過時(shí)的命令
過時(shí)的命令:arp ;ifconfig迹恐; route;netstat卧斟;mii-tool殴边; nameif;iptunnel珍语; ipmaddr
替代過時(shí)命令的新式命令:ip锤岸; ss;ethtool 板乙;ifrename
1. ip
ip是iproute2工具包里面的一個(gè)命令行工具是偷,用于配置網(wǎng)絡(luò)接口以及路由表拳氢。
iproute2 正在逐步取代舊的 net-tools(ifconfig)。
關(guān)于新命令ip的常見用法,看下面這張圖就夠了蛋铆。
IP.png
ip常用參數(shù)選項(xiàng)
-V:顯示指令版本信息馋评;
-s:輸出更詳細(xì)的信息;
-f:強(qiáng)制使用指定的協(xié)議族刺啦;
-4:指定使用的網(wǎng)絡(luò)層協(xié)議是IPv4協(xié)議留特;
-6:指定使用的網(wǎng)絡(luò)層協(xié)議是IPv6協(xié)議;
-0:輸出信息每條記錄輸出一行玛瘸,即使內(nèi)容較多也不換行顯示蜕青;
-r:顯示主機(jī)時(shí),不使用IP地址糊渊,而使用主機(jī)的域名右核。
2. ss
ss命令用來顯示處于活動(dòng)狀態(tài)的套接字信息。ss命令可以用來獲取socket統(tǒng)計(jì)信息再来,它可以顯示和netstat類似的內(nèi)容蒙兰。但ss的優(yōu)勢(shì)在于它能夠顯示更多更詳細(xì)的有關(guān)TCP和連接狀態(tài)的信息,而且比netstat更快速更高效芒篷。
當(dāng)服務(wù)器的socket連接數(shù)量變得非常大時(shí)搜变,無論是使用netstat命令還是直接cat /proc/net/tcp,執(zhí)行速度都會(huì)很慢针炉∧铀可能你不會(huì)有切身的感受,但請(qǐng)相信我篡帕,當(dāng)服務(wù)器維持的連接達(dá)到上萬個(gè)的時(shí)候殖侵,使用netstat等于浪費(fèi) 生命,而用ss才是節(jié)省時(shí)間镰烧。
天下武功唯快不破拢军。ss快的秘訣在于,它利用到了TCP協(xié)議棧中tcp_diag怔鳖。tcp_diag是一個(gè)用于分析統(tǒng)計(jì)的模塊茉唉,可以獲得Linux 內(nèi)核中第一手的信息,這就確保了ss的快捷高效结执。當(dāng)然度陆,如果你的系統(tǒng)中沒有tcp_diag,ss也可以正常運(yùn)行献幔,只是效率會(huì)變得稍慢懂傀。
語(yǔ)法
ss (選項(xiàng))
選項(xiàng)
-h:顯示幫助信息;
-V:顯示指令版本信息蜡感;
-n:不解析服務(wù)名稱蹬蚁,以數(shù)字方式顯示恃泪;
-a:顯示所有的套接字;
-l:顯示處于監(jiān)聽狀態(tài)的套接字缚忧;
-o:顯示計(jì)時(shí)器信息悟泵;
-m:顯示套接字的內(nèi)存使用情況杈笔;
-p:顯示使用套接字的進(jìn)程信息闪水;
-i:顯示內(nèi)部的TCP信息;
-4:只顯示ipv4的套接字蒙具;
-6:只顯示ipv6的套接字球榆;
-t:只顯示tcp套接字;
-u:只顯示udp套接字禁筏;
-d:只顯示DCCP套接字持钉;
-w:僅顯示RAW套接字;
-x:僅顯示UNIX域套接字篱昔。
顯示ICP連接
root@newbie-unknown85882:~# ss -t -a
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 511 *:8888 *:*
LISTEN 0 100 *:6082 *:*
LISTEN 0 5 127.0.0.1:4 *:*
LISTEN 0 128 127.0.0.1:8 *:*
LISTEN 0 128 *:32200 *:*
LISTEN 0 5 127.0.0.1:5901 *:*
ESTAB 0 52 10.83.3.102:32200 10.83.3.11:58406
ESTAB 0 0 10.83.3.102:51386 106.2.67.75:19920
顯示 Sockets 摘要
root@newbie-unknown85882:~# ss -s
Total: 115 (kernel 118)
TCP: 8 (estab 2, closed 0, orphaned 0, synrecv 0, timewait 0/0), ports 0
Transport Total IP IPv6
* 118 - -
RAW 1 1 0
UDP 4 4 0
TCP 8 8 0
INET 13 13 0
FRAG 0 0 0
root@newbie-unknown85882:~#
列出所有打開的網(wǎng)絡(luò)連接端口
root@newbie-unknown85882:~# ss -l
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
nl UNCONN 0 0 rtnl:ntpd/623 *
nl UNCONN 0 0 rtnl:kernel *
nl UNCONN 0 0 rtnl:ntpd/623 *
nl UNCONN 4352 0 tcpdiag:ss/22134 *
nl UNCONN 768 0
...
...
tcp LISTEN 0 128 *:32200 *:*
tcp LISTEN 0 5 127.0.0.1:5901 *:*
root@newbie-unknown85882:~#
查看進(jìn)程使用的socket
root@newbie-unknown85882:~# ss -pl
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
nl UNCONN 0 0 rtnl:ntpd/623 *
nl UNCONN 0 0 rtnl:kernel *
nl UNCONN 0 0 rtnl:ntpd/623 *
nl UNCONN 4352 0 tcpdiag:ss/22157 *
nl UNCONN 768 0 tcpdiag:kernel *
nl UNCONN 0 0
...
...
tcp LISTEN 0 128 *:32200 *:* users:(("sshd",pid=539,fd=3))
tcp LISTEN 0 5 127.0.0.1:5901 *:* users:(("Xtigervnc",pid=3985,fd=7))
找出打開套接字/端口應(yīng)用程序
root@newbie-unknown85882:~# ss -pl | grep 32200
tcp LISTEN 0 128 *:32200 *:* users:(("sshd",pid=539,fd=3))
root@newbie-unknown85882:~#
顯示所有UDP Sockets
root@newbie-unknown85882:~# ss -u -a
State Recv-Q Send-Q Local Address:Port Peer Address:Port
UNCONN 0 0 *:bootpc *:*
UNCONN 0 0 10.83.3.102:ntp *:*
UNCONN 0 0 127.0.0.1:ntp *:*
UNCONN 0 0 *:ntp *:*
root@newbie-unknown85882:~#
3. ethtool
語(yǔ)法
ethtool (選項(xiàng))
選項(xiàng)
-a 查看網(wǎng)卡中 接收模塊RX每强、發(fā)送模塊TX和Autonegotiate模塊的狀態(tài):?jiǎn)?dòng)on 或 停用off。
-A 修改網(wǎng)卡中 接收模塊RX州刽、發(fā)送模塊TX和Autonegotiate模塊的狀態(tài):?jiǎn)?dòng)on 或 停用off空执。
-c display the Coalesce information of the specified ethernet card。
-C Change the Coalesce setting of the specified ethernet card穗椅。
-g Display the rx/tx ring parameter information of the specified ethernet card辨绊。
-G change the rx/tx ring setting of the specified ethernet card。
-i 顯示網(wǎng)卡驅(qū)動(dòng)的信息匹表,如驅(qū)動(dòng)的名稱门坷、版本等。
-d 顯示register dump信息, 部分網(wǎng)卡驅(qū)動(dòng)不支持該選項(xiàng)袍镀。
-e 顯示EEPROM dump信息默蚌,部分網(wǎng)卡驅(qū)動(dòng)不支持該選項(xiàng)。
-E 修改網(wǎng)卡EEPROM byte苇羡。
-k 顯示網(wǎng)卡Offload參數(shù)的狀態(tài):on 或 off绸吸,包括rx-checksumming、tx-checksumming等宣虾。
-K 修改網(wǎng)卡Offload參數(shù)的狀態(tài)惯裕。
-p 用于區(qū)別不同ethX對(duì)應(yīng)網(wǎng)卡的物理位置,常用的方法是使網(wǎng)卡port上的led不斷的閃绣硝;N指示了網(wǎng)卡閃的持續(xù)時(shí)間蜻势,以秒為單位。
-r 如果auto-negotiation模塊的狀態(tài)為on鹉胖,則restarts auto-negotiation握玛。
-S 顯示NIC- and driver-specific 的統(tǒng)計(jì)參數(shù)够傍,如網(wǎng)卡接收/發(fā)送的字節(jié)數(shù)、接收/發(fā)送的廣播包個(gè)數(shù)等挠铲。
-t 讓網(wǎng)卡執(zhí)行自我檢測(cè)冕屯,有兩種模式:offline or online拂苹。
-s 修改網(wǎng)卡的部分配置,包括網(wǎng)卡速度浴韭、單工/全雙工模式念颈、mac地址等连霉。
查看網(wǎng)卡速度
[root@localhost~]#ethtool eth0
Settings for eth0:
Supported ports: [ TP ]
Supported link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Full
Supported pause frame use: No
Supports auto-negotiation: Yes
Advertised link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Full
Advertised pause frame use: No
Advertised auto-negotiation: Yes
Speed: 1000Mb/s
Duplex: Full
Port: Twisted Pair
PHYAD: 0
Transceiver: internal
Auto-negotiation: on
MDI-X: Unknown
Supports Wake-on: d
Wake-on: d
Current message level: 0x00000007 (7)
drv probe link
Link detected: yes
查看網(wǎng)卡eth0采用了何種驅(qū)動(dòng)
[root@localhost~]#ethtool -i eth0
driver: e1000
version: 7.3.21-k8-NAPI
firmware-version:
bus-info: 0000:02:01.0
supports-statistics: yes
supports-test: yes
supports-eeprom-access: yes
supports-register-dump: yes
supports-priv-flags: no
查看網(wǎng)卡接收/發(fā)送數(shù)據(jù)的情況
[root@localhost~]#ethtool -S eth0
NIC statistics:
rx_packets: 2098498
tx_packets: 512
rx_bytes: 339979810
tx_bytes: 28161
rx_broadcast: 0
tx_broadcast: 0
rx_multicast: 0
tx_multicast: 0
rx_errors: 0
tx_errors: 0
tx_dropped: 0
multicast: 0
collisions: 0
rx_length_errors: 0
rx_over_errors: 0
rx_crc_errors: 0
rx_frame_errors: 0
rx_no_buffer_count: 0
rx_missed_errors: 0
tx_aborted_errors: 0
tx_carrier_errors: 0
tx_fifo_errors: 0
tx_heartbeat_errors: 0
tx_window_errors: 0
tx_abort_late_coll: 0
tx_deferred_ok: 0
tx_single_coll_ok: 0
tx_multi_coll_ok: 0
tx_timeout_count: 0
tx_restart_queue: 0
rx_long_length_errors: 0
rx_short_length_errors: 0
rx_align_errors: 0
tx_tcp_seg_good: 0
tx_tcp_seg_failed: 0
rx_flow_control_xon: 0
rx_flow_control_xoff: 0
tx_flow_control_xon: 0
tx_flow_control_xoff: 0
rx_long_byte_count: 339979810
rx_csum_offload_good: 1720975
rx_csum_offload_errors: 0
alloc_rx_buff_failed: 0
tx_smbus: 0
rx_smbus: 0
dropped_smbus: 0
4. ifrename
Name
ifrename - rename network interfaces based on various static criteria
Synopsis
ifrename [-c configfile] [-p] [-d] [-u] [-v] [-V] [-D]
ifrename [-c configfile] [-i interface] [-n newname]
Description
Ifrename is a tool allowing you to assign a consistent name to each of your network interface.
By default, interface names are dynamic, and each network interface is assigned the first available name (eth0, eth1...). The order network interfaces are created may vary. For built-in interfaces, the kernel boot time enumeration may vary. For removable interface, the user may plug them in any order.
Ifrename allow the user to decide what name a network interface will have. Ifrename can use a variety of selectors to specify how interface names match the network interfaces on the system, the most common selector is the interface MAC address.
Ifrename must be run before interfaces are brought up, which is why it's mostly useful in various scripts (init, hotplug) but is seldom used directly by the user. By default, ifrename renames all present system interfaces using mappings defined in /etc/iftab.
Parameters
-c configfile
Set the configuration file to be used (by default /etc/iftab). The configuration file define the mapping between selectors and interface names, and is described in iftab(5).
If configfile is "-", the configuration is read from stdin.
-p
Probe (load) kernel modules before renaming interfaces. By default ifrename only check interfaces already loaded, and doesn't auto-load the required kernel modules. This option enables smooth integration with system not loading modules before calling ifrename.
-d
Enable various Debian specific hacks. Combined with -p, only modules for interfaces specified in /etc/network/interface are loaded.
-i interface
Only rename the specified interface as opposed to all interfaces on the system. The new interface name is printed.
-n newname
When used with -i, specify the new name of the interface. The list of mappings from the configuration file is bypassed, the interface specified with -i is renamed directly to newname. The new name may be a wildcard containing a single '*'.
When used without -i, rename interfaces by using only mappings that would rename them to newname. The new name may not be a wildcard. This use of ifrename is discouraged, because inefficient (-n without -i). All the interfaces of the system need to be processed at each invocation, therefore in most case it is not faster than just letting ifrename renaming all of them (without both -n and -i).
-t
Enable name takeover support. This allow interface name swapping between two or more interfaces.
Takeover enable an interface to 'steal' the name of another interface. This works only with kernel 2.6.X and if the other interface is down. Consequently, this is not compatible with Hotplug. The other interface is assigned a random name, but may be renamed later with 'ifrename'.
The number of takeovers is limited to avoid circular loops, and therefore some complex multi-way name swapping situations may not be fully processed.
In any case, name swapping and the use of this feature is discouraged, and you are invited to choose unique and unambiguous names for your interfaces...
-u
Enable udev output mode. This enables proper integration of ifrename in the udev framework, udevd(8) will use ifrename to assign interface names present in /etc/iftab. In this mode the output of ifrename can be parsed directly by udevd(8) as an IMPORT action. This requires udev version 107 or later.
-D
Dry-run mode. Ifrename won't change any interface, it will only print new interface name, if applicable, and return.
In dry-run mode, interface name wildcards are not resolved. New interface name is printed, even if it is the same as the old name.
Be also aware that some selectors can only be read by root, for example those based on ethtool), and will fail silently if run by a normal user. In other words, dry-run mode under a standard user may not give the expected result.
-V
Verbose mode. Ifrename will display internal results of parsing its configuration file and querying the interfaces selectors. Combined with the dry-run option, this is a good way to debug complex configurations or trivial problems.
Files
/etc/iftab
