命令

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
ip address show
ifconfig -s
ifconfig -a
netstat -i
ifconfig <iface> up
ifconfig <iface> down
ps aux |grep 8118 |grep -v grep | awk '{print $2}' | xargs kill -9
ip add show up |grep inet |grep -v inet6 |awk '{print $2"\t"$(NF) }'
ip link set <device> up
ip link set <device> down
ip -br link show
ip -br address show
ip -br address show up
ip -4 -brief address show
ip -oneline address show
ip -oneline -4 address show up
ip -s link
ip -s link show up
ip -s link show kube-ipvs0
ip route get 74.125.226.35
ip route show | grep ^default | cut -d ' ' -f 3-5
netstat -rn
route -n
ip a show eth0
ip a list eth0
ip a show dev eth0
ip -4 a
ip -6 a
ip link ls up
ip a add {ip_addr/mask} dev {interface}
ip a add 192.168.1.200/255.255.255.0 dev eth0
ip a add 192.168.1.200/24 dev eth0
ip addr add brd {ADDDRESS-HERE} dev {interface}
ip addr add broadcast {ADDDRESS-HERE} dev {interface}
ip addr add broadcast 172.20.10.255 dev dummy0
ip addr add 192.168.1.50/24 brd + dev eth0 label eth0Home
ip addr add 127.0.0.1/8 dev lo brd + scope host
ip a del {ipv6_addr_OR_ipv4_addr} dev {interface}
ip a del 192.168.1.200/24 dev eth0
ip -s -s a f to 192.168.2.0/24
ip -4 addr flush label "ppp*"
ip -4 addr flush label "eth*"
ip link set dev {DEVICE} {up|down}
ip link set dev eth1 down
ip link set dev eth1 up
ip link set txqueuelen 10000 dev eth0
ip a list eth0
ip link set mtu {NUMBER} dev {DEVICE}
ip link set mtu 9000 dev eth0
ip a list eth0
ip n show
ip neigh show
ip route add {NETWORK/MASK} via {GATEWAYIP}
ip route add {NETWORK/MASK} dev {DEVICE}
ip route add default {NETWORK/MASK} dev {DEVICE}
ip route add default {NETWORK/MASK} via {GATEWAYIP}
nslookup -qt=A tool.chinaz.com 8.8.8.8
dig +short -p 1053 @127.0.0.1 baidu.com
dig +noall +answer AAAA -p 1053 @127.0.0.1 youku.com
dig +short A kubernetes.default.svc.cluster.local
dig +noall +answer A -p 53 @10.254.0.2 kubernetes.default.svc.cluster.local
host -v kubernetes
nc -nvz 192.168.33.26 30001-30020
nc -nvuz 10.254.0.2 53
sudo netstat -tunlp
netstat -rn
route -n
ss -plnt
ss -lp | tr -s ' ' '\t'
ss -o state established '( dport = :ssh or sport = :ssh )'
ss -o state established '( dport = :http or sport = :http )'
ss -4 state closing
ss -n src 192.168.33.27
ss dst 192.168.1.5:443
ss -t -a
ss -s
ss -lp
ss -wa
ss -wa
ss -ta
ss -ua
sudo iptables -L -n -t filter |grep policy
sudo iptables -L -n -t nat |grep policy
cat /proc/net/tcp
cat /proc/net/tcp6
cat /proc/net/udp
cat /proc/sys/net/ipv4/ip_local_port_range
cat /proc/[PID]]/cgroup
ls -al /proc/[PID]/fd
cat /proc/net/tcp |tail -n +2 | cut -c 16-19 |sort|uniq
cat /proc/net/tcp |tail -n +2 | cut -c 16-19 |sort|uniq |awk '{print "0x"$1}' | xargs printf "%d\n"
### awk
cat /proc/net/tcp |tail -n +2 | awk '{print $2}' | awk -F ':' '{print $2}' |sort|uniq
cat /proc/net/tcp |tail -n +2 | awk '{print $2}' | awk -F ':' '{print "0x"$2}' |sort|uniq| xargs printf "%d\n"
## grep
## yum install gawk
grep -v "local_address" /proc/net/tcp* | awk '{print $3}' | awk -F ':' '{print "0x"$2}'
grep -v "local_address" /proc/net/tcp* | awk '{print $3}' | awk -F ':' '{printf ("%d\n" , strtonum("0x"$2))}' |sort |uniq
awk '!/local_address/' /proc/net/tcp* | awk '{print $2}' | awk -F ':' '{printf ("%d\n" , strtonum("0x"$2))}'
lsof -i -P -n | grep LISTEN
lsof -Pnl +M -i4
lsof -Pnl +M -i4 | grep 8080
lsof -Pnl +M -i6
lsof -i:port
# 检测到打开套接字的状况
sar -n SOCK
# 查看tcp创建的连接数
tcpdump -iany tcp port 9000
tcpdump -i  eth0  -nnX  port  21
# 对tcp端口为9000的进行抓包
socat TCP4-LISTEN:28222,reuseaddr,fork TCP4:192.168.9.1:22 &
curl -k -H "host:baidu.com" 
wget --no-check-certificate

端口16进制

1
2
3
4
5
6
7
0050=80
1F90=8080
0016=22
2382=9090
1FB6=8118
0CEA=3306
1538=5432

其他

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
#!/bin/bash
#Written by Gemmy.Rao
#Email to: <a href="mailto:chenlin.rao@bj.china.com">chenlin.rao@bj.china.com</a>
#Version 0.2
#CHANGES
#Add -p option for checking other service's port
#Init
PORT=80
WARNING=5000
CRITICAL=20000
#get options
while getopts "w:c:p:hs" OPT;do
    case $OPT in
    w)
        WARNING=${OPTARG}
        ;;
    c)
        CRITICAL=${OPTARG}
        ;;
    p)
        PORT=${OPTARG}
        #转换各端口的十进制成十六进制
        PORT_16=`echo ${PORT}|awk -F, '{for(i=1;i<=NF;i++)printf "|%.4X",$i}'|sed 's/|//'`
        ;;
    h)
        echo "Usage: $0 -w 500 -c 2000 -p 80,8081 -s"
        exit 0
        ;;
    s)
        SILENT=1
        ;;
    *)
        echo "Usage: $0 -w 500 -c 2000 -p 80,8081"
        exit 0
        ;;
    esac
done
#经过time测试,取值速度netstat > awk '//{a++}END{print a}' > cat|grep|wc > cat|awk|wc,在2w连接下,netstat要20s,最快的方式不到5s(一般nagios到10s就该直接报timeout了)
PORT_CONN=`cat /proc/net/tcp*|awk '$2~/:('$PORT_16')$/'|wc -l`
if [[ "$SILENT" == 1 ]];then
    [[ -d /usr/local/nagios ]] || mkdir -p /usr/local/nagios
    echo "Silent log write OK | Port ${PORT}=${PORT_CONN};${WARNING};${CRITICAL};0;0"
    echo -en "`date`t$PORT_CONNn" >> /usr/local/nagios/conn.log
    exit 0
elif [[ "$PORT_CONN" -lt "$WARNING" ]];then
    echo "Port $PORT connection OK for $PORT_CONN. | Port ${PORT}=${PORT_CONN};${WARNING};${CRITICAL};0;0"
    exit 0
elif [[ "$PORT_CONN" -gt "$CRITICAL" ]];then
    echo "Port $PORT connection critical for $PORT_CONN!! | Port ${PORT}=${PORT_CONN};${WARNING};${CRITICAL};0;0"
    exit 2
else
    echo "Port $PORT connection warning for $PORT_CONN! | Port ${PORT}=${PORT_CONN};${WARNING};${CRITICAL};0;0"
    exit 1
fi
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
# Gawk version
# Remote
grep -v "rem_address" /proc/net/tcp  | awk  '{x=strtonum("0x"substr($3,index($3,":")-2,2)); for (i=5; i>0; i-=2) x = x"."strtonum("0x"substr($3,i,2))}{print x":"strtonum("0x"substr($3,index($3,":")+1,4))}'

# Local
grep -v "rem_address" /proc/net/tcp | awk  '{x=strtonum("0x"substr($2,index($2,":")-2,2)); for (i=5; i>0; i-=2) x = x"."strtonum("0x"substr($2,i,2))}{print x":"strtonum("0x"substr($2,index($2,":")+1,4))}'

# No Gawk
# Local
grep -v "rem_address" /proc/net/tcp  | awk 'function hextodec(str,ret,n,i,k,c){
    ret = 0
    n = length(str)
    for (i = 1; i <= n; i++) {
        c = tolower(substr(str, i, 1))
        k = index("123456789abcdef", c)
        ret = ret * 16 + k
    }
    return ret
} {x=hextodec(substr($2,index($2,":")-2,2)); for (i=5; i>0; i-=2) x = x"."hextodec(substr($2,i,2))}{print x":"hextodec(substr($2,index($2,":")+1,4))}'

# Remote
grep -v "rem_address" /proc/net/tcp | awk 'function hextodec(str,ret,n,i,k,c){
    ret = 0
    n = length(str)
    for (i = 1; i <= n; i++) {
        c = tolower(substr(str, i, 1))
        k = index("123456789abcdef", c)
        ret = ret * 16 + k
    }
    return ret
} {x=hextodec(substr($3,index($3,":")-2,2)); for (i=5; i>0; i-=2) x = x"."hextodec(substr($3,i,2))}{print x":"hextodec(substr($3,index($3,":")+1,4))}'


# All in one
awk 'function hextodec(str,ret,n,i,k,c){
    ret = 0
    n = length(str)
    for (i = 1; i <= n; i++) {
        c = tolower(substr(str, i, 1))
        k = index("123456789abcdef", c)
        ret = ret * 16 + k
    }
    return ret
}
function getIP(str,ret){
    ret=hextodec(substr(str,index(str,":")-2,2)); 
    for (i=5; i>0; i-=2) {
        ret = ret"."hextodec(substr(str,i,2))
    }
    ret = ret":"hextodec(substr(str,index(str,":")+1,4))
    return ret
} 
NR > 1 {{if(NR==2)print "Local - Remote";local=getIP($2);remote=getIP($3)}{print local" - "remote}}' /proc/net/tcp

子网

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
# 172.168.20.0/24 主机个数
#【2^(32-24)】-2=254个
# 172.168.20.0/16 主机个数
#【2^(32-16)】-2=65534个

# 191.172.16.10.33/27 中的/27也就是说子网掩码是255.255.255.224 即27个全1
# 子网掩码255.255.255.0,当然十进制是为了方便人的理解,转换成机器能识别的二进制后,每个数段由8个0或1组成,一个完整的IP地址或子网掩码就转换成32个0或1组成的序列
# 可用主机数=【2^ (32-) 】
# 11100000 = 
# 1*2 7= 128
# 1*2 6= 64
# 1*2 5= 32
# 1*2 4= 16
# 1*2 3= 8
# 1*2 2= 4
# 1*2 1= 2
# 1*2 0 =1
###
# 0000 0000 = 0      //  24  【2^(32-24)】-2=254
# 1000 0000 = 128    //  25  【2^(32-25)】-2=126
# 1100 0000 = 192    //  26  【2^(32-26)】-2=62
# 1110 0000 = 224    //  27  【2^(32-27)】-2=30
# 1111 0000 = 240    //  28  【2^(32-28)】-2=14
# 1111 1000 = 248    //  29  【2^(32-29)】-2=6
# 1111 1100 = 252    //  30  【2^(32-30)】-2=2
# 1111 1110 = 254    //  31  【2^(32-31)】-2=0
# 1111 1111 = 255    //  32  【2^(32-32)】-2=

参考