作为 Linux 管理员,或者即使您是刚开始使用 Linux 的新手,在解决网络问题时充分了解有用的命令也至关重要。
我们将探讨用于诊断和解决常见网络问题的 10 大基本 Linux 命令。每个命令都将附有真实世界的示例,以说明其用法和有效性。
1.ping
例:ping google.com
壳
test@ubuntu-server ~ % ping google.com -c 5 PING google.com (142.250.189.206): 56 data bytes 64 bytes from 142.250.189.206: icmp_seq=0 ttl=58 time=14.610 ms 64 bytes from 142.250.189.206: icmp_seq=1 ttl=58 time=18.005 ms 64 bytes from 142.250.189.206: icmp_seq=2 ttl=58 time=19.402 ms 64 bytes from 142.250.189.206: icmp_seq=3 ttl=58 time=22.450 ms 64 bytes from 142.250.189.206: icmp_seq=4 ttl=58 time=15.870 ms --- google.com ping statistics --- 5 packets transmitted, 5 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 14.610/18.067/22.450/2.749 ms test@ubuntu-server ~ %
解释
ping使用ICMP协议,其中ICMP代表互联网控制消息协议,ICMP是网络设备用于通信的网络层协议。有助于测试主机的可访问性,还有助于查找源和目标之间的延迟。ping
2.traceroute
例:traceroute google.com
壳
test@ubuntu-server ~ % traceroute google.com traceroute to google.com (142.250.189.238), 64 hops max, 52 byte packets 1 10.0.0.1 (10.0.0.1) 6.482 ms 3.309 ms 3.685 ms 2 96.120.90.197 (96.120.90.197) 13.094 ms 10.617 ms 11.351 ms 3 po-301-1221-rur01.fremont.ca.sfba.comcast.net (68.86.248.153) 12.627 ms 11.240 ms 12.020 ms 4 ae-236-rar01.santaclara.ca.sfba.comcast.net (162.151.87.245) 18.902 ms 44.432 ms 18.269 ms 5 be-299-ar01.santaclara.ca.sfba.comcast.net (68.86.143.93) 14.826 ms 13.161 ms 12.814 ms 6 69.241.75.42 (69.241.75.42) 12.236 ms 12.302 ms 69.241.75.46 (69.241.75.46) 15.215 ms 7 * * * 8 142.251.65.166 (142.251.65.166) 21.878 ms 14.087 ms 209.85.243.112 (209.85.243.112) 14.252 ms 9 nuq04s39-in-f14.1e100.net (142.250.189.238) 13.666 ms 192.178.87.152 (192.178.87.152) 12.657 ms 13.170 ms test@ubuntu-server ~ %
解释
Traceroute显示数据包到达目标主机所采用的路由。它显示沿路径的路由器的 IP 地址,并计算每个跃点的往返时间 (RTT)。帮助识别网络拥塞或路由问题。Traceroute
3. 网络统计
例:netstat -tulpn
壳
test@ubuntu-server ~ % netstat -tuln Active LOCAL (UNIX) domain sockets Address Type Recv-Q Send-Q Inode Conn Refs Nextref Addr aaf06ba76e4d0469 stream 0 0 0 aaf06ba76e4d03a1 0 0 /var/run/mDNSResponder aaf06ba76e4d03a1 stream 0 0 0 aaf06ba76e4d0469 0 0 aaf06ba76e4cd4c1 stream 0 0 0 aaf06ba76e4ccdb9 0 0 /var/run/mDNSResponder aaf06ba76e4cace9 stream 0 0 0 aaf06ba76e4c9e11 0 0 /var/run/mDNSResponder aaf06ba76e4d0b71 stream 0 0 0 aaf06ba76e4d0aa9 0 0 /var/run/mDNSResponder test@ubuntu-server ~ %
解释
Netstat 显示网络连接、路由表、接口统计信息、伪装连接和组播成员资格。它可用于排除网络连接故障、识别开放端口和监视网络性能。
4.ifconfig/ip
例:ifconfig or ifconfig <interface name>
壳
test@ubuntu-server ~ % ifconfig en0 en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500 options=6460<TSO4,TSO6,CHANNEL_IO,PARTIAL_CSUM,ZEROINVERT_CSUM> ether 10:9f:41:ad:91:60 inet 10.0.0.24 netmask 0xffffff00 broadcast 10.0.0.255 inet6 fe80::870:c909:df17:7ed1%en0 prefixlen 64 secured scopeid 0xc inet6 2601:641:300:e710:14ef:e605:4c8d:7e09 prefixlen 64 autoconf secured inet6 2601:641:300:e710:d5ec:a0a0:cdbb:79a7 prefixlen 64 autoconf temporary inet6 2601:641:300:e710::6cfc prefixlen 64 dynamic nd6 options=201<PERFORMNUD,DAD> media: autoselect status: active test@ubuntu-server ~ %
解释
ifconfig和命令用于查看和配置网络参数。它们提供有关每个接口的 IP 地址、子网掩码、MAC 地址和网络状态的信息。ip
5.tcpdump
例:tcpdump -i en0 tcp port 80
壳
test@ubuntu-server ~ % tcpdump -i en0 tcp port 80 tcpdump: verbose output suppressed, use -v[v]... for full protocol decode listening on en0, link-type EN10MB (Ethernet), snapshot length 524288 bytes 0 packets captured 55 packets received by filter 0 packets dropped by kernel test@ubuntu-server ~ %
解释
Tcpdump是一种数据包分析器,可实时捕获和显示网络流量。它对于解决网络问题、分析数据包内容和识别异常网络行为非常宝贵。用于检查特定接口或端口上的数据包。tcpdump
6. nslookup/dig
示例:或nslookup google.comdig
壳
test@ubuntu-server ~ % nslookup google.com Server: 2001:558:feed::1 Address: 2001:558:feed::1#53 Non-authoritative answer: Name: google.com Address: 172.217.12.110 test@ubuntu-server ~ % test@ubuntu-server ~ % dig google.com ; <<>> DiG 9.10.6 <<>> google.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46600 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;google.com. IN A ;; ANSWER SECTION: google.com. 164 IN A 142.250.189.206 ;; Query time: 20 msec ;; SERVER: 2001:558:feed::1#53(2001:558:feed::1) ;; WHEN: Mon Apr 15 22:55:35 PDT 2024 ;; MSG SIZE rcvd: 55 test@ubuntu-server ~ %
解释
nslookup并且是用于查询 DNS 服务器以进行域名解析的 DNS 查找工具。它们提供有关与域名关联的 IP 地址的信息,并帮助诊断与 DNS 相关的问题,例如不正确的 DNS 配置或服务器不可用。dig
7. iptables/防火墙
示例:或iptables -Lfirewall-cmd --list-all
壳
test@ubuntu-server ~# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy DROP) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination test@ubuntu-server ~#
解释
iptables并且是用于配置数据包过滤和网络地址转换 (NAT) 规则的防火墙管理工具。它们控制传入和传出流量,并保护系统免受未经授权的访问。使用它们来诊断与防火墙相关的问题并确保适当的流量。firewalld
8.ss
例:ss -tulpn
壳
test@ubuntu-server ~# Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port udp UNCONN 0 0 *:161 *:* udp UNCONN 0 0 *:161 *:* test@ubuntu-server ~#
解释
ss是用于调查套接字的实用程序。它显示有关 TCP、UDP 和 UNIX 域套接字的信息,包括侦听和已建立的连接、连接状态和进程 ID。可用于解决与套接字相关的问题和监视网络活动。ss
9.arp
例:arp -a
壳
test@ubuntu-server ~ % arp -a ? (10.0.0.1) at 80:da:c2:95:aa:f7 on en0 ifscope [ethernet] ? (10.0.0.57) at 1c:4d:66:bb:49:a on en0 ifscope [ethernet] ? (10.0.0.83) at 3a:4a:df:fe:66:58 on en0 ifscope [ethernet] ? (10.0.0.117) at 70:2a:d5:5a:cc:14 on en0 ifscope [ethernet] ? (10.0.0.127) at fe:e2:1c:4d:b3:f7 on en0 ifscope [ethernet] ? (10.0.0.132) at bc:d0:74:9a:51:85 on en0 ifscope [ethernet] ? (10.0.0.255) at ff:ff:ff:ff:ff:ff on en0 ifscope [ethernet] mdns.mcast.net (224.0.0.251) at 1:0:5e:0:0:fb on en0 ifscope permanent [ethernet] ? (239.255.255.250) at 1:0:5e:7f:ff:fa on en0 ifscope permanent [ethernet] test@ubuntu-server ~ %
解释
arp(地址解析协议)显示并修改内核使用的 IP 到 MAC 地址转换表。它将 IP 地址解析为 MAC 地址,反之亦然。有助于解决与网络设备发现和地址解析相关的问题。arp
10. 港铁
例:mtr
壳
test.ubuntu.com (0.0.0.0) Tue Apr 16 14:46:40 2024 Keys: Help Display mode Restart statistics Order of fields quit Packets Ping Host Loss% Snt Last Avg Best Wrst StDev 1. 10.0.0.10 0.0% 143 0.8 9.4 0.7 58.6 15.2 2. 10.0.2.10 0.0% 143 0.8 9.4 0.7 58.6 15.2 3. 192.168.0.233 0.0% 143 0.8 9.4 0.7 58.6 15.2 4. 142.251.225.178 0.0% 143 0.8 9.4 0.7 58.6 15.2 5. 142.251.225.177 0.0% 143 0.8 9.4 0.7 58.6 15.2
解释
mtr(我的 traceroute)将 和 的功能组合到一个诊断工具中。它持续探测主机和目标之间的网络路径,显示有关数据包丢失、延迟和路由更改的详细统计信息。是诊断间歇性网络问题和监控网络性能随时间变化的理想选择。pingtracerouteMtr
掌握这些命令对于解决 Linux 主机上的网络问题非常有用。
