Network Operation commands required for Linux

Source: Internet
Author: User
Tags domain name server ftp client file transfer protocol nslookup nslookup command reverse dns
Because the Linux system originated and developed on the Internet, it is born with powerful network functions and rich network application software, in particular, the implementation of TCP/IP network protocols is particularly mature. Linux has many network commands, some of which are like Pi Ng, FTP, telnet, route, netstat, and so on can be seen on other operating systems, but there are also some commands unique to Unix/Linux systems, such as ifconfig, finger, mail, etc. A feature of Linux network operating commands is that there are many options and functions of command parameters. A command can also implement other command functions.

Ifconfig

1. Role
Ifconfig is used to view and change network interface addresses and parameters, including IP addresses, network masks, and broadcast addresses. The user has the permission to use ifconfig.

2. Format
Ifconfig-interface [Options] address

3. Main Parameters

     -Interface: Specifies the network interface name, such as eth0 and eth1. Up: Activate the specified network interface card. Down: Disable the specified network interface. Broadcast address: Set the broadcast address of the API. Pointopoint: enables point-to-point. Address: Set the IP address of the specified interface device. Netmask address: Set the subnet mask of the interface.

4. Application description
Ifconfig is a command line tool used to set and configure the NIC. To manually configure the network, this is a required command. The advantage of using this command is that you do not need to restart the machine. To assign the eth0 interface IP address 207.164.186.2 and activate it immediately, run the following command:
# Fconfig eth0 210.34.6.89 netmask 255.255.255.128 broadcast 210.34.6.127

This command is used to set the IP address, network mask, and local broadcast address of the network adapter eth0. If you run the ifconfig command without any parameters, the command displays information about all the machine's activation interfaces. The command with the "-a" parameter displays information about all interfaces, including interfaces that are not activated. Note that network device parameters configured using the ifconfig command will be lost after the machine is restarted.
To pause a network interface, you can use the down parameter:
# Ifconfig eth0 down

IP

1. Role
IP is a powerful network configuration tool in the iproute2 software package. It can replace some traditional network management tools, such as ifconfig and route, and use permissions as superusers. Almost all Linux releases support this command.

2. Format
IP [Options] object [Command [arguments]

3. Main Parameters
Options is an option for modifying IP behavior or changing its output. All options start with a-character, which can be long or short. Currently, IP supports the options shown in table 1.

An object is an object for administrators to obtain information. Currently, the IP addresses are identified in table 2.

Table 1 IP support options

-V,-version Print the IP version and exit.
-S,-stats,-Statistics Output more detailed information. If this option appears twice or multiple times, the output information is more detailed.
-F,-family This option is followed by the protocol type, including Inet, inet6, or link, emphasizing the protocol type used. If there is not enough information to tell the protocol type used by the IP address, the default value is Inet or any. Link is special. It indicates that no network protocol is involved.
-4 Is short for-family inet.
-6 Is short for-family inet6.
-0 Is short for-family link.
-O,-oneline Use a single line output for each record and a character for returning the record. This option is used if you need to use tools such as WC and grep to process IP output.
-R,-resolve Query the domain name resolution system and replace the Host IP address with the obtained host name.

Command sets the operation performed on the specified object, which is related to the object type. Generally, IP addresses support adding, deleting, and displaying objects ). Some objects do not support these operations, or some other commands. For all objects, you can use the help command for help. This command lists the commands and parameter syntaxes supported by this object. If no operation command is specified for an object, the IP address uses the default command. Generally, the default command is list. If the object cannot be listed, the Help Command is executed.

Arguments are some parameters of commands, which depend on objects and commands. IP supports two types of parameters: flag and parameter. Flag is composed of a keyword. parameter is composed of a keyword and a value. For convenience, each command has a default parameter that can be ignored. For example, the dev parameter is the default parameter of the IP link command, so IP link ls eth0 is equal to IP link ls Dev eth0. We will detail the use of each command in the following sections. The default parameters of the command will be marked with default.

4. Application Instance
Add the IP address 192.168.2.2/24 to the eth0 NIC:
# Ip addr add 192.168.1.1/24 Dev eth0

Discard all data packets whose source address belongs to the 192.168.2.0/24 network:
# IP rule add from 192.168.2.0/24 PRIO 32777 reject

Ping

1. Role
Ping checks the network interface status of the host. the permission is granted to all users.

2. Format
Ping [-dfnqrrv] [-C] [-I] [-I] [-L] [-p] [-S] [-T] IP Address

3. Main Parameters

     -D: Use the socket so_debug function. -C: set the number of requests to respond. -F: limit detection. -I: specifies the number of seconds between sending and receiving information. -I: the network interface uses the specified network interface to send data packets. -L: The data packet that is sent before the request information is sent. -N: only numbers are output. -P: set the pattern for filling data packets. -Q: The command execution process is not displayed, except for information related to the beginning and end. -R: ignore common routing tables and directly send data packets to the remote host. -R: records the routing process. -S: Set the packet size. -T: Set the TTL value. -V: displays the instruction execution process in detail.

The Ping Command is the most commonly used network command. We usually use it to check whether the network is connected. It uses the ICMP protocol. However, sometimes we can view a web page in the browser, but we cannot ping it because some websites are in security consideration and have installed the firewall. In addition, you can try it on your computer and use the following method to make the system do not respond to Ping:
# Echo 1>/proc/sys/NET/IPv4/icmp_echo_ignore_all

Netstat

1. Role
Check the network status of Linux.  

2. Format
Netstat [-accefghilmnnoprstuvvwx] [-A] [-- IP]

3. Main Parameters

     -A -- all: displays the sockets in all connections. -A: List the IP address and network type of the network connection. -C -- continuous: continuously lists the network status. -C -- cache: displays the cache information of the vro configuration. -E -- Extend: displays other network-related information. -F -- fib: displays fib. -G -- groups: displays a list of members of multiple broadcast groups. -H -- help: online help. -I -- interfaces: displays the network interface information form. -L -- listening: displays the socket of the monitored server. -M -- masquerade: displays disguised network connections. -N -- numeric: the IP address is used directly instead of the Domain Name Server. -N -- Netlink -- symbolic: displays the symbolic connection name of the network hardware peripheral device. -O -- Timers: display the timer. -P -- Programs: displays the program identification code and program name using the socket. -R -- route: displays the routing table. -S -- statistice: displays a statistical table of network work information. -T -- TCP: displays the connection status of the TCP transmission protocol. -U -- UDP: displays the connection status of the UDP transmission protocol. -V -- verbose: displays the command execution process. -V -- version: displays the version information. -W -- raw: displays the connection status of the raw transmission protocol. -X -- Unix: it is the same as the specified "-a Unix" parameter. -- IP -- Inet: it is the same as the specified "-A Inet" parameter.

4. Application Instance
Netstat is mainly used for Linux to view its own network conditions, such as the opened port, the user services, and the service status. It also displays the system route table and network interface status. It can be said that it is a comprehensive network status inspection tool. By default, netstat only displays the ports with established connections. To display all listening ports, use the-a parameter:

     #netstat -aActive Internet connections (only servers)Proto  Recv-Q   Send-Q    Local Address  Foreign Address  Statetcp    0   0   *:32768*:*LISTENtcp    0      0   *:32769*:*LISTENtcp    0   0   *:nfs*:*LISTENtcp    0   0   *:32770*:*LISTENtcp    0   0   *:868*:*LISTENtcp    0   0   *:617*:*LISTENtcp    0   0   *:mysql*:*LISTENtcp    0   0   *:netbios-ssn*:*LISTENtcp    0   0   *:sunrpc*:*LISTENtcp    0   0   *:10000*:*LISTENtcp    0   0   *:http*:*LISTEN......

As shown above, this host provides HTTP, FTP, NFS, MySQL, and other services at the same time.

Telnet

1. Role
Telnet indicates to enable the terminal job and log on to the remote host. Telnet is a Linux Command and a protocol (Remote logon protocol ).

2. Format
Telnet [-8 acdeffklrx] [-B] [-E] [-K] [-L] [-N] [-S] [-x] [host name IP address <Communication port>]

3. Main Parameters

     -8: 8 characters are allowed, including input and output. -A: Try to automatically log on to the remote system. -B: use an alias to specify the remote host name. -C: Do not read the. telnetrc file in the user's exclusive directory. -D: Start the troubleshooting mode. -E: Set the escape character. -E: filter out the escape characters. -F: the effect of this parameter is the same as that of the specified "-F" parameter. -F: When Kerberos v5 is used for authentication, you can add this parameter to upload the authentication data of the local host to the remote host. -K: When Kerberos authentication is used, add this parameter to allow the remote host to use the specified domain name instead of the domain name of the host. -K: do not automatically log on to the remote host. -L: Specifies the name of the user to log on to the remote host. -L: 8-character data can be output. -N: Specifies the file record information. -R: Use a user interface similar to the rlogin command. -S: service type. Set the IP address TOS required for the telnet connection. -X: if the host supports data encryption, use it. -X: Disable the specified authentication format.

4. Application description
You can use the Telnet command to remotely log on and communicate with each other. A user logs on to a remote computer over the network, just like logging on to a local machine and executing commands. To log on to the remote computer through telnet, you must know the valid user name and password on the remote computer. Although some systems do provide the logon function for remote users, the Operation permissions of guests must be restricted for security reasons. Therefore, in this case, few functions can be used.

Telnet only provides terminal Simulation for common terminals, but does not support graphic environments such as x-window. When remote users are allowed to log on, the system usually places these users in a restricted shell to prevent the system from being maliciously or accidentally damaged. You can also use Telnet to log on from a remote site to your computer, check emails, edit files, and run programs, just like logging on locally.

FTP

1. Role
FTP command for remote file transmission. FTP is the standard file transfer protocol of ARPANET. This network is the predecessor of the Internet today, so FTP is both a protocol and a command.

2. Format
FTP [-dignv] [host name IP address]

3. Main Parameters

     -D: displays the instruction execution process in detail to facilitate troubleshooting of program execution. -I: Disable the interaction mode without asking any questions. -G: Disable the extension feature of special characters for the local host file name. -N: Automatic Login is not used. -V: displays the command execution process.

4. Application description
The FTP command is a standard file transfer protocol user interface. It is a simple and effective method for transferring files between TCP/IP network computers. It allows users to transmit asc ii files and binary files. To use ftp to transfer files, you must know the valid user name and password on the remote computer. This user name/password combination is used to confirm the FTP session and determine the user's access to the file to be transferred. In addition, you need to know the IP address of the computer whose FTP session is performed.

You can use an FTP client program to connect to another computer. You can move up or down the directory to list the contents of the directory. You can copy files from a remote computer to a local computer; you can also transfer files from a local machine to a remote system. There are 72 FTP Internal commands. The following lists the main internal commands:

     Ls: list the current directory of the remote machine. CD: change the working directory on a remote machine. LCD: change the working directory on the local machine. Close: Terminate the current FTP session. Hash: A # number is displayed after data in the data buffer is transmitted each time. Get (mget): transfers a specified file from a remote machine to a local machine. Put (mput): transfers a specified file from a local machine to a remote machine. Quit: disconnect from the remote machine and exit FTP.

Route

1. Role
Route indicates that the route table is manually generated, modified, and viewed.

2. Format
# Route [-add] [-net |-host] targetaddress [-netmask nm] [Dev] If]
# Route [-delete] [-net |-host] targetaddress [GW] [-netmask nm] [Dev] If]

3. Main Parameters

     -Add: Add a route. -Delete: delete a route. -Net: A route arrives at a network, not a host. -Host: The route arrives at a host. -Netmask NM: Specifies the subnet mask of the route. GW: the gateway of the specified route. [Dev] If: forces the specified interface of the route chain.

4. Application Instance

The route command is used to view and set the route information of the Linux system for communication with other networks. To achieve communication between two different subnets, you need a router that connects two networks or a gateway that is located in both networks.

In Linux, routing is usually set to solve the following problems: the Linux system has a gateway in a LAN that allows machines to access the Internet, then you need to set the IP address of this machine to the default route of the Linux machine. Use the following command to add a default route:
Route add 0.0.0.0 192.168.1.1

Rlogin

1. Role
Rlogin is used for remote registration.

2. Format
Rlogin [-8 ekldx] [-e char] [-K realm] [-l username] Host

3. Main Parameters
-8: This option always allows an 8-bit input data channel. This option allows you to send formatted ANSI characters and other special code. If this option is not used, the parity bit will be removed unless the remote end is not a termination or start character.
-E: Stop using any character as an escape character. When used together with the-8 option, it provides a completely transparent connection.
-K: Disable all Kerberos validation. This option is used only when it is connected to a host using the Kerberos validation protocol.
-L: allows the rlogin session to run in litout mode. For more information, see the TTY online help.
-D: Open the socket debugging of TCP sockets that communicates with the remote host. For more information, see the setsockopt online help.
-E: Set the escape character for the rlogin session. The default escape character is "~".
-K: Requests rlogin to obtain Kerberos permission for the remote host in the specified region, instead of obtaining Kerberos permission for the remote host in the remote host region determined by krb_realmofhost (3.
-X: Enable DES encryption for all data transmitted through the rlogin session. This affects response time and CPU utilization, but improves security.

4. Instructions for use
If you have an account on different systems on the network, or you can access another account on another system, you must first register an account in the system to access another system, then, remotely register the account to the system where the account is located through the network. Rlogin can be remotely registered to another system. Its parameter should be a system name.
RCP

1. Role
RCP indicates remote file copy, used by computers The permission for copying files is granted to all users.

2. Format
RCP [-Px] [-K realm] file1 file2 RCP [-Px] [-R] [-K realm] File

3. Main Parameters
-R: recursively copy all content in the source directory to the target directory. To use this option, the object must be a directory.
-P: tries to retain the modification time and mode of the source file, ignoring umask.
-K: Requests the RCP to obtain the Kerberos permission for the remote host in the specified region, instead of obtaining the Kerberos permission for the remote host in the remote host region determined by krb_relmofhost (3.
-X: Enable DES encryption for all transmitted data.

Finger

1. Role
Finger is used to query the login account information on a host. It usually displays the user name, main directory, stagnation time, Logon Time, logon shell, and other information. The permission is granted to all users.

2. Format
Finger [Option] [user] [user @ host]

3. Main Parameters
-S: displays the User Registration Name, actual name, terminal name, write status, stagnation time, Logon Time, and other information.
-L: In addition to the information displayed with the-s option, it also displays information such as the user's home directory, logon shell, email status, and under the user's home directory. plan ,. project and. the content of the forward file.
-P: Except for not displaying the. Plan and. project files, it is the same as the-L option.

4. Application Instance
Use finger on a computer:

     [root@localhost root]# FingerLogin  Name  Tty    Idle  Login Time  Office  Office Phoneroot   root  tty1      2  Dec 15 11root   root  pts/0     1  Dec 15 11root   root  *pts/1       Dec 15 11

5. Application description
To query user information on a remote machine, you must add "@ host name" after the user name, in the format of [user name @ host name, however, the network host to be queried must support running the finger daemon.

Mail

1. Role
Mail is used to send emails. the permission is granted to all users. In addition, mail is an email program.

2. Format

     mail  [-s subject] [-c address] [-b address]   mail -f [mailbox]mail [-u user]

3. Main Parameters

     -B address: List of anonymous recipient addresses for output information. -C Address: the CC () Recipient address list of the output information. -F [Mailbox]: reads emails from the mailbox specified by the inbox. -S subject: Specifies the main line of the output information. [-U user]: Port specifies the optimized inbox to read emails.

NSLookup

1. Role
The NSLookup command is used to query the IP address of a machine and its corresponding domain name. Grant permissions to all users. It usually requires a Domain Name Server to provide domain name services. If you have configured a Domain Name Server, you can use this command to view the domain name corresponding to the IP addresses of different hosts.

2. Format
NSLookup [IP Address/domain name]

3. Application Instance
(1) Use the NSLookup command on the Local Computer

     $ nslookupDefault Server: name.cao.com.cnAddress: 192.168.1.9>

Enter the Domain Name of the IP address to be queried after the symbol ">" and press Enter. To exit the command, enter "Exit" and press Enter.

(2) run the NSLookup command to test named.
Enter the following command:
NSLookup

Then enter the switched NSLookup environment. If named is started normally, NSLookup will display the address and domain name of the current DNS server. Otherwise, named cannot be started properly.

The following describes some basic DNS diagnostics.
◆ Check for forward DNS resolution. Enter a host name with a domain name at the NSLookup prompt, for example, hp712.my.com. NSLookup should be able to display the IP address corresponding to this host name. If only hp712 is entered, NSLookup automatically adds the my.com domain name and answers the corresponding IP address according to the definition of/etc/resolv. conf.
◆ Check reverse DNS resolution. Enter an IP address at the NSLookup prompt, for example, 192.22.33.20. NSLookup should be able to answer the host name corresponding to the IP address.
◆ Check the MX Email Address Record and enter at the NSLookup prompt:
Set q = mx

Enter a domain name, my.com and mail.my.com, and NSLookup should be able to answer the corresponding email server address, that is, support.my.com and support2.my.com.

Hands-on exercises

1. Dangerous network commands
The development of the Internet makes security a problem that cannot be ignored. Finger, FTP, RCP, and telnet are inherently insecure because they transmit passwords and data in plaintext over the network, the sniffer can easily intercept these passwords and data. In addition, the security authentication methods of these service programs are also vulnerable to attacks by "Intermediate servers. Here I will list some unsafe commands according to the hazard level, as shown in table 3.

Currently, FTP and Telnet can be bound to port 22 by Using SSH commands. The connection is negotiated and RSA encryption is used. After the authentication is complete, all subsequent traffic is encrypted using idea. The SSH (Secure Shell) program can log on to the remote host over the network and execute commands. Remote Call commands such as RCP and rlogin are gradually replaced by VNC software.

2. bind multiple IP addresses to a network card
In Linux, you can use ifconfig to easily bind multiple IP addresses to one Nic. For example, if the original IP address of the eth0 interface is 192.168.0. 254, run the following command:

     ifconfig eth0:0 192.168.0.253 netmask 255.255.255.0 ifconfig eth0:1 192.168.0.252 netmask 255.255.255.0 ......

3. Modify the MAC address of the NIC
First, you must disable the NIC device. The command is as follows:
/Sbin/ifconfig eth0 down

Run the following command to modify the MAC address:
/Sbin/ifconfig eth0 HW ether 00: AA: BB: CC: DD: EE

Enable Nic again:
/Sbin/ifconfig eht0 up

The MAC address of the NIC is changed. The MAC address of each network adapter is unique, but cannot be modified. You only need to ensure the uniqueness of the MAC address in the network.

4. initial deployment of IPv6
The IPv4 technology has played a huge role in the development of the network. However, over time, it becomes increasingly inadequate in terms of network address provision, service quality, and security. Linux is the first to support IPv6 in all operating systems. Generally, IPv6 can be used directly in Linux versions based on the 2.4 kernel. However, IPv6 modules are not loaded in the main release versions, you can use commands to manually attach a file, which requires the permissions of the Super User.

(1) load the IPv6 Module
Run the command to check whether the IPv6 address of eth0 Nic is inet6 ADDR: fe80: 5054: abff: fe34: 5b09/64.

     # modprobe IPv6#ifconfig eth0  Link encap:Ethernet  HWaddr 52:54:AB:34:5B:09     inet addr:192.168.1.2  Bcast:192.168.1.255  Mask:255.255.255.0    inet6 addr: fe80::5054:abff:fe34:5b09/64 Scope:Link    UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1    RX packets:0 errors:0 dropped:0 overruns:0 frame:0    TX packets:21 errors:0 dropped:0 overruns:0 carrier:0    collisions:0 txqueuelen:100    RX bytes:0 (0.0 b)  TX bytes:1360 (1.3 Kb)    Interrupt:5 Base address:0xec00

(2) Use the ping command to check whether the IPv6 address of the NIC is valid.
# Ping6-I eth0-C 2 fe80 :: 200: e8ff: fea0: 2586

Unlike IPv4, you must specify a NIC interface when using the ping6 command. Otherwise, the system does not know which network device to send the packets. I indicates that interface and eth0 are the first NICs,-C indicates a loop, and 2 indicates ping6 is operated twice. The result is shown in Figure 1.


Figure 1 ping6 command in IPv6

(3) Use the ip command to add an IP address for eth0 in IPv6
# IP-6 ADDR add 3ffe: FFFF: 0: f101 :: 1/64 Dev eth0

Run the ifconfig command to check whether the second IPv6 address appears on the NIC.

The main advantage of Linux network is that it can share resources and information, and users can access information remotely. Linux provides a powerful set of network commands to serve users, these tools help users set the network, check the network conditions, log on to a remote computer, transfer files, and execute remote commands.

The above describes the important network commands in Linux. In fact, there are still many commands to learn about in Linux. One of the features of Linux network operating commands is that there are many Command Parameter options that do not need to be fully remembered. The key is to understand the main purpose of the command and learn to use help information.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.