ip命令:
show / manipulate routing, devices, policy routing and tunnels
ip [ OPTIONS ] OBJECT { COMMAND | help }
OBJECT := { link | addr | route | netns }
ip OBJECT:
ip link: network device configuration
ip link show – display device attributes
]# ip link show1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWNlink/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:002: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000link/ether 00:0c:29:ae:e4:d8 brd ff:ff:ff:ff:ff:ff3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000link/ether 00:0c:29:ae:e4:e2 brd ff:ff:ff:ff:ff:ff
ip link set – change device attributes
dev NAME (default):指明要管理的设备,dev关键字可省略;
up和down:
multicast on或multicast off:启用或禁用多播功能;
name NAME:重命名接口
mtu NUMBER:设置MTU的大小,默认为1500;
netns PID:ns为namespace,用于将接口移动到指定的网络名称空间;
]# ip link set eth1 down]# ip link show eth13: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN qlen 1000link/ether 00:0c:29:ae:e4:e2 brd ff:ff:ff:ff:ff:ff]# ip link set eth1 multicast off ]# ip link show eth1 3: eth1: <BROADCAST> mtu 1500 qdisc pfifo_fast state DOWN qlen 1000 link/ether 00:0c:29:ae:e4:e2 brd ff:ff:ff:ff:ff:ff
]# ip link set eth1 name exxx]# ip link show1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWNlink/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:002: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000link/ether 00:0c:29:ae:e4:d8 brd ff:ff:ff:ff:ff:ff3: exxx: <BROADCAST> mtu 1500 qdisc pfifo_fast state DOWN qlen 1000link/ether 00:0c:29:ae:e4:e2 brd ff:ff:ff:ff:ff:ff
]# ip link set eth1 mtu 2000]# ip link show eth13: eth1: <BROADCAST> mtu 2000 qdisc pfifo_fast state DOWN qlen 1000link/ether 00:0c:29:ae:e4:e2 brd ff:ff:ff:ff:ff:ff
ip link help – 显示简要使用帮助;
ip netns: – manage network namespaces.
ip netns list:列出所有的netns
ip netns add NAME:创建指定的netns
ip netns del NAME:删除指定的netns
ip netns exec NAME COMMAND:在指定的netns中运行命令
]# ip netns list]# ip netns add netspace]# ip netns listnetspace
ip address – protocol address management.
ip address add – add new protocol address
ip address { add | del } IFADDR dev STRING
ip address { show | flush } [ dev STRING ] [label PATTERN ]
ip addr add IFADDR dev IFACE
[label NAME]:为额外添加的地址指明接口别名;
[broadcast ADDRESS]:广播地址;会根据IP和NETMASK自动计算得到;
[scope SCOPE_VALUE]:
global:全局可用;
link:接口可用;
host:仅本机可用;
]# ip addr add 192.168.1.10/24 dev eno16777736]# ip addr show eno167777362: eno16777736: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000link/ether 00:0c:29:60:1e:7a brd ff:ff:ff:ff:ff:ffinet 10.0.1.20/24 brd 10.0.1.255 scope global eno16777736valid_lft forever preferred_lft foreverinet 192.168.1.10/24 scope global eno16777736valid_lft forever preferred_lft forever
]# ip addr add 192.168.2.10/24 dev eno16777736 label eno16777736:0]# ip addr show eno167777362: eno16777736: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000link/ether 00:0c:29:60:1e:7a brd ff:ff:ff:ff:ff:ffinet 10.0.1.20/24 brd 10.0.1.255 scope global eno16777736valid_lft forever preferred_lft foreverinet 192.168.1.10/24 scope global eno16777736valid_lft forever preferred_lft foreverinet 192.168.2.10/24 scope global eno16777736:0valid_lft forever preferred_lft forever
ip address delete – delete protocol address
ip addr delete IFADDR dev IFACE
]# ip addr del 192.168.2.10/24 dev eno16777736]# ip addr del 192.168.1.10/24 dev eno16777736]# ip ad sh eno167777362: eno16777736: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000link/ether 00:0c:29:60:1e:7a brd ff:ff:ff:ff:ff:ffinet 10.0.1.20/24 brd 10.0.1.255 scope global eno16777736valid_lft forever preferred_lft forever
ip address show – look at protocol addresses
ip addr list [IFACE]:显示接口的地址;
]# ip addr show eno167777362: eno16777736: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000link/ether 00:0c:29:60:1e:7a brd ff:ff:ff:ff:ff:ffinet 10.0.1.20/24 brd 10.0.1.255 scope global eno16777736valid_lft forever preferred_lft foreverinet6 fe80::20c:29ff:fe60:1e7a/64 scope linkvalid_lft forever preferred_lft forever
ip address flush – flush protocol addresses
ip addr flush dev IFACE
]# ip addr add 10.10.10.10/8 dev eth1 label eth1:0]# ip addr add 172.16.1.100/16 dev eth1 label eth1:1]# ip addr show eth13: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000link/ether 00:0c:29:ae:e4:e2 brd ff:ff:ff:ff:ff:ffinet 192.168.1.100/24 brd 192.168.1.255 scope global eth1inet 10.10.10.10/8 scope global eth1:0inet 172.16.1.100/16 scope global eth1:1]# ip addr flush dev eth1 ]# ip addr show eth1 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:ae:e4:e2 brd ff:ff:ff:ff:ff:ff
ip route – routing table management
ip route add – add new route
ip route change – change route
ip route replace – change or add new one
ip route add TYPE PREFIX via GW [dev IFACE] [src SOURCE_IP]
]# ip route add 172.16.0.0/16 via 10.0.1.2 dev eth0 src 10.0.1.6]# ip route show10.0.1.0/24 dev eth0 proto kernel scope link src 10.0.1.6192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.10172.16.0.0/16 via 10.0.1.2 dev eth0 src 10.0.1.6default via 10.0.1.2 dev eth0
]# ip route add default via 10.0.1.2 dev eth0]# ip route show10.0.1.0/24 dev eth0 proto kernel scope link src 10.0.1.6192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.10172.16.0.0/16 via 10.0.1.2 dev eth0 src 10.0.1.6default via 10.0.1.2 dev eth0
ip route delete – delete route
ip route del TYPE PRIFIX
]# ip route del 172.16.0.0/16]# ip route del default]# ip route show10.0.1.0/24 dev eth0 proto kernel scope link src 10.0.1.6192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.10
ip route show – list routes
TYPE PRIFIX
ip route get – get a single route
ip route get TYPE PRIFIX
]# ip route get 192.168.1.0/24broadcast 192.168.1.0 dev eth1 src 192.168.1.10cache <local,brd> mtu 1500 advmss 1460 hoplimit 64
ss命令:
ss [options] [ FILTER ]
选项:
-t:TCP协议的相关连接
-u:UDP相关的连接
-w:raw socket相关的连接
-l:监听状态的连接
-a:所有状态的连接
-n:数字格式
-p:相关的程序及其PID
-e:扩展格式信息
-m:内存用量
-o:计时器信息
FILTER := [ state TCP-STATE ] [ EXPRESSION ]
TCP的常见状态:
TCP FSM:
LISTEN:监听
ESTABLISEHD:建立的连接
FIN_WAIT_1:
FIN_WAIT_2:
SYN_SENT:
SYN_RECV:
CLOSED:
EXPRESSION:
dport =
sport =
示例:'( dport = :22 or sport = :22)’
~]# ss -tan ‘( dport = :22 or sport = :22 )’
~]# ss -tan state ESTABLISHED
原创文章,作者:N24_ViCi,如若转载,请注明出处:http://www.178linux.com/62526
评论列表(1条)
博客完成的非常好,有图有真相,有实验结果。加油!