1. 網(wǎng)絡(luò)模型回顧

先來回顧一下OSI和TCP/IP網(wǎng)絡(luò)模型湾蔓，TCP/IP網(wǎng)絡(luò)模型更符合現(xiàn)實(shí)中的網(wǎng)絡(luò)。TCP/IP網(wǎng)絡(luò)模型依次為：

• 第五層：應(yīng)用層（Application）
• 第四層：傳輸層（Transport）
• 第三層：網(wǎng)絡(luò)層（Network/Internet）
• 第二層：數(shù)據(jù)鏈路層（Data Link）
• 第一層：物理層（Physical）

下面我們依次來看看在各層璧尸，有什么方法可以檢測(cè)網(wǎng)絡(luò)故障迫横。

TCPIP_OSI_0.png

2. 物理層

2.1 查看網(wǎng)卡狀態(tài)

# ip link show 

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 08:00:27:0c:b9:17 brd ff:ff:ff:ff:ff:ff

2.2 簡化輸出信息

# ip -br link show

lo               UNKNOWN        00:00:00:00:00:00 <LOOPBACK,UP,LOWER_UP> 
enp0s3           UP             08:00:27:0c:b9:17 <BROADCAST,MULTICAST,UP,LOWER_UP> 

2.3 啟用/禁用網(wǎng)卡

# ip link set enp0s3 up/down

2.4 打印網(wǎng)卡的統(tǒng)計(jì)信息，查看是否有丟包情況

# ip -s link show enp0s3

2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 08:00:27:0c:b9:17 brd ff:ff:ff:ff:ff:ff
    RX: bytes  packets  errors  dropped overrun mcast   
    13546687   9535     0       0       0       22      
    TX: bytes  packets  errors  dropped carrier collsns 
    625270     7339     0       0       0       0

2.5 檢測(cè)網(wǎng)卡速率是否正確配置

# ethtool enp0s3

Settings for enp0s3:
    Supported ports: [ TP ]
    Supported link modes:   10baseT/Half 10baseT/Full 
                            100baseT/Half 100baseT/Full 
                            1000baseT/Full 
    Supported pause frame use: No
    Supports auto-negotiation: Yes
    Supported FEC modes: Not reported
    Advertised link modes:  10baseT/Half 10baseT/Full 
                            100baseT/Half 100baseT/Full 
                            1000baseT/Full 
    Advertised pause frame use: No
    Advertised auto-negotiation: Yes
    Advertised FEC modes: Not reported
    Speed: 1000Mb/s
    Duplex: Full
    Port: Twisted Pair
    PHYAD: 0
    Transceiver: internal
    Auto-negotiation: on
    MDI-X: off (auto)
Cannot get wake-on-lan settings: Operation not permitted
    Current message level: 0x00000007 (7)
                   drv probe link
    Link detected: yes

3. 數(shù)據(jù)鏈路層

ARP（Address Resolution Protocol）在數(shù)據(jù)鏈路層工作珍语，用于三層IP地址到二層MAC地址的映射忍捡。

3.1 查看本地ARP表

# ip neighbor show

192.168.1.109 dev enp0s3 lladdr 20:54:fa:c4:66:2b STALE
192.168.1.1 dev enp0s3 lladdr d4:ee:07:45:a7:1a STALE
192.168.1.232 dev enp0s3 lladdr 9c:5c:8e:78:85:76 REACHABLE

3.2 修改本地ARP表

ARP表會(huì)在本地緩存一段時(shí)間集漾，緩存到期，ARP會(huì)重新發(fā)現(xiàn)建立新的ARP表砸脊。

在一些極端情況具篇，比如Keepalived的虛擬IP地址漂移，需要讓緩存立即失效凌埂，重新建立虛擬IP到新MAC地址的映射驱显。這時(shí)可以刪除ARP表中的映射項(xiàng)，ARP會(huì)立即開始重建。

# ip neighbor delete 192.168.1.1 dev enp0s3

4. 網(wǎng)絡(luò)層

IP協(xié)議和ICMP協(xié)議（Internet Control Message Protocol）工作在這一層埃疫。

4.1 查看IP地址

# ip -br address show

lo               UNKNOWN        127.0.0.1/8 ::1/128 
enp0s3           UP             192.168.1.175/24 fe80::a00:27ff:fe0c:b917/64

4.2 檢測(cè)網(wǎng)絡(luò)聯(lián)通

# ping -c 3 www.baidu.com 

PING www.a.shifen.com (180.101.49.12) 56(84) bytes of data.
64 bytes from 180.101.49.12 (180.101.49.12): icmp_seq=1 ttl=48 time=8.02 ms
64 bytes from 180.101.49.12 (180.101.49.12): icmp_seq=2 ttl=48 time=8.08 ms
64 bytes from 180.101.49.12 (180.101.49.12): icmp_seq=3 ttl=48 time=8.06 ms

--- www.a.shifen.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 8.024/8.056/8.082/0.077 ms

4.3 利用TTL查詢網(wǎng)絡(luò)路徑

# windows 用 tracert
# tracert www.baidu.com

通過最多 30 個(gè)躍點(diǎn)跟蹤
到 www.a.shifen.com [112.80.248.75] 的路由:

  1    <1 毫秒   <1 毫秒   <1 毫秒 Hiwifi.lan [192.168.1.1]
  2     2 ms     1 ms     1 ms  100.64.224.1
  3     2 ms     1 ms     2 ms  139.226.230.113
  4     2 ms     2 ms     2 ms  139.226.210.97
  5    18 ms     4 ms     4 ms  219.158.11.2
  6    11 ms    11 ms    11 ms  221.6.1.250
  7     7 ms     9 ms     7 ms  112.86.192.154
  8     *        *        *     請(qǐng)求超時(shí)伏恐。
  9     9 ms     8 ms     8 ms  112.80.248.75

跟蹤完成。

# linux 最好加上 -I
# traceroute -I www.baidu.com

traceroute to www.baidu.com (180.101.49.12), 30 hops max, 60 byte packets
 1  * * *
 2  * * *
 3  * * *
 4  * * *
 5  * * *
 6  * * *
 7  * * *
 8  * * *
 9  * * *
10  * * *
11  * * *
12  * * *
13  * * *
14  * * *
15  * * *
16  * * *
17  180.101.49.12 (180.101.49.12)  8.110 ms  8.157 ms  8.158 ms

4.4 查看IP路由表

# ip route show

default via 192.168.1.1 dev enp0s3 proto static 
192.168.1.0/24 dev enp0s3 proto kernel scope link src 192.168.1.175 

4.5 檢測(cè)DNS

# nslook www.google.com

Server:     127.0.0.53
Address:    127.0.0.53#53

Non-authoritative answer:
Name:   www.google.com
Address: 31.13.83.16

5. 傳輸層

TCP協(xié)議和UDP協(xié)議工作在這一層栓霜。

5.1 查看本地連接

# ss -tunlp4

Netid  State    Recv-Q   Send-Q       Local Address:Port       Peer Address:Port   
udp    UNCONN   0        0            127.0.0.53%lo:53              0.0.0.0:*      
tcp    LISTEN   0        128          127.0.0.53%lo:53              0.0.0.0:*      
tcp    LISTEN   0        128                0.0.0.0:22              0.0.0.0:*      
tcp    LISTEN   0        128              127.0.0.1:6010            0.0.0.0:*  

ss命令可以傳遞的參數(shù)：

• -t - 顯示TCP端口
• -u - 顯示UDP端口
• -n - 不解析主機(jī)名
• -l - 顯示監(jiān)聽端口
• -p - 顯示進(jìn)程
• -4 - 僅顯示IPv4的socket連接

5.2 測(cè)試TCP連接

# telnet 192.168.1.100 3306

5.3 測(cè)試UDP連接

# nc 192.168.122.1 -u 80