Linux Network commands

Linux Network commands
This article describes network-related commands. The author assumes that the reader has the basic knowledge of the TCP/IP protocol stack. Only the basic usage and general descriptions of related commands and their output are described. The specific protocols are not described in detail.

Nowadays, the network is undoubtedly very important. linux provides a wide range of Network Testing and management commands. Let's take a look at them.

The content is as follows:1. Send the TCMP echo request packet through ping and wait for the response to the TCMP echo request.

ping[OPTIONS]...destination

The destination can be the destination IP address or domain name/Host Name.
Option-c specifies the number of requests sent. When ping does not have any options, the request message will be sent until it is manually terminated in linux by default.

 [root@centos7~]#ping-c3www.baidu.com PINGwww.a.shifen.com(61.135.169.121)56(84)bytesofdata. 64bytesfrom61.135.169.121:icmp_seq=1ttl=52time=1.35ms 64bytesfrom61.135.169.121:icmp_seq=2ttl=52time=1.32ms 64bytesfrom61.135.169.121:icmp_seq=3ttl=52time=1.22ms ---www.a.shifen.compingstatistics--- 3packetstransmitted,3received,0%packetloss,time2003ms rttmin/avg/max/mdev=1.225/1.303/1.359/0.064ms

First, the ping program sends a request to the Domain Name Server (DNS) to resolve the IP address of the domain name www.baidu.com. DNS returns an alias www.a.shifen.com for the domain name and the corresponding IP address 61.135.169.121. Then the ping program starts to send a request message to this address, one packet per second. ping receives the ICMP echo response and displays the result on the terminal, including the ICMP serial number (icmp_seq ), ttl and Packet Round-trip time ). Finally, the summary information is provided, including the total message sending and receiving status, total time, minimum round-trip time, average value, maximum value, and average deviation (the larger the difference, the more unstable the network ).

[root@centos7~]#pingwww.a.comping:unknownhostwww.a.com

When the destination domain name cannot resolve the IP address, an unknown host error is reported.

[Root @ centos7 ~] # Ping192.168.0.1PING192.168.0.1 (192.168.0.1) 56 (84) bytesofdata. ^ C # press CTRL + C to manually terminate the process --- 192.168.0.1pingstatistics --- 6 packetstransmitted, 0 received, 100% packetloss, time4999ms

No icmp echo packet is received when the destination IP address is not routed.

[root@centos7~]#ping-c210.0.1.2PING10.0.1.2(10.0.1.2)56(84)bytesofdata.From10.0.1.254icmp_seq=1DestinationHostUnreachableFrom10.0.1.254icmp_seq=2DestinationHostUnreachable---10.0.1.2pingstatistics---2packetstransmitted,0received,+2errors,100%packetloss,time999mspipe2

The Destination Host Unreachable error is displayed when a route with a Destination IP address cannot be reached ).
ICMP echo response also includes request time out and other types.

2. hostname: displays or sets the system Host Name.

hostname[OPTIONS]...[NAME]

When you directly execute the command hostname, the host name is displayed:

[root@centos7temp]#hostnamecentos7[root@centos7temp]#

This host name is returned by the system's gethostname (2) function.
You can temporarily change the host NAME by executing the command hostname:

[root@centos7temp]#hostnameNAME[root@centos7temp]#hostnameNAME

This temporary modification actually modifies a kernel Parameter in linux kernel that is the same as the hostname, Which is saved in/proc/sys/kernel/hostname. If Permanent modification is required, the configuration file/etc/sysconfig/network needs to be modified, and/etc/hostname needs to be modified in centos7. Note that if the host name in the configuration file is localhost or localhost. when localdomain is used, the system obtains the IP address of the network interface, uses this address to find the corresponding host name in the/etc/hosts file, and then sets it as the final hostname.

3. host DNS query

hostname

Run the host command to query the IP address of the name on the DNS server specified in the configuration file/etc/resolv. conf:

[root@centos7temp]#hostwww.baidu.comwww.baidu.comisanaliasforwww.a.shifen.com.www.a.shifen.comhasaddress61.135.169.121www.a.shifen.comhasaddress61.135.169.125

4. dig DNS

The dig and host commands have the same syntax, but provide more detailed information and more options:

[Root @ centos7 ~] # Digwww.baidu.com; <> DiG9.9.4-RedHat-9.9.4-29.el7_2.2 <> www.baidu.com; globaloptions: + cmd; Gotanswer:;-> HEADER <-opcode: QUERY, status: NOERROR, id: 22125; flags: qrrdra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0; QUESTIONSECTION:; www.baidu.com. INA; ANSWERSECTION: summary. 113INA61. 135.169.121; Querytime: 2 msec; SERVER : 223.5.5.5 #53 (223.5.5.5); WHEN: 4 August 12: 31: 20CST2016; MSGSIZErcvd: 90 [root @ centos7 ~] #

If you only query the record of A domain name and display it in short format:

[root@centos7~]#digwww.baidu.comA+shortwww.a.shifen.com.61.135.169.12561.135.169.121[root@centos7~]#

Or:

[root@centos7~]#dig+nocmdwww.baidu.comA+noall+answerwww.baidu.com.252INCNAMEwww.a.shifen.com.www.a.shifen.com.252INA61.135.169.125www.a.shifen.com.252INA61.135.169.121

You can also use @ server to specify the DNS server:

[root@centos7~]#dig+noall+answerwww.baidu.comA@8.8.8.8www.baidu.com.21INCNAMEwww.a.shifen.com.www.a.shifen.com.263INA61.135.169.125www.a.shifen.com.263INA61.135.169.121

For more commands and options, Run man.

5. traceroute or tracepath route tracking

[root@centos7~]#tracepathwww.baidu.com1?:[LOCALHOST]pmtu1500 1:10.0.1.1030.396ms 1:10.0.1.1030.350ms 2:210.51.161.11.187msasymm3 3:210.51.161.18.186ms 4:210.51.175.811.117ms 5:61.148.142.618.554msasymm12 6:61.148.147.131.694msasymm12 7:123.126.8.1173.934msasymm10 8:61.148.155.462.703msasymm10 ....

Here, only some outputs are listed, indicating the route tracing to the destination address. Each hop is returned.

6. configure network interfaces in ifconfig

When the command does not have any parameters, the information of all network interfaces is displayed:

[root@centos7~]#ifconfigens32:flags=4163<UP,BROADCAST,RUNNING,MULTICAST>mtu1500       inet172.20.71.254netmask255.255.255.0broadcast172.20.71.255       inet6fe80::250:56ff:fea4:fe34prefixlen64scopeid0x20<link>       ether00:50:56:a4:fe:34txqueuelen1000(Ethernet)       RXpackets11996157bytes775368588(739.4MiB)       RXerrors0dropped0overruns0frame0       TXpackets12bytes888(888.0B)       TXerrors0dropped0overruns0carrier0collisions0ens33:flags=4163<UP,BROADCAST,RUNNING,MULTICAST>mtu1500inet10.0.1.254netmask255.255.255.0broadcast10.0.1.255       inet6fe80::250:56ff:fea4:a09prefixlen64scopeid0x20ether00:50:56:a4:0a:09txqueuelen1000(Ethernet)  RXpackets20941185bytes1307830447(1.2GiB)    RXerrors0dropped0overruns0frame0 TXpackets147552bytes11833605(11.2MiB)   TXerrors0dropped0overruns0carrier0collisions0   lo:flags=73<UP,LOOPBACK,RUNNING>mtu65536   inet127.0.0.1netmask255.0.0.0 inet6::1prefixlen128scopeid0x10   looptxqueuelen1(LocalLoopback)    RXpackets0bytes0(0.0B)  RXerrors0dropped0overruns0frame0TXpackets0bytes0(0.0B)TXerrors0dropped0overruns0carrier0collisions0[root@centos7~]#

In this example, information about two NICs, ens32 and ens33, and loopback loose lo, including mtu, IP address, mask, mac address, and the amount of data transmitted and received is displayed.
Option-s shows simplified information:

[root@idc-v-71253~]#ifconfig-sens32IfaceMTURX-OKRX-ERRRX-DRPRX-OVRTX-OKTX-ERRTX-DRPTX-OVRFlgens3215001199695100012000BMRU

For example, add a new address 10.0.1.4 to ens33:

[Root @ centos7 ~] # Ifconfigens33: 010.0.1.4/24up [root @ centos7 ~] # Ifconfigens33: 0ens33: 0: flags = 4163 <UP, BROADCAST, RUNNING, MULTICAST> mtu1500 0000ether00: 50: 56: a4: 0a: 09txqueuelen1000 (Ethernet) command/24 indicates the interface address mask. up indicates that this interface is enabled. Note: If the IP address is already in use, it will still be set successfully, but there may be conflicts when the IP address is accessed. Disable an interface:

[root@centos7~]#ifconfigens33:0down

If you need to add or modify the address of the current interface permanently, it is best to directly edit the IPADDR field in the NIC configuration file/etc/sysconfig/network-scripts/ifcfg-ens33 (other systems change to the appropriate file, restart the network systemctl restart network or service network restart to take effect.

7. arp and arping

The command arp displays the system's arp cache, and the command arping sends ARP requests to neighboring hosts.

[root@idc-v-71253~]#arp-a?(10.0.1.1)at68:8f:84:01:f1:ff[ether]onens33?(10.0.1.102)at00:50:56:a4:18:9a[ether]onens33?(10.0.1.254)at00:50:56:a4:a9:16[ether]onens33?(10.0.1.10)at00:50:56:a4:d2:e4[ether]onens33?(10.0.1.104)at00:50:56:a4:37:a7[ether]onens33

? Indicates the unknown domain name, and the last Nic name indicates the network interface corresponding to the arp table item
If an address is unstable, you can use arping to test whether the address is a MAC address conflict:

[root@centos7~]#arping10.0.1.252-Iens33ARPING10.0.1.252from10.0.1.254ens33Unicastreplyfrom10.0.1.252[00:50:56:A4:65:71]0.843msUnicastreplyfrom10.0.1.252[00:50:56:A4:0A:09]1.034ms

The MAC addresses in the two returned messages are different, indicating that two NICs are configured with the same IP address. Option-I specifies the network interface for sending arp requests.
If you have changed the IP address of the NIC but the arp entries of the upstream devices (such as switches) are still old, you can use arping to force Refresh:

[root@centos7~]#arping-c3-Iens33-s10.0.1.25410.0.1.1ARPING10.0.1.1from10.0.1.254ens33Unicastreplyfrom10.0.1.1[68:8F:84:01:F1:FF]19.466msUnicastreplyfrom10.0.1.1[68:8F:84:01:F1:FF]2.358msUnicastreplyfrom10.0.1.1[68:8F:84:01:F1:FF]24.305msSent3probes(1broadcast(s))Received3response(s)

-C specifies the number of arp requests sent,-s specifies the source address, and the final IP Address indicates the Sending target (here the gateway address ).

8. route displays or changes the route table

[root@centos7~]#routeKernelIProutingtableDestinationGatewayGenmaskFlagsMetricRefUseIface10.0.1.00.0.0.0255.255.255.0U000ens33link-local0.0.0.0255.255.0.0U100200ens32link-local0.0.0.0255.255.0.0U100300ens33172.20.71.00.0.0.0255.255.255.0U000ens32192.168.78.010.0.1.104255.255.255.0UG000ens33

Destination indicates the Destination CIDR block or target host, Gateway indicates the Gateway address, Genmask indicates the mask of the Destination CIDR block, and Flags indicates the route flag. A indicates that the route is up and G indicates the Gateway; metric indicates the target distance, which is usually expressed by the number of hops; Ref indicates the number of Route references; Use indicates the route Query Count; Iface indicates the egress of the route.
Option-n indicates that the destination CIDR block is displayed in numbers.
Options add and del indicate adding or deleting a route.
Option-net and netmask indicate specifying the destination CIDR Block and mask.
Option gw indicates the specified gateway.
The dev IF option specifies the egress Nic.
For example, add a route entry to 192.56.76.x and set its egress to ens32:

routeadd-net192.56.76.0netmask255.255.255.0devens32

If you add a default route entry, specify its gateway as 10.0.1.1.

routeadddefaultgw10.0.1.1

If you add a route entry to 172.20.70.0, the gateway is 10.0.1.2.

routeadd-net172.20.70.0/24gw10.0.1.2

For example, delete the default route

routedeldefault

9. telnet provides remote logon.

Because the telnet protocol uses plain text transmission, it is not applicable in environments requiring secure login. Now it is usually used for port testing of network services:

[Root @ centos7 ~] # Telnet10.0.1.25180trying10.0.1.20.... Connectedto10.0.1.251.Escapecharacteris '^]'. ^] # press CTRL +] Here, or press CTRL + C to force exit. Telnet> quitConnectionclosed.

The peer port 80 is enabled and communication is allowed. When the peer port is not enabled:

[root@centos7~]#telnet10.0.1.25181Trying10.0.1.251...telnet:connecttoaddress10.0.1.251:Noroutetohost

When the peer connection is rejected:

[root@centos7~]#telnet10.0.1.2518085Trying10.0.1.251...telnet:connecttoaddress10.0.1.251:Connectionrefused

10. ssh remote login program

ssh[OPTIONS]...[user@]hostname[command]

The full name of ssh is Secure Shell, which provides Secure and encrypted communication between insecure network hosts. It is designed to replace other remote logon protocols.

[Root @ centos7 ~] # Ssh10.0.1.253Theauthenticityofhost '10. 0.1.253 (10.0.1.253) 'CAN' tbeestablished. ECDSAkeyfingerprintis96: bd: a3: a7: 87: 09: 1b: 53: 44: 4c: 9b: b9: 5f: b2: 97: 89. areyousureyouwanttocontinueconnecting (yes/no )? Yes # input yesWarning: Permanentlyadded '10. 0.1.253 '(ECDSA) tothelistofknownhosts.root@10.0.1.253' spassword: # enter the password Lastlogin: FriNov1109: 04: 012016from192. 168.78.20.[ root @ idc-v-71253 ~] # Logged on

If you directly log on to the host using the ssh command and the Host IP address, the default user root is used for Logon. If this is the first logon, you need to confirm that the authentication key of the host is added. When yes is entered, the local/root /. add a record for this host to ssh/known_hosts. You do not need to confirm the record for the next logon. Then you need to enter the user password. After verification, we get a shell of the target host, and we can execute the command in this shell.
Enter exit in the new shell to return to the original shell.
If you need to log on to a host frequently, but do not want to enter the password every time, you can set a password-free Logon:

[Root @ centos7 ~] # Ssh-keygen-trsaGeneratingpublic/privatersakeypair. enterfileinwhichtosavethekey (/root /. ssh/id_rsa): # Press ENTER Enterpassphrase (emptyfornopassphrase): # Press ENTER Entersamepassphraseagain: # Press ENTER Youridentificationhasbeensavedin/root /. ssh/id_rsa. # Private Key Yourpublickeyhasbeensavedin/root /. ssh/id_rsa.pub. # Public Key Thekeyfingerprintis: be: c3: d0: 02: 50: 35: 35: fe: 60: d6: 2f: 26: 96: f0: e1: e6root @ centos7Thekey 'srandomartimageis: + -- [RSA2048] ---- + |... O. o |. oo | .. *. |. * =. | .. S +. | o =. o. | + E | o. | .. | + --------------- + [root @ centos7 ~] # [Root @ centos7 ~] # Ssh-copy-id10.0.1.253/usr/bin/ssh-copy-id: INFO: attemptingtologinwiththenewkey (s), tofilteroutanythatarealreadyinstalled/usr/bin/ssh-copy-id: INFO: 1key (s) remaintobeinstalled--ifyouarepromptednowitistoinstallthenewkeysroot@10.0.1.253 'spassword: Numberofkey (s) added: 1 nowtrylogging1_themachine, with: "ssh '10. 0.1.253 '"andchecktomakesurethatonlythekey (s) youwantedwereadded. [root @ centos7 ~] #

The command ssh-keygen is used to generate the public key and the option-t specifies the key type. Then use the command ssh-copy-id to send the public key to the target host. Enter the user password of the target host. Then you can log on without a password:

[root@centos7~]#ssh10.0.1.253Lastlogin:FriNov1111:08:372016from10.0.1.254[root@idc-v-71253~]#

You can also remotely execute commands through ssh:

[Root @ centos7 ~] # Ssh10.0.1.252 "hostname" root@10.0.1.252 'spassword: # Enter Password idc-v-71252 # display command results [root @ centos7 ~] # Do not log on

Or manually copy the public key to the target host:

[Root @ centos7 ~] # Cat/root/. ssh/id_rsa.pub | ssh10.0.1.252 "cat->/root/. ssh/authorized_keys" root@10.0.1.252 'spassword: # enter the password [root @ centos7 ~] # Ssh10.0.1.252 # password-free login Lastlogin: ThuNov1014: 42: 112016from192. 168.78.135 [root @ idc-v-71252 ~] #

Option-p specifies the port for Logon:

[root@centos7temp]#ssh-p2210.0.1.252Lastlogin:FriNov1111:44:312016from10.0.1.254[root@idc-v-71252~]#

Set the Port in the server configuration file/etc/ssh/sshd_config. The default Port number is 22. If you change the Port number, remove the # Port 22 comment and Change 22 to the required Port, restart the sshd service sshd restart or systemctl restart sshd.
If another user needs to log on to the system, run ssh user @ host.
We can use the tar command in combination with ssh and pipelines to back up local (remote) files to remote (local ):

Tarzc/home/temp | sshuser @ host "tarxz" # back up the local temp directory to the remote sshuser @ host "tarcz/home/temp" | tarxz # back up the remote temp directory to the local directory

Option-L [bind_address:] port: host: hostport

[Root @ centos7 ~] # Ssh-L2222: 10.0.1.252: 2210.0.1.253Lastlogin: MonNov1410: 34: 432016from10. 0.1.254 [root @ idc-v-71253 ~] # Note that if exit is disconnected, the forwarding will also be terminated.

This command binds the local port 2222 and forwards all data sent to this port to port 22 of the target host 10.0.1.252 through the intermediate host 10.0.1.253, in this case, if you use ssh to log on to port 2222 of the local machine, the actual logon is host 10.0.1.252.

[root@centos7~]#ssh-p2222127.0.0.1Lastlogin:MonNov1410:34:562016from10.0.1.253[root@idc-v-71252~]#

The local loopback port 127.0.0.1 is bound by default. If it is bound to another address, bind_address is set according to the syntax.
Option-N indicates that the command is not executed. It is useful only when port forwarding is set.
Because the above port forwarding command ssh-L 2222:10. 0.1.252: 22 10.0.1.253 will log on to the intermediate host, and port forwarding will be terminated after exiting. If you use the-N option, it will not log on, and then run the command in conjunction with the shell background, it will be a good option to set port forwarding (but you must note that password-free login is required for the intermediate host ):

[root@centos7~]#ssh-N-L2222:10.0.1.252:2210.0.1.253&[1]12432[root@centos7~]#

The final symbol of the command & indicates that the command will be executed in the background. In the returned message, [1] indicates the background command number, and 12432 indicates the command PID. (The shell background commands will be described in later articles)
Option-R [bind_address:] port: host: hostport
For example, run the following command on 10.0.1.253:

ssh-R2222:10.0.1.252:2210.0.1.254

Then log on to 10.0.1.254:

[root@centos7~]#ssh-p2222localhostLastlogin:MonNov1410:40:442016from10.0.1.253[root@idc-v-71252~]#

This means that the remote host 10.0.1.254 (compared with 10.0.1.253) listens to port 2222, and then forwards all data sent to this port to port 22 of the target host 10.0.1.252. Then, when you log on to port 2222 of the local host in 10.0.1.254, the target host 10.0.1.252 is actually logged on through the intermediate host 10.0.1.253.
OPTION-o OPTION specifies the options in the configuration file (such as/etc/ssh/sshd_config)
-O StrictHostKeyChecking = no can be added to avoid entering yes during the first login.

11. scp Remote File copying

scp[OPTIONS]...[[user@]host1:]file1...[[user@]host2:]file2

The scp command uses the ssh protocol to encrypt data transmission. Similar to ssh logon, you need to enter the remote host user password.
For example, copy the file/root/tcp. sh from the remote host 10.0.1.253 to the local directory:

[root@centos7~]#scproot@10.0.1.251:/root/a.txt./root@10.0.1.251'spassword:a.txt100%1250.1KB/s00:00[root@centos7~]#

The command displays the transmission status (transmission percentage, size, speed, and time ).
Copying a local file to a remote location is nothing more than replacing the source and destination.
Option-P specifies the remote connection port (ssh service port), and-o ssh_option uses the ssh option.
Option-l limit transmission speed limit. The unit of limit is Kbit/s.
Similar to the command cp, option-r indicates the copy directory, and-p indicates the File Permission retention time.

12. netstat prints Network Information

Option-a displays all port information:

[root@centos7~]#netstat-aActiveInternetconnections(serversandestablished)ProtoRecv-QSend-QLocalAddressForeignAddressStatetcp000.0.0.0:ssh0.0.0.0:*LISTENtcp00localhost:smtp0.0.0.0:*LISTENtcp05210.0.1.254:ssh192.168.78.143:49583ESTABLISHEDtcp600[::]:commplex-main[::]:*LISTENtcp600[::]:4243[::]:*LISTENtcp600[::]:ssh[::]:*LISTENtcp600localhost:smtp[::]:*LISTENraw600[::]:ipv6-icmp[::]:*7raw600[::]:ipv6-icmp[::]:*7ActiveUNIXdomainsockets(serversandestablished)ProtoRefCntFlagsTypeStateI-NodePathunix2[ACC]STREAMLISTENING12807/run/systemd/privateunix2[ACC]STREAMLISTENING12815/run/lvm/lvmpolld.socketunix2[]DGRAM12818/run/systemd/shutdowndunix2[ACC]STREAMLISTENING16403/var/run/dbus/system_bus_socket....

Only some information is displayed here.
Option-t: Display TCP connection information
Option-n: Display IP addresses without domain name Conversion
Option-p: Display PID and program name

[root@centos7~]#netstat-antpActiveInternetconnections(serversandestablished)ProtoRecv-QSend-QLocalAddressForeignAddressStatePID/Programnametcp000.0.0.0:220.0.0.0:*LISTEN1358/sshdtcp00127.0.0.1:250.0.0.0:*LISTEN2162/mastertcp05210.0.1.254:22192.168.78.143:49583ESTABLISHED12044/sshd:root@pttcp600:::5000:::*LISTEN17222/docker-proxytcp6       0      0 :::4243                 :::*                    LISTEN      16983/docker   tcp600:::22:::*LISTEN1358/sshdtcp600::1:25:::*LISTEN2162/master[root@centos7~]#

Proto indicates the Protocol (including TCP and UDP); Recv-Q and Send-Q indicate the receiving and sending queues, which are generally 0, if the value is not 0, data is waiting for processing in the Local receiving or sending cache. Local Address and Foreign Address indicate the Local Address and remote Address respectively. State indicates the connection status, it corresponds to various TCP connection statuses. PID/Program name indicates the process number and Program name.
Option-l indicates only LISTEN connections are displayed.

[root@centos7~]#netstat-ntlActiveInternetconnections(onlyservers)ProtoRecv-QSend-QLocalAddressForeignAddressStatetcp000.0.0.0:220.0.0.0:*LISTENtcp00127.0.0.1:250.0.0.0:*LISTENtcp600:::5000:::*LISTENtcp600:::4243:::*LISTENtcp600:::22:::*LISTENtcp600::1:25:::*LISTEN[root@centos7~]#

Option-utable displays UDP connection information
Option-r indicates displaying route information

[root@centos7~]#netstat-rKernelIProutingtableDestinationGatewayGenmaskFlagsMSSWindowirttIfacedefault10.0.1.1030.0.0.0UG000ens3310.0.1.00.0.0.0255.255.255.0U000ens33172.20.71.00.0.0.0255.255.255.0U000ens32192.168.78.010.0.1.104255.255.255.0UG000ens33

Option-I: Display Interface Information

[root@centos7~]#netstat-iKernelInterfacetableIfaceMTURX-OKRX-ERRRX-DRPRX-OVRTX-OKTX-ERRTX-DRPTX-OVRFlgens3215001319610707703246000BMRUens3315002531238808802516050000BMRUlo6553625035890002503589000LRU

13. tcpdump network packet capture tool

Command tcpdump capture a network interface that conforms to the expression of the packet, and print the description of the packet content.
Option-I:

[root@idc-v-71253~]#tcpdump-iens33tcpdump:verboseoutputsuppressed,use-vor-vvforfullprotocoldecodelisteningonens33,link-typeEN10MB(Ethernet),capturesize65535bytes15:41:59.121948IP10.0.1.108.3693>239.100.1.1.websm:UDP,length5815:41:59.122191IP10.0.1.109.35673>239.100.1.1.websm:UDP,length5715:41:59.128282IP10.0.1.253.ssh>192.168.78.143.51694:Flags[P.],seq749565300:749565496,ack3522345564,win255,length19615:41:59.134127IP192.168.78.143.51694>10.0.1.253.ssh:Flags[.],ack196,win3977,length015:41:59.140319ARP,Requestwho-has10.0.1.31tell10.0.1.102,length4615:41:59.168328ARP,Requestwho-has10.0.1.37tell10.0.1.102,length4615:41:59.262235ARP,Requestwho-has192.168.10.150tell192.168.10.151,length4615:41:59.622090IP10.0.1.108.3693>239.100.1.1.websm:UDP,length5815:41:59.622178IP10.0.1.109.35673>239.100.1.1.websm:UDP,length57....

After the command is started, you can use-v or-vv to display more detailed information and capture data packets from ens33. The output shows the packet header information (including ARP, IP, TCP, UDP, and other protocols) of each sent or received packet ). This command does not specify expression, so all data packets are captured by default.
If you need to capture the data packet and analyze it through other programs (such as wireshark), you can use option-w file to write the data to the file, at the same time, you also need to use option-s 0 to specify the size of the captured data packet to 65535 bytes, so as to avoid data packets being truncated and cannot be analyzed.
In the real environment, the amount of data packets flowing through the network card is huge. You can use expressions to filter data packets. Each data packet must be filtered by an expression. Only when the expression value is true will the data be output.
Expression can contain conditions specified by one or more keywords. You can use and (or &), or (or |), not (or !) And parentheses () indicate the logical relationship between each keyword. You can use >,< to represent comparison and calculation. The keywords include:
Type keywords, such as host, net, port, and portrange, indicate the host, network segment, port number, and port segment respectively.
Direction keyword, such as src and dst, indicating the source and destination respectively.
Proto protocol keywords, such as fddi, arp, ip, tcp, and udp, indicate various network protocols respectively.
Due to space limitations, the following example will only describe the role of options and expressions and will not explain the output content:

Tcpdump-iens33dsthost10.0.1.251 # monitor all packets sent from Port ens33 to host 10.0.1.20., the host can also be a host name tcpdump-ieth0host! 211.161.223.70and! 211.161.223.71anddstport80 # listening port eth0, capture the tcpdump tcpport80and (ip [2: 2]-( ip [0] & 0xf) <2)-(tcp [12] & 0xf0)> 2 ))! = 0) andsrcnet (183.60.w.or122.13.220) '-s0-ieth0-wipdump # capture the source or destination port is 80, and the source network is (183.60.190.0/24 or 122.13.220.0/24), and contains data, not SYN, FIN, ACK-only, and other TCP data packets without data are written to the file ipdump # note that the expression here is caused by single quotes to avoid syntax errors caused by shell parsing of special characters. tcpdump 'tcp [tcpflags] & (tcp-syn | tcp-fin )! = 0 and! Srcanddstnet10.0.0 '# print only the TCP start and end packets (SYN and FIN tags), and the source and target network segments are not 10.0.0.0/24tcpdump 'gateway10. 0.1.1andip []> 576 '# capture IP packets sent to the gateway 10.0.1.1 and greater than 576 bytes

There are many network-related commands, so I hope they can help you.

From: http:// OS .51cto.com/art/201612/524450.htm

Address: http://www.linuxprobe.com/linux-net-command.html