Because the Linux system originated and developed on the Internet, it is born with powerful network functions and rich network application software, especially TCP/I
Because the Linux system originated and developed on the Internet, it is born with powerful network functions and rich network application software, in particular, the implementation of TCP/IP network protocols is particularly mature. Linux has many network commands, some of which can be seen on other operating systems, such as ping, ftp, telnet, route, and netstat.
Some Unix/Linux commands, such as ifconfig, finger, and mail. A
The feature is that there are many options and functions for command parameters. a command can also implement the functions of other commands.
Ifconfig
1. Role
Ifconfig is used to view and change network interface addresses and parameters, including IP addresses, network masks, and broadcast addresses,
The permission is a Super User.
2. Format
Ifconfig-interface [options] address
3. main parameters
-Interface: specifies the network interface name, such as eth0 and eth1.
Up: activate the specified network interface card.
Down: disable the specified network interface.
Broadcast address: set the broadcast address of the API.
Pointopoint: Enables Point-to-point.
Address: set the IP address of the specified interface device.
Netmask address: Set the subnet mask of the interface.
4. Application Description
Ifconfig is a command line tool used to set and configure the NIC. To manually configure the network, this is a must
. The advantage of using this command is that you do not need to restart the machine. To assign the eth0 interface IP address 207.164.186.2,
Activate it immediately and run the following command:
# Fconfig eth0 210.34.6.89 netmask 255.255.255.128 broadcast 210.34.6.127
This command is used to set the IP address, network mask, and local broadcast address of the network adapter eth0. If not
Ifconfig command with any parameters, this command will display all the machine activated and connected to the male I 4? Small? A "parameter
The command displays information about all interfaces, including interfaces that are not activated. Note: network devices configured using the ifconfig command
Parameter.
To pause a network interface, you can use the down parameter:
# Ifconfig eth0 down
Ip
1. Role
Ip is a powerful network configuration tool in the iproute2 software package. it can replace some traditional network management tools.
Tools, such as ifconfig and route, with the superuser permission. Almost all Linux releases support this
Command.
2. Format
Ip [OPTIONS] OBJECT [COMMAND [ARGUMENTS]
3. main parameters
OPTIONS is an option for modifying ip behavior or changing its output. All options start with A-character and are divided into long and short
. Currently, ip supports the options shown in Table 1.
An OBJECT is an OBJECT for administrators to obtain information. Currently, the ip addresses are identified in table 2.
Table 1 ip support options
-V and-Version print the ip Version and exit.
-S,-stats, and-statistics output more detailed information. If this option appears twice or multiple times
The information will be more detailed.
-F,-family is followed by the protocol type, including inet, inet6, or link.
Class. If there is not enough information to tell the protocol type used by the ip address, the default value is inet or any. Link comparison
Special. it indicates that no network protocol is involved.
-4 is short for-family inet.
-6 is short for-family inet6.
-0 is short for-family link.
-O and-oneline use single-line output for each record and replace the returned row with characters. If you want to use wc, grep, etc.
This option is used when the tool processes ip output.
-R,-resolve queries the domain name resolution system and replaces the host IP address with the obtained host name
COMMAND sets the operation performed on the specified object, which is related to the object type. Generally, ip addresses support
Add, delete, and show ). Some objects do not support these operations, or
Some of its commands. For all objects, you can use the help command for help. This command will list
Similar to the supported command and parameter syntax. If no operation command is specified for an object, the ip address uses the default command. General
The default command is list. if the object cannot be listed, the help command is executed.
ARGUMENTS are some parameters of commands, which depend on objects and commands. Ip supports two types of parameters:
Flag and parameter. Flag is composed of a keyword. parameter is composed of a keyword and a value. To
Convenience. each command has a default parameter that can be ignored. For example, the dev parameter is the default parameter of the ip link command,
Therefore, ip link ls eth0 is equal to ip link ls dev eth0. We will introduce the usage of each command in detail later.
The default parameters of the command are marked with default.
4. application instance
Add the IP address 192.168.2.2/24 to the eth0 Nic:
# Ip addr add 192.168.1.1/24 dev eth0
Discard all data packets whose source address belongs to the 192.168.2.0/24 network:
# Ip rule add from 192.168.2.0/24 prio 32777 reject
Ping
1. Role
Ping checks the network interface status of the host. The permission is granted to all users.
2. Format
Ping [-dfnqrRv] [-c] [-I] [-I] [-l] [-p] [-s] [-t] IP address
3. main parameters
-D: Use the Socket SO_DEBUG function.
-C: set the number of requests to respond.
-F: limit detection.
-I: specifies the number of seconds between sending and receiving information.
-I: the network interface uses the specified network interface to send data packets.
-L: the data packet that is sent before the request information is sent.
-N: only numbers are output.
-P: set the pattern for filling data packets.
-Q: The command execution process is not displayed, except for information related to the beginning and end.
-R: Ignore common Routing tables and directly send data packets to the remote host.
-R: records the routing process.
-S: Set the packet size.
-T: Set the TTL value.
-V: displays the instruction execution process in detail.
The ping command is the most commonly used network Command. we usually use it to check whether the network is connected. it uses the ICMP protocol.
Discussion. However, sometimes we can view a web page in the browser, but it cannot be pinged.
Some websites have installed firewalls for security reasons. In addition, you can try it on your computer.
So that the system does not respond to ping:
# Echo 1>/proc/sys/net/ipv4/icmp_echo_ignore_all
Netstat
1. Role
Check the network status of Linux.
2. Format
Netstat [-acCeFghilMnNoprstuvVwx] [-A] [-- ip]
3. main parameters
-A-all: displays the sockets in all connections.
-A: list the IP address and network type of the network connection.
-C-continuous: continuously lists the network status.
-C-cache: displays the cache information of the vro configuration.
-E-extend: displays other network-related information.
-F-fib: displays FIB.
-G-groups: displays a list of members of multiple broadcast groups.
-H-help: online help.
-I-interfaces: displays the network interface information form.
-L-listening: displays the Socket of the monitored server.
-M-masquerade: displays disguised network connections.
-N-numeric: the IP address is used directly instead of the domain name server.
-N-netlink-symbolic: displays the symbolic connection name of the network hardware peripheral device.
-O-timers: displays the timer.
-P-programs: displays the program identification code and program name using the Socket.
-R-route: displays the Routing Table.
-S-statistice: displays a statistical table of network work information.
-T-tcp: displays the connection status of the TCP transmission protocol.
-U-udp: displays the connection status of the UDP transmission protocol.
-V-verbose: displays the command execution process.
-V-version: displays the version information.
-W-raw: displays the RAW transmission protocol connection status.
-X-unix: it is the same as the specified "-A unix" parameter.
-Ip-inet: it is the same as the specified "-A inet" parameter.
4. application instance
Netstat is mainly used for Linux to check its own network conditions, such as the opened port and the user services
And service status. It also displays the system route table and network interface status. It can be said that it is a comprehensive
Network status check tool. By default, netstat only displays the ports with established connections. If you want to display
For all the ports in the listener status, use the-a parameter:
# Netstat-
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
Tcp 0 0 *: 32768 *: * LISTEN
Tcp 0 0 *: 32769 *: * LISTEN
Tcp 0 0 *: nfs *: * LISTEN
Tcp 0 0 *: 32770 *: * LISTEN
Tcp 0 0 *: 868 *: * LISTEN
Tcp 0 0 *: 617 *: * LISTEN
Tcp 0 0 *: mysql *: * LISTEN
Tcp 0 0 *: netbios-ssn *: * LISTEN
Tcp 0 0 *: sunrpc *: * LISTEN
Tcp 0 0 *: 10000 *: * LISTEN
Tcp 0 0 *: http *: * LISTEN
......
As shown above, this host provides HTTP, FTP, NFS, MySQL, and other services at the same time.
Telnet
1. Role
Telnet indicates to enable the terminal job and log on to the remote host. Telnet is a Linux command and
Is a protocol (remote login protocol ).
2. Format
Telnet [-8 acdEfFKLrx] [-B] [-e] [-k] [-l] [-n] [-S] [-X] [host name IP address <通信端口> ]
3. main parameters
-8: 8 characters are allowed, including input and output.
-A: Try to automatically log on to the remote system.
-B: use an alias to specify the remote host name.
-C: Do not read the. telnetrc file in the user's exclusive directory.
-D: Start the troubleshooting mode.
-E: Set the escape character.
-E: filter out the escape characters.
-F: the effect of this parameter is the same as that of the specified "-F" parameter.
-F: when Kerberos V5 is used for authentication, you can add this parameter to upload the authentication data of the local host to the remote host.
-K: when Kerberos authentication is used, add this parameter to allow the remote host to use the specified domain name instead of the domain name of the host.
-K: do not automatically log on to the remote host.
-L: specifies the name of the user to log on to the remote host.
-L: 8-character data can be output.
-N: specifies the file record information.
-R: use a user interface similar to the rlogin command.
-S: service type. set the IP address TOS required for the telnet connection.
-X: if the host supports data encryption, use it.
-X: disable the specified authentication format.
4. Application Description
You can use the telnet command to remotely log on and communicate with each other. User access through the network
Log on to a remote computer, just like logging on to a local machine and executing commands. To log on to a remote server through telnet
On the computer, you must know the valid user name and password on the remote machine. Although some systems do provide remote users with logon
To ensure security, you must restrict the operation permissions of the guests.
Less.
Telnet only provides terminal simulation for common terminals, but does not support graphic environments such as X-Window. When remote user login is allowed
During recording, the system usually places these users in a restricted Shell to prevent the system from being maliciously or accidentally
User destruction. You can also use telnet to log on to your computer from a remote site and check the email and edit
File and running program, just like logging on locally.
Ftp
1. Role
Ftp command for remote file transmission. FTP is the standard file transfer protocol of ARPANet.
The predecessor of Internet, ftp is both a protocol and a command.
2. Format
Ftp [-dignv] [host name IP address]
3. main parameters
-D: displays the instruction execution process in detail to facilitate troubleshooting of program execution.
-I: disable the interaction mode without asking any questions.
-G: disable the extension feature of special characters for the local host file name.
-N: automatic login is not used.
-V: displays the command execution process.
4. Application Description
The ftp command is a user interface of the standard file transfer protocol. it is simple to transmit files between TCP/IP network computers.
It allows users to transmit ASC Ⅱ files and binary files. To use ftp to transfer files, you must
Must know the valid user name and password on the remote computer. This user name/password combination is used to confirm the ftp session, and
To determine the user's access to the file to be transferred. In addition, you need to know how to perform an ftp session.
The IP address of the computer name.
You can use an ftp client program to connect to another computer. you can move up or down a column in a directory.
Directory content. you can copy files from a remote computer to a local computer. you can also transmit files from a local computer to a remote computer.
Process System. There are 72 ftp internal commands. The following lists the main internal commands:
Ls: list the current directory of the remote machine.
Cd: change the working directory on a remote machine.
LCD: change the working directory on the local machine.
Close: terminate the current ftp session.
Hash: a # number is displayed after data in the data buffer is transmitted each time.
Get (mget): transfers a specified file from a remote machine to a local machine.
Put (mput): transfers a specified file from a local machine to a remote machine.
Quit: disconnect from the remote machine and exit ftp.
Route
1. Role
Route indicates that the route table is manually generated, modified, and viewed.
2. Format
# Route [-add] [-net |-host] targetaddress [-netmask Nm] [dev] If]
# Route [-delete] [-net |-host] targetaddress [gw Gw] [-netmask Nm] [dev] If]
3. main parameters
-Add: add a route.
-Delete: delete a route.
-Net: a route arrives at a network, not a host.
-Host: The route arrives at a host.
-Netmask Nm: specifies the subnet mask of the route.
Gw: the gateway of the specified route.
[Dev] If: forces the specified interface of the route chain.
4. application instance
The route command is used to view and set the route information of the Linux system for communication with other networks. Two
For communication between different subnets, a vro connecting two networks or a gateway located at the same time
.
In Linux, routing is usually set to solve the following problems:
There is a gateway in the network to allow machines to access the Internet, so you need to set the IP address of this machine
The default route of the Linux machine. Use the following command to add a default route:
Route add 0.0.0.0 192.168.1.1
Rlogin
1. Role
Rlogin is used for remote registration.
2. Format
Rlogin [-8 EKLdx] [-e char] [-k realm] [-l username] host
3. main parameters
-8: This option always allows an 8-bit input data channel. This option allows sending formatted ANSI characters and other features
Special code. If this option is not used, the parity bit will be removed unless the remote end is not a termination or start character.
-E: stop using any character as an escape character. When used together with the-8 option, it provides a completely transparent connection
.
-K: disable all Kerberos validation. This parameter is used only when it is connected to a host using the Kerberos validation protocol.
.
-L: allows the rlogin session to run in litout mode. For more information, see The tty online help.
-D: Open the socket debugging of TCP sockets that communicates with the remote host. For more information, see
Setsockopt online help.
-E: Set the escape character for the rlogin session. the default escape character is "~".
-K: requests rlogin to obtain Kerberos permission for the remote host in the specified region, instead of obtaining
Kerberos permission for the remote host in the remote host area determined by krb_realmofhost (3.
-X: enable DES encryption for all data transmitted through the rlogin session. This will affect the response time and CPU utilization,
But it can improve security.
4. Instructions for use
If you have an account on different systems on the network, or you can access another account on another system
To access an account in another system, you must first register it in the system, and then remotely register it to the system where the account is located through the network.
Unified. Rlogin can be remotely registered to another system. its parameter should be a system name.
Rcp
1. Role
Rcp indicates remote file copy. it is used to copy files between computers. The permission is granted to all users.
2. Format
Rcp [-px] [-k realm] file1 file2 rcp [-px] [-r] [-k realm] file
3. main parameters
-R: recursively copy all content in the source directory to the target directory. To use this option, the purpose must be 1.
Directory.
-P: tries to retain the modification time and mode of the source file, ignoring umask.
-K: requests the rcp to obtain the Kerberos permission for the remote host in the specified region, instead of obtaining
Kerberos permission for the remote host in the remote host area determined by krb_relmofhost (3.
-X: enable DES encryption for all transmitted data.
Finger
1. Role
Finger is used to query the login account information on a host. it usually displays the user name, main directory, and the suspension time.
, Logon time, logon Shell, and other information. The permission is for all users.
2. Format
Finger [option] [user] [user @ host]
3. main parameters
-S: displays the user registration name, actual name, terminal name, write status, stagnation time, logon time, and other information.
-L: in addition to the information displayed with the-s option, it also displays the user's home directory, logon Shell, Mail status, and other information,
And the. plan,. project, and. forward files in the user's main directory.
-P: except for not displaying the. plan and. project files, it is the same as the-l option.
4. application instance
Use finger on a computer:
[Root @ localhost root] # Finger
Login Name Tty Idle Login Time Office Phone
Root tty1 2 Dec 15 11
Root pts/0 1 Dec 15 11
Root * pts/1 Dec 15 11
5. Application Description
To query user information on a remote machine, you need to add "@ host name" to the user name, and use the [user name @ master
Host Name] format, but the network host to be queried must be supported by the finger daemon.
Mail
1. Role
Mail is used to send emails. The permission is granted to all users. In addition, mail is an email program.
2. Format
Mail [-s subject] [-c address] [-B address]
Mail-f [mailbox] mail [-u user]
3. main parameters
-B address: list of anonymous recipient addresses for output information.
-C address: the CC () recipient address list of the output information.
-F [mailbox]: reads emails from the mailbox specified by the inbox.
-S subject: specifies the main line of the output information.
[-U user]: Port specifies the optimized inbox to read emails.
Nslookup
1. Role
The nslookup command is used to query the IP address of a machine and its corresponding domain name. Grant permissions to all users. It
A domain name server is usually required to provide the domain name service. If you have already set the domain name server, you can use this
Command to view the domain name corresponding to the IP address of different hosts.
2. Format
Nslookup [IP address/domain name]
3. application instance
(1) use the nslookup command on the local computer
$ Nslookup
Default Server: name.cao.com.cn
Address: 192.168.1.9
>
Enter the domain name of the IP address to be queried after the symbol ">" and press enter. To exit the command, enter"
And press enter.
(2) run the nslookup command to test named.
Enter the following command:
Nslookup
Then enter the switched nslookup environment. If named is started normally, nslookup will display the current DNS service
The address and domain name of the device. otherwise, named cannot be started properly.
The following describes some basic DNS diagnostics.
◆ Check for forward DNS resolution. enter the host name with the domain name at the nslookup prompt, for example, hp712.my.com,
Nslookup should display the IP address corresponding to the host name. If only hp712 is input, nslookup will
/Etc/resolv. conf definition, automatically add the my.com domain name, and answer the corresponding IP address.
◆ Check reverse DNS resolution and enter an IP address at the nslookup prompt, for example, 192.22.33.20,
Nslookup should be able to answer the host name corresponding to the IP address.
◆ Check the MX email address record and enter at the nslookup prompt:
Set q = mx
Enter a domain name, my.com and mail.my.com, and nslookup should be able to answer the corresponding email service.
Support.my.com and support2.my.com.
Hands-on exercises
1. dangerous network commands
The development of the Internet makes security a problem that cannot be ignored. finger, ftp, rcp, and telnet are essentially
Because they transmit passwords and data in plain text on the network, the sniffer can easily intercept these
Password and data. In addition, the security authentication methods of these service programs are also vulnerable to "intermediate servers ".
. Here I will list some unsafe commands according to the hazard level, as shown in Table 3.
Currently, ftp and telnet can be bound to port 22 by using SSH commands.
RSA encryption. After the authentication is complete, all subsequent traffic is encrypted using IDEA. SSH (Secure
Shell) the program can log on to the remote host over the network and execute commands. Rcp, rlogin, and other remote call commands
Gradually replaced by VNC software.
2. bind multiple IP addresses to a network card
In Linux, you can use ifconfig to easily bind multiple IP addresses to one Nic. For example
If the original IP address is 192.168.0. 254, run the following command:
Ifconfig eth0: 0 192.168.0.253 netmask 255.255.255.0
Ifconfig eth0: 1 192.168.0.252 netmask 255.255.255.0
......
3. modify the MAC address of the NIC
First, you must disable the Nic device. the command is as follows:
/Sbin/ifconfig eth0 down
Run the following command to modify the MAC address:
/Sbin/ifconfig eth0 hw ether 00: AA: BB: CC: DD: EE
Enable Nic again:
/Sbin/ifconfig eht0 up
The MAC address of the NIC is changed. The MAC address of each network adapter is unique, but it cannot be modified.
Ensure the uniqueness of the MAC address in the network.
4. initial deployment of IPv6
The IPv4 technology plays a huge role in the development of the network, but with the passage of time
IPv6 is eager to provide, service quality, and security. Linux is all operating systems
IPv6 is the first supported. generally, IPv6 can be used directly in Linux versions based on the 2.4 kernel.
If you want to release a version that does not have an IPv6 module loaded, you can use commands to manually load it. This requires the permissions of the Super User.
(1) load the IPv6 module
Run the command to detect the eth0 Nic. inet6 addr: fe80: 5054: abff: fe34: 5b09/64
IPv6 address.
# Modprobe IPv6
# Ifconfig
Eth0 Link encap: Ethernet HWaddr 52: 54: AB: 34: 5B: 09
Inet addr: 192.168.1.2 Bcast: 192.168.1.255 Mask: 255.255.255.0
Inet6 addr: fe80: 5054: abff: fe34: 5b09/64 Scope: Link
Up broadcast running multicast mtu: 1500 Metric: 1
RX packets: 0 errors: 0 dropped: 0 overruns: 0 frame: 0
TX packets: 21 errors: 0 dropped: 0 overruns: 0 carrier: 0
Collisions: 0 fig: 100
RX bytes: 0 (0.0 B) TX bytes: 1360 (1.3 Kb)
Interrupt: 5 Base address: 0xec00
(2) use the ping command to check whether the IPv6 address of the NIC is valid.
# Ping6-I eth0-c 2 fe80 :: 200: e8ff: fea0: 2586
Unlike IPv4, you must specify a Nic interface when using the ping6 command. Otherwise, the system does not know how to send data packets.
The network device to which the device is sent. I indicates that the Interface and eth0 are the first NICs,-c indicates the loop, and 2 indicates the ping6 operation.
Twice. The results are shown in.
Ping6 command in IPv6 network
(3) use the ip command to add an ip address for eth0 in IPv6
# Ip-6 addr add 3ffe: ffff: 0: f101 :: 1/64 dev eth0
Run the ifconfig command to check whether the second IPv6 address appears on the NIC.
The main advantage of Linux network is that it can share resources and information, and users can access information remotely.
Linux provides a set of powerful network commands to serve users. these tools can help users set the network,
Check network conditions, log on to a remote computer, transfer files, and execute remote commands.
The above describes the important network commands in Linux. In fact, there are still many commands to learn about in Linux. Linux
One of the features of operating commands is that there are many command parameter options and not all of them need to be remembered. The key is to understand the main purpose of the command and learn to use help information.