Linux网络管理和故障诊断工具小结
一两套管理工具
1 net-tools
- ifconfig
- route
- netstat
2 iproute或者叫iproute2
- ip
- ss
3查看网卡上的网线是否插好?
[root@localhost ~]# mii-tool em1
em1: negotiated 100baseTx-FD flow-control, link ok
[root@localhost ~]# ifconfig em1
em1 Link encap:Ethernet HWaddr B8:2A:72:CE:EB:34
inet addr:172.18.1.12 Bcast:172.18.1.255 Mask:255.255.255.0
inet6 addr: fe80::ba2a:72ff:fece:eb34/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:13878325581 errors:0 dropped:0 overruns:0 frame:0
TX packets:10135628348 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:3958791965726 (3.6 TiB) TX bytes:1961795198920 (1.7 TiB)
Interrupt:35
[root@localhost ~]# ifconfig em4
em4 Link encap:Ethernet HWaddr B8:2A:72:CE:EB:37
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
Interrupt:36
[root@localhost ~]# mii-tool em4
em4: no link
[root@localhost ~]# 如果是虚拟机的话,可能看到报错:
[root@ecs-e6e1 ~]# mii-tool eth0 SIOCGMIIPHY on 'eth0' failed: Operation not supported [root@ecs-e6e1 ~]#
二网络故障排除常用命令
1 ping
最常用。
2 traceroute
检查到目标主机路由信息;
3 mtr
my traceroute检查到目标host数据包丢失情况;
My traceroute [v0.85]
centos-master (::) Sat Jul 24 07:50:49 2021
Keys: Help Display mode Restart statistics Order of fields quit
Packets Pings
Host Loss% Snt Last Avg Best Wrst StDev
1. ::1 0.0% 55 0.0 0.0 0.0 0.1 0.04 nslookup
:检查DNS解析的域名和IP映射信息,Oracle 11gR2 RAC 配置网络过程中常用
[root@node1 ~]# cat /etc/resolv.conf search localdomain nameserver 172.16.0.176 [root@node1 ~]# nslookup 172.16.0.203 Server: 172.16.0.176 Address: 172.16.0.176#53 203.0.16.172.in-addr.arpa name = scan-cluster.localdomain. [root@node1 ~]# nslookup scan-cluster.localdomain Server: 172.16.0.176 Address: 172.16.0.176#53 Name: scan-cluster.localdomain Address: 172.16.0.203 [root@node1 ~]# nslookup scan-cluster Server: 172.16.0.176 Address: 172.16.0.176#53 Name: scan-cluster.localdomain Address: 172.16.0.203 [root@node1 ~]#
5 telnet
常用不给出示例了。
6 tcpdump
: tcpdump -i any -n port 80
在我的博客主机上执行下述命令,用于查看有哪些客户端和我进行通信。-i any,表示所有网卡流量都抓,-n 表示的是如有通过域名跟我通信的话,直接解析成IP,不要显示域名 ;port 80,表示追踪我本机上的80端口的通信数据。
root@iZwz96377ws99tjeva00kcZ:~# tcpdump -i any -n port 80 ... 08:01:26.490257 IP 172.19.199.12.80 > 117.30.92.158.21322: Flags [F.], seq 682, ack 1601, win 501, options [nop,nop,TS val 2850071266 ecr 1987668022], length 0 08:01:26.514077 IP 117.30.92.158.21322 > 172.19.199.12.80: Flags [.], ack 683, win 2048, options [nop,nop,TS val 1987732543 ecr 2850071266], length 0 08:01:29.827969 IP 172.19.199.12.53382 > 100.100.30.25.80: Flags [P.], seq 6360:7382, ack 61, win 501, length 1022: HTTP 08:01:29.852730 IP 100.100.30.25.80 > 172.19.199.12.53382: Flags [.], ack 7382, win 8589, length 0 08:01:52.841000 IP 100.100.30.25.80 > 172.19.199.12.53382: Flags [.], ack 7388, win 8589, length 0 ^C 2556 packets captured 2653 packets received by filter 97 packets dropped by kernel root@iZwz96377ws99tjeva00kcZ:~#
抓取和特定主机进行通信的TCP网络数据包:tcpdump -i any -n host 100.100.30.25
root@iZwz96377ws99tjeva00kcZ:~# tcpdump -i any -n host 100.100.30.25 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes 08:03:48.519652 IP 172.19.199.12.53382 > 100.100.30.25.80: Flags [P.], seq 1710712030:1710713560, ack 2896782179, win 501, length 1530: HTTP 08:03:48.544383 IP 100.100.30.25.80 > 172.19.199.12.53382: Flags [.], ack 1530, win 8589, length 0 08:04:08.132401 IP 100.100.30.25.80 > 172.19.199.12.53382: Flags [P.], seq 1:11, ack 1530, win 8589, length 10: HTTP 08:04:08.145065 IP 172.19.199.12.53382 > 100.100.30.25.80: Flags [P.], seq 1530:1536, ack 11, win 501, length 6: HTTP 08:04:08.169857 IP 100.100.30.25.80 > 172.19.199.12.53382: Flags [.], ack 1536, win 8589, length 0 08:04:54.533925 IP 100.100.30.25.80 > 172.19.199.12.53382: Flags [P.], seq 11:21, ack 1536, win 8589, length 10: HTTP 08:04:54.537294 IP 172.19.199.12.53382 > 100.100.30.25.80: Flags [P.], seq 1536:1542, ack 21, win 501, length 6: HTTP 08:04:54.562043 IP 100.100.30.25.80 > 172.19.199.12.53382: Flags [.], ack 1542, win 8589, length 0 ^C 8 packets captured 8 packets received by filter 0 packets dropped by kernel root@iZwz96377ws99tjeva00kcZ:~#
抓取特定host和特定端口的TCP数据包:tcpdump -i any -n port 80 and host 100.100.30.25或者是tcpdump -i any -n host 100.100.30.25 and port 80
root@iZwz96377ws99tjeva00kcZ:~# tcpdump -i any -n port 80 and host 100.100.30.25 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes 08:05:40.669466 IP 172.19.199.12.53382 > 100.100.30.25.80: Flags [P.], seq 1710713578:1710715192, ack 2896782209, win 501, length 1614: HTTP 08:05:40.694243 IP 100.100.30.25.80 > 172.19.199.12.53382: Flags [.], ack 1432, win 8589, length 0 08:05:40.694263 IP 100.100.30.25.80 > 172.19.199.12.53382: Flags [.], ack 1614, win 8589, length 0 ^C 3 packets captured 3 packets received by filter 0 packets dropped by kernel root@iZwz96377ws99tjeva00kcZ:~# tcpdump -i any -n host 100.100.30.25 and port 80 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes 08:05:50.112578 IP 172.19.199.12.53382 > 100.100.30.25.80: Flags [P.], seq 1710715192:1710716806, ack 2896782209, win 501, length 1614: HTTP 08:05:50.137353 IP 100.100.30.25.80 > 172.19.199.12.53382: Flags [.], ack 1614, win 8589, length 0 ^C 2 packets captured 2 packets received by filter 0 packets dropped by kernel root@iZwz96377ws99tjeva00kcZ:~#
抓取数据包结果写入文件:tcpdump -i any -n host 100.100.30.25 and port 80 -w /tmp/tcp.result
root@iZwz96377ws99tjeva00kcZ:~# tcpdump -i any -n host 100.100.30.25 and port 80 -w /tmp/tcp.result tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes ^C2 packets captured 2 packets received by filter 0 packets dropped by kernel root@iZwz96377ws99tjeva00kcZ:~#
==抓取的数据包结果文件,好像有点儿问题,不能直接查看:==
root@iZwz96377ws99tjeva00kcZ:~# file /tmp/tcp.result /tmp/tcp.result: tcpdump capture file (little-endian) - version 2.4 (Linux "cooked", capture length 262144) root@iZwz96377ws99tjeva00kcZ:~#
文件字节序的问题,后续有时间精力再去着手解决。
7 netstat:
netstat -ntpl
-n同样表示的是显示IP,不要显示域名;
-t查看tcp协议数据包;
-p显示进程信息;
-l显示监听状态;
以前我个人常用的是netstat -anp|grep xxxxx
root@iZwz96377ws99tjeva00kcZ:~# netstat -ntpl Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 1571/mysqld tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1659/nginx: worker tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 478/systemd-resolve tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 623/sshd root@iZwz96377ws99tjeva00kcZ:~# netstat -ntp Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 608 172.19.199.12:22 117.30.92.158:21408 ESTABLISHED 22181/sshd: root@pt tcp 0 0 172.19.199.12:53382 100.100.30.25:80 ESTABLISHED 9946/AliYunDun tcp 0 0 172.19.199.12:80 117.30.92.158:21418 TIME_WAIT - tcp 0 0 172.19.199.12:22 117.30.92.158:21209 ESTABLISHED 22013/sshd: root@pt tcp 0 0 172.19.199.12:56168 100.100.0.70:443 TIME_WAIT - root@iZwz96377ws99tjeva00kcZ:~#
8 ss
:跟netstat几乎是一样的命令
root@iZwz96377ws99tjeva00kcZ:~# ss -ntpl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 80 127.0.0.1:3306 0.0.0.0:* users:(("mysqld",pid=1571,fd=19))
LISTEN 0 128 0.0.0.0:80 0.0.0.0:* users:(("nginx",pid=29324,fd=6),("nginx",pid=1659,fd=6))
LISTEN 0 128 127.0.0.53%lo:53 0.0.0.0:* users:(("systemd-resolve",pid=478,fd=13))
LISTEN 0 128 0.0.0.0:22 0.0.0.0:* users:(("sshd",pid=623,fd=3))
root@iZwz96377ws99tjeva00kcZ:~# ss -ntp
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 96 172.19.199.12:22 117.30.92.158:21408 users:(("sshd",pid=22181,fd=3))
ESTAB 0 0 172.19.199.12:53382 100.100.30.25:80 users:(("AliYunDun",pid=9946,fd=23))
ESTAB 0 99075 172.19.199.12:80 115.171.202.220:64027 users:(("nginx",pid=1659,fd=7))
FIN-WAIT-2 0 0 172.19.199.12:80 117.30.92.158:21467
ESTAB 0 0 172.19.199.12:22 117.30.92.158:21209 users:(("sshd",pid=22013,fd=3))
root@iZwz96377ws99tjeva00kcZ:~# 三网络服务管理:SysV和systemd
1SysV
也叫Sys5,通常是service network status。
其实,它还是调用以前CentOS 5或者RHEL5的命令:/etc/init.d/network
[root@centos-master ~]# service network
用法:/etc/init.d/network {start|stop|status|restart|reload|force-reload}
[root@centos-master ~]# ll /etc/init.d/network
-rwxr-xr-x 1 root root 7293 5月 3 2017 /etc/init.d/network
[root@centos-master ~]# /etc/init.d/network
用法:/etc/init.d/network {start|stop|status|restart|reload|force-reload}
[root@centos-master ~]# export LANG=en
[root@centos-master ~]# /etc/init.d/network
Usage: /etc/init.d/network {start|stop|status|restart|reload|force-reload}
[root@centos-master ~]# service network status
chkconfig –list network
chkconfig –level 23456 network off
chkconfig –level 23456 network reset
[root@centos-master ~]# service network status
已配置设备:
lo em1 em2 em3 em4
当前活跃设备:
lo em1 em2 em3 em4 docker0 br-b8e699928fe8 vethc2e426e@if101
[root@centos-master ~]# chkconfig --list network
注:该输出结果只显示 SysV 服务,并不包含
原生 systemd 服务。SysV 配置数据
可能被原生 systemd 配置覆盖。
要列出 systemd 服务,请执行 'systemctl list-unit-files'。
查看在具体 target 启用的服务请执行
'systemctl list-dependencies [target]'。
network 0:关 1:关 2:开 3:开 4:开 5:开 6:关
[root@centos-master ~]# chkconfig --level 23456 network off
[root@centos-master ~]# chkconfig --list network
注:该输出结果只显示 SysV 服务,并不包含
原生 systemd 服务。SysV 配置数据
可能被原生 systemd 配置覆盖。
要列出 systemd 服务,请执行 'systemctl list-unit-files'。
查看在具体 target 启用的服务请执行
'systemctl list-dependencies [target]'。
network 0:关 1:关 2:关 3:关 4:关 5:关 6:关
[root@centos-master ~]# chkconfig --level 23456 network reset
[root@centos-master ~]# chkconfig --list network
注:该输出结果只显示 SysV 服务,并不包含
原生 systemd 服务。SysV 配置数据
可能被原生 systemd 配置覆盖。
要列出 systemd 服务,请执行 'systemctl list-unit-files'。
查看在具体 target 启用的服务请执行
'systemctl list-dependencies [target]'。
network 0:关 1:关 2:开 3:开 4:开 5:开 6:关
[root@centos-master ~]# 2 systemd
systemctl管理方式:systemctl status NetworkManager.service或者是
systemctl status NetworkManager;
[root@centos-master ~]# systemctl status NetworkManager.service
● NetworkManager.service - Network Manager
Loaded: loaded (/usr/lib/systemd/system/NetworkManager.service; enabled; vendor preset: enabled)
Active: active (running) since 六 2019-02-02 13:28:43 CST; 2 years 5 months ago
Docs: man:NetworkManager(8)
Main PID: 953 (NetworkManager)
Tasks: 3
Memory: 2.7M
CGroup: /system.slice/NetworkManager.service
└─953 /usr/sbin/NetworkManager --no-daemon
Warning: Journal has been rotated since unit was started. Log output is incomplete or unavailable.
[root@centos-master ~]#
[root@centos-master ~]# systemctl status NetworkManager
● NetworkManager.service - Network Manager
Loaded: loaded (/usr/lib/systemd/system/NetworkManager.service; enabled; vendor preset: enabled)
Active: active (running) since 六 2019-02-02 13:28:43 CST; 2 years 5 months ago
Docs: man:NetworkManager(8)
Main PID: 953 (NetworkManager)
Tasks: 3
Memory: 2.7M
CGroup: /system.slice/NetworkManager.service
└─953 /usr/sbin/NetworkManager --no-daemon
Warning: Journal has been rotated since unit was started. Log output is incomplete or unavailable.
[root@centos-master ~]# ==如果不知道服务名的话,可以用systemctl list-unit-files==
[root@centos-master ~]# systemctl list-unit-files UNIT FILE STATE proc-sys-fs-binfmt_misc.automount static dev-hugepages.mount static dev-mqueue.mount static proc-sys-fs-binfmt_misc.mount static sys-fs-fuse-connections.mount static sys-kernel-config.mount static sys-kernel-debug.mount static tmp.mount disabled brandbot.path disabled ... docker-cleanup.timer disabled fstrim.timer disabled mdadm-last-resort@.timer static systemd-readahead-done.timer indirect systemd-tmpfiles-clean.timer static 316 unit files listed. [root@centos-master ~]#
3建议
不太建议同时使用SysV和systemd同时去管理网络服务,避免混乱。
小结:
理清楚了SysV和systemctl的分别;
netstat常用的几个参数-ntpl;
ss的参数跟netstat差不多;
tcpdump抓取网络数据包;
