[Linux] ip & ss Command
Posted On 2018-07-03
[Linux] ip & ss Command
IP
ip的命令格式如下:
Usage: ip [ OPTIONS ] OBJECT { COMMAND | help }
ip [ -force ] -batch filename
where OBJECT := { link | address | addrlabel | route | rule | neigh | ntable |
tunnel | tuntap | maddress | mroute | mrule | monitor | xfrm |
netns | l2tp | fou | macsec | tcp_metrics | token | netconf | ila |
vrf }
OPTIONS := { -V[ersion] | -s[tatistics] | -d[etails] | -r[esolve] |
-h[uman-readable] | -iec |
-f[amily] { inet | inet6 | ipx | dnet | mpls | bridge | link } |
-4 | -6 | -I | -D | -B | -0 |
-l[oops] { maximum-addr-flush-attempts } | -br[ief] |
-o[neline] | -t[imestamp] | -ts[hort] | -b[atch] [filename] |
-rc[vbuf] [size] | -n[etns] name | -a[ll] | -c[olor]}
Example
# 顯示所有IP資料(Show all ip data)
ip addr show
# 只顯示ipv4(Only show ipv4 data)
ip -4 a
# 只顯示ipv6(Only show ipv6 data)
ip -6 a
# 只顯示特定網卡的IP資料(Only show specific interface's data)
ip a show eth0
# 只顯示正在運行的網卡資料(不含IP, Only show running interfaces data)
ip link ls up
or
ip link show up
# 顯示全部的網卡資料(不含IP, Show all interfaces data)
ip link ls
or
ip link show
# 顯示ip link的副指令集(非常多, Help command for ip link)
ip link help
# 增加/刪除 ip (暫時的重開機後消失)
ip a add {ip_addr/mask} dev {intereface} [相關參數]:
IP參數({ip_addr/mask}):主要就是網域的設定,例如 192.168.100.100/24之類的設定喔
dev(dev {intereface}):這個 IP 參數所要設定的介面,例如 eth0, eth1等
相關參數,主要有底下這些:
broadcast:設定廣播位址,如果設定值是 + 表示"讓系統自動計算"
label:亦即是這個裝置的別名,例如 eth0:0 就是了
scope:這個介面的領域,通常是這幾個大類:
global:允許來自所有來源的連線;
site :僅支援 IPv6 ,僅允許本主機的連線;
link :僅允許本裝置自我連線;
host :僅允許本主機內部的連線;
預設是使用 global!
- Sample 1:
ip addr add 192.168.0.123/24 dev eth0
- Sample 2:(新增一個介面,名稱假設為 eth0:vbird,broadcast + 也可以寫成 broadcast 192.168.50.255)
ip address add 192.168.50.50/24 broadcast + dev eth0 label eth0:vbird
ip a del {ip_addr/mask} dev {intereface}:
ip addr del 192.168.0.123 dev eth0
ip address del 192.168.50.50/24 dev eth0
# 啟動/關閉 網卡 or 設定mtu大小 (up or down a device or setting up mtu value)
ip link set dev {interface} {up|down}
ip l set dev eth0 down
ip l set dev eth0 up
ip l set dev eth0 mtu 1499 (mtu: 最大傳輸單元, 單位是bytes)
# 修改網卡代號、MAC等參數
ip link set eth0 down
ip link set eth0 name vbird
ip link set eth0 address aa:aa:aa:aa:aa:aa
ip link show eth0
# ip指令還可以查看臨近節點(neighbour)的可達性:
ip n show // same as ip neigh show
ip n add {ip_addr} lladdr {MAC/LLADDRESS} dev {interface} nud {perm|noarp|stale|reachable}
ip n del {ip_addr} dev eth0
# ip指令顯示route表:
ip r // same as ip route show
ip r list 192.168.0.0/24 //只顯示192.168.0.0的路由
proto:此路由的路由協定,主要有 redirect, kernel, boot, static, ra 等, 其中 kernel 指的是直接由核心判斷自動設定。
scope:路由的範圍,主要是 link ,亦即是與本裝置有關的直接連線。
# 增加&刪除 (add & del):
ip route {add|del} {IP/網域} [via gateway_ip] {dev interface}
ip r add {default} {network/mask} dev {interface}
ip r add {default} {network/mask} via [gateway_ip]
ip r add 192.168.1.0/24 dev eth0 (針對本機直接溝通的網域設定好路由,不需要透過外部的路由器,不需要GW)
ip route add 192.168.1.0/24 via 192.168.1.100 dev eth0
(增加可以通往外部的路由,需透過router)
ip route add default via 192.168.1.254 dev eth0 (增加預設路由, 只要一個預設路由就 OK )
ip r del default
ip r del network/mask dev wth0
ss (Socket Statistics)
ss是另一個很重要的工具,ss是socket statistics的縮寫,用於代替之前使用netstat命令。ss能夠顯示比netstat更多的信息並且速度也更快。netstat是從 /proc 下的文件中讀取信息再整理顯示的,而 ss 命令直接從內核空間獲取信息。
直接執行 ss 會列出當前所有已建立的非監聽的(non-listening)連接,所以會利用參數來取得確實想要的資訊。
常見如下:
-n, --numeric,顯示端口數字而不是服務名字,比如顯示 80 而不是 http
-t, --tcp, 即顯示 tcp 套接字,同理常用 -u 表示 udo 套接字
-l, --listening,也好理解,默認不顯示監聽的套接字,這個參數指明只顯示監聽中的套接字
-4, --ipv4也是常用的,在查看服務監聽狀態時,常指定 -4 或者 -6 結果更加清晰
-p, --processes,顯示使用這個套接字的進程id,這個參數需要 sudo 權限
-s, --summary,顯示套接字使用的統計信息
-o, --options,顯示相關的時間信息
Example
# Show Internet Protocol:
ss -t -a // dumps all TCP sockets
ss -u -a // dumps all UDP sockets
ss -w -a // dumps all RAW sockets
ss -x -a // dumps all UNIX sockets
ss -d -a // dumps all DCCP sockets
(DCCP is a less common network protocol that has the connection-oriented, error-checking traits of TCP with the broadcast-type features of UDP. The DCCP protocol is often used for media streaming.)
ss -e
(shows timer options that offer an insight into the current status of any keepalives on a connection.)
# Show more specific link:
ss -t4 state established // show ipv4 which link is established
ss -t4 state time-wait // show ipv4 whick link is waiting
ss state connected dport = :sftp // show sFTP traffic
# Show Destionation or Source IP data:
ss dst 192.168.0.10
ss src 192.168.1.0
ss dst 192.168.1.1/24
ss dst 192.168.1.1/24:53
# Show port information with regular expression:
ss dport != :53
ss 192.168.1.1:http
ss dport > :53
ss -nt dst gt :1024
ss -nt dst :443 or dst :80
ss ( sport = :ftp or dport = :http )
# Checking for FIN–WAIT–1 states lets you identify whether your application has closed its side of a connection, but a remote host has not closed its side, thus tying up your machine’s precious ports:
ss -o state fin-wait-1 '( sport = :ftp or sport = :http )' dst 10.10.3.3/24:22
# List all the tcp sockets in state FIN-WAIT-1 for our apache to network 192.168.1.0/24 and look at their timers:
ss -o state fin-wait-1 \( sport = :http or sport = :https \) dst 192.168.1.0/24
# Look at all our sockets using autobound ports:
ss -a -A all autobound
# Find all the local processes connected to local X servers:
ss -xp dst "/tmp/.X11-unix/*"
ss -x src "/tmp/.X11-unix/*"
Reference
第五章、 Linux 常用網路指令
Linux ip/ss 命令详解
sing SS tool for network troubleshooting
SS Utility: Quick Intro