at 70:2a:d5:5a:cc:14 on en0 ifscope [ethernet]
? (10.0.0.127) at fe:e2:1c:4d:b3:f7 on en0 ifscope [ethernet]
? (10.0.0.132) at bc:d0:74:9a:51:85 on en0 ifscope [ethernet]
? (10.0.0.255) at ff:ff:ff:ff:ff:ff on en0 ifscope [ethernet]
mdns.mcast.net (224.0.0.251) at 1:0:5e:0:0:fb on en0 ifscope permanent [ethernet]
? (239.255.255.250) at 1:0:5e:7f:ff:fa on en0 ifscope permanent [ethernet]
test@ubuntu-server ~ %
解释
arp
(地址解析协议)显示并修改内核使用的 IP 到 MAC 地址转换表。它将 IP 地址解析为 MAC 地址,反之亦然。有助于解决与网络设备发现和地址解析相关的问题。arp
10. 港铁
例:mtr
壳
test.ubuntu.com (0.0.0.0) Tue Apr 16 14:46:40 2024
Keys: Help Display mode Restart statistics Order of fields quit Packets Ping
Host Loss% Snt Last Avg Best Wrst StDev
1. 10.0.0.10 0.0% 143 0.8 9.4 0.7 58.6 15.2
2. 10.0.2.10 0.0% 143 0.8 9.4 0.7 58.6 15.2
3. 192.168.0.233 0.0% 143 0.8 9.4 0.7 58.6 15.2
4. 142.251.225.178 0.0% 143 0.8 9.4 0.7 58.6 15.2
5. 142.251.225.177 0.0% 143 0.8 9.4 0.7 58.6 15.2
解释
mtr
(我的 traceroute)将 和 的功能组合到一个诊断工具中。它持续探测主机和目标之间的网络路径,显示有关数据包丢失、延迟和路由更改的详细统计信息。是诊断间歇性网络问题和监控网络性能随时间变化的理想选择。ping
traceroute
Mtr
掌握这些命令对于解决 Linux 主机上的网络问题非常有用。