[Linux] ip & ss Command
Posted On 2018-07-03
[Linux] ip & ss Command
IP
ip的命令格式如下:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
Usage: ip [ OPTIONS ] OBJECT { COMMAND | help } ip [ -force ] -batch filename where OBJECT := { link | address | addrlabel | route | rule | neigh | ntable | tunnel | tuntap | maddress | mroute | mrule | monitor | xfrm | netns | l2tp | fou | macsec | tcp_metrics | token | netconf | ila | vrf } OPTIONS := { -V[ersion] | -s[tatistics] | -d[etails] | -r[esolve] | -h[uman-readable] | -iec | -f[amily] { inet | inet6 | ipx | dnet | mpls | bridge | link } | -4 | -6 | -I | -D | -B | -0 | -l[oops] { maximum-addr-flush-attempts } | -br[ief] | -o[neline] | -t[imestamp] | -ts[hort] | -b[atch] [filename] | -rc[vbuf] [size] | -n[etns] name | -a[ll] | -c[olor]} |
Example
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 |
# 顯示所有IP資料(Show all ip data) ip addr show # 只顯示ipv4(Only show ipv4 data) ip -4 a # 只顯示ipv6(Only show ipv6 data) ip -6 a # 只顯示特定網卡的IP資料(Only show specific interface's data) ip a show eth0 # 只顯示正在運行的網卡資料(不含IP, Only show running interfaces data) ip link ls up or ip link show up # 顯示全部的網卡資料(不含IP, Show all interfaces data) ip link ls or ip link show # 顯示ip link的副指令集(非常多, Help command for ip link) ip link help # 增加/刪除 ip (暫時的重開機後消失) ip a add {ip_addr/mask} dev {intereface} [相關參數]: IP參數({ip_addr/mask}):主要就是網域的設定,例如 192.168.100.100/24之類的設定喔 dev(dev {intereface}):這個 IP 參數所要設定的介面,例如 eth0, eth1等 相關參數,主要有底下這些: broadcast:設定廣播位址,如果設定值是 + 表示"讓系統自動計算" label:亦即是這個裝置的別名,例如 eth0:0 就是了 scope:這個介面的領域,通常是這幾個大類: global:允許來自所有來源的連線; site :僅支援 IPv6 ,僅允許本主機的連線; link :僅允許本裝置自我連線; host :僅允許本主機內部的連線; 預設是使用 global! - Sample 1: ip addr add 192.168.0.123/24 dev eth0 - Sample 2:(新增一個介面,名稱假設為 eth0:vbird,broadcast + 也可以寫成 broadcast 192.168.50.255) ip address add 192.168.50.50/24 broadcast + dev eth0 label eth0:vbird ip a del {ip_addr/mask} dev {intereface}: ip addr del 192.168.0.123 dev eth0 ip address del 192.168.50.50/24 dev eth0 # 啟動/關閉 網卡 or 設定mtu大小 (up or down a device or setting up mtu value) ip link set dev {interface} {up|down} ip l set dev eth0 down ip l set dev eth0 up ip l set dev eth0 mtu 1499 (mtu: 最大傳輸單元, 單位是bytes) # 修改網卡代號、MAC等參數 ip link set eth0 down ip link set eth0 name vbird ip link set eth0 address aa:aa:aa:aa:aa:aa ip link show eth0 # ip指令還可以查看臨近節點(neighbour)的可達性: ip n show // same as ip neigh show ip n add {ip_addr} lladdr {MAC/LLADDRESS} dev {interface} nud {perm|noarp|stale|reachable} ip n del {ip_addr} dev eth0 # ip指令顯示route表: ip r // same as ip route show ip r list 192.168.0.0/24 //只顯示192.168.0.0的路由 proto:此路由的路由協定,主要有 redirect, kernel, boot, static, ra 等, 其中 kernel 指的是直接由核心判斷自動設定。 scope:路由的範圍,主要是 link ,亦即是與本裝置有關的直接連線。 # 增加&刪除 (add & del): ip route {add|del} {IP/網域} [via gateway_ip] {dev interface} ip r add {default} {network/mask} dev {interface} ip r add {default} {network/mask} via [gateway_ip] ip r add 192.168.1.0/24 dev eth0 (針對本機直接溝通的網域設定好路由,不需要透過外部的路由器,不需要GW) ip route add 192.168.1.0/24 via 192.168.1.100 dev eth0 (增加可以通往外部的路由,需透過router) ip route add default via 192.168.1.254 dev eth0 (增加預設路由, 只要一個預設路由就 OK ) ip r del default ip r del network/mask dev wth0 |
ss (Socket Statistics)
ss是另一個很重要的工具,ss是socket statistics的縮寫,用於代替之前使用netstat命令。ss能夠顯示比netstat更多的信息並且速度也更快。netstat是從 /proc 下的文件中讀取信息再整理顯示的,而 ss 命令直接從內核空間獲取信息。
直接執行 ss 會列出當前所有已建立的非監聽的(non-listening)連接,所以會利用參數來取得確實想要的資訊。
常見如下:
1 2 3 4 5 6 7 8 |
-n, --numeric,顯示端口數字而不是服務名字,比如顯示 80 而不是 http -t, --tcp, 即顯示 tcp 套接字,同理常用 -u 表示 udo 套接字 -l, --listening,也好理解,默認不顯示監聽的套接字,這個參數指明只顯示監聽中的套接字 -4, --ipv4也是常用的,在查看服務監聽狀態時,常指定 -4 或者 -6 結果更加清晰 -p, --processes,顯示使用這個套接字的進程id,這個參數需要 sudo 權限 -s, --summary,顯示套接字使用的統計信息 -o, --options,顯示相關的時間信息 |
Example
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 |
# Show Internet Protocol: ss -t -a // dumps all TCP sockets ss -u -a // dumps all UDP sockets ss -w -a // dumps all RAW sockets ss -x -a // dumps all UNIX sockets ss -d -a // dumps all DCCP sockets (DCCP is a less common network protocol that has the connection-oriented, error-checking traits of TCP with the broadcast-type features of UDP. The DCCP protocol is often used for media streaming.) ss -e (shows timer options that offer an insight into the current status of any keepalives on a connection.) # Show more specific link: ss -t4 state established // show ipv4 which link is established ss -t4 state time-wait // show ipv4 whick link is waiting ss state connected dport = :sftp // show sFTP traffic # Show Destionation or Source IP data: ss dst 192.168.0.10 ss src 192.168.1.0 ss dst 192.168.1.1/24 ss dst 192.168.1.1/24:53 # Show port information with regular expression: ss dport != :53 ss 192.168.1.1:http ss dport > :53 ss -nt dst gt :1024 ss -nt dst :443 or dst :80 ss ( sport = :ftp or dport = :http ) # Checking for FIN–WAIT–1 states lets you identify whether your application has closed its side of a connection, but a remote host has not closed its side, thus tying up your machine’s precious ports: ss -o state fin-wait-1 '( sport = :ftp or sport = :http )' dst 10.10.3.3/24:22 # List all the tcp sockets in state FIN-WAIT-1 for our apache to network 192.168.1.0/24 and look at their timers: ss -o state fin-wait-1 \( sport = :http or sport = :https \) dst 192.168.1.0/24 # Look at all our sockets using autobound ports: ss -a -A all autobound # Find all the local processes connected to local X servers: ss -xp dst "/tmp/.X11-unix/*" ss -x src "/tmp/.X11-unix/*" |
Reference
第五章、 Linux 常用網路指令
Linux ip/ss 命令详解
sing SS tool for network troubleshooting
SS Utility: Quick Intro