# 命令 ```bash ip address show ifconfig -s ifconfig -a netstat -i ifconfig up ifconfig down ps aux |grep 8118 |grep -v grep | awk '{print $2}' | xargs kill -9 ip add show up |grep inet |grep -v inet6 |awk '{print $2"\t"$(NF) }' ip link set up ip link set down ip -br link show ip -br address show ip -br address show up ip -4 -brief address show ip -oneline address show ip -oneline -4 address show up ip -s link ip -s link show up ip -s link show kube-ipvs0 ip route get 74.125.226.35 ip route show | grep ^default | cut -d ' ' -f 3-5 netstat -rn route -n ip a show eth0 ip a list eth0 ip a show dev eth0 ip -4 a ip -6 a ip link ls up ip a add {ip_addr/mask} dev {interface} ip a add 192.168.1.200/255.255.255.0 dev eth0 ip a add 192.168.1.200/24 dev eth0 ip addr add brd {ADDDRESS-HERE} dev {interface} ip addr add broadcast {ADDDRESS-HERE} dev {interface} ip addr add broadcast 172.20.10.255 dev dummy0 ip addr add 192.168.1.50/24 brd + dev eth0 label eth0Home ip addr add 127.0.0.1/8 dev lo brd + scope host ip a del {ipv6_addr_OR_ipv4_addr} dev {interface} ip a del 192.168.1.200/24 dev eth0 ip -s -s a f to 192.168.2.0/24 ip -4 addr flush label "ppp*" ip -4 addr flush label "eth*" ip link set dev {DEVICE} {up|down} ip link set dev eth1 down ip link set dev eth1 up ip link set txqueuelen 10000 dev eth0 ip a list eth0 ip link set mtu {NUMBER} dev {DEVICE} ip link set mtu 9000 dev eth0 ip a list eth0 ip n show ip neigh show ip route add {NETWORK/MASK} via {GATEWAYIP} ip route add {NETWORK/MASK} dev {DEVICE} ip route add default {NETWORK/MASK} dev {DEVICE} ip route add default {NETWORK/MASK} via {GATEWAYIP} nslookup -qt=A tool.chinaz.com 8.8.8.8 dig +short -p 1053 @127.0.0.1 baidu.com dig +noall +answer AAAA -p 1053 @127.0.0.1 youku.com dig +short A kubernetes.default.svc.cluster.local dig +noall +answer A -p 53 @10.254.0.2 kubernetes.default.svc.cluster.local host -v kubernetes nc -nvz 192.168.33.26 30001-30020 nc -nvuz 10.254.0.2 53 sudo netstat -tunlp netstat -rn route -n ss -plnt ss -lp | tr -s ' ' '\t' ss -o state established '( dport = :ssh or sport = :ssh )' ss -o state established '( dport = :http or sport = :http )' ss -4 state closing ss -n src 192.168.33.27 ss dst 192.168.1.5:443 ss -t -a ss -s ss -lp ss -wa ss -wa ss -ta ss -ua sudo iptables -L -n -t filter |grep policy sudo iptables -L -n -t nat |grep policy cat /proc/net/tcp cat /proc/net/tcp6 cat /proc/net/udp cat /proc/sys/net/ipv4/ip_local_port_range cat /proc/[PID]]/cgroup ls -al /proc/[PID]/fd cat /proc/net/tcp |tail -n +2 | cut -c 16-19 |sort|uniq cat /proc/net/tcp |tail -n +2 | cut -c 16-19 |sort|uniq |awk '{print "0x"$1}' | xargs printf "%d\n" ### awk cat /proc/net/tcp |tail -n +2 | awk '{print $2}' | awk -F ':' '{print $2}' |sort|uniq cat /proc/net/tcp |tail -n +2 | awk '{print $2}' | awk -F ':' '{print "0x"$2}' |sort|uniq| xargs printf "%d\n" ## grep ## yum install gawk grep -v "local_address" /proc/net/tcp* | awk '{print $3}' | awk -F ':' '{print "0x"$2}' grep -v "local_address" /proc/net/tcp* | awk '{print $3}' | awk -F ':' '{printf ("%d\n" , strtonum("0x"$2))}' |sort |uniq awk '!/local_address/' /proc/net/tcp* | awk '{print $2}' | awk -F ':' '{printf ("%d\n" , strtonum("0x"$2))}' lsof -i -P -n | grep LISTEN lsof -Pnl +M -i4 lsof -Pnl +M -i4 | grep 8080 lsof -Pnl +M -i6 lsof -i:port # 检测到打开套接字的状况 sar -n SOCK # 查看tcp创建的连接数 tcpdump -iany tcp port 9000 tcpdump -i eth0 -nnX port 21 # 对tcp端口为9000的进行抓包 socat TCP4-LISTEN:28222,reuseaddr,fork TCP4:192.168.9.1:22 & curl -k -H "host:baidu.com" wget --no-check-certificate ``` # 端口16进制 ```toml 0050=80 1F90=8080 0016=22 2382=9090 1FB6=8118 0CEA=3306 1538=5432 ``` # 其他 ```bash #!/bin/bash #Written by Gemmy.Rao #Email to: chenlin.rao@bj.china.com #Version 0.2 #CHANGES #Add -p option for checking other service's port #Init PORT=80 WARNING=5000 CRITICAL=20000 #get options while getopts "w:c:p:hs" OPT;do case $OPT in w) WARNING=${OPTARG} ;; c) CRITICAL=${OPTARG} ;; p) PORT=${OPTARG} #转换各端口的十进制成十六进制 PORT_16=`echo ${PORT}|awk -F, '{for(i=1;i<=NF;i++)printf "|%.4X",$i}'|sed 's/|//'` ;; h) echo "Usage: $0 -w 500 -c 2000 -p 80,8081 -s" exit 0 ;; s) SILENT=1 ;; *) echo "Usage: $0 -w 500 -c 2000 -p 80,8081" exit 0 ;; esac done #经过time测试，取值速度netstat > awk '//{a++}END{print a}' > cat|grep|wc > cat|awk|wc，在2w连接下，netstat要20s，最快的方式不到5s（一般nagios到10s就该直接报timeout了） PORT_CONN=`cat /proc/net/tcp*|awk '$2~/:('$PORT_16')$/'|wc -l` if [[ "$SILENT" == 1 ]];then [[ -d /usr/local/nagios ]] || mkdir -p /usr/local/nagios echo "Silent log write OK | Port ${PORT}=${PORT_CONN};${WARNING};${CRITICAL};0;0" echo -en "`date`t$PORT_CONNn" >> /usr/local/nagios/conn.log exit 0 elif [[ "$PORT_CONN" -lt "$WARNING" ]];then echo "Port $PORT connection OK for $PORT_CONN. | Port ${PORT}=${PORT_CONN};${WARNING};${CRITICAL};0;0" exit 0 elif [[ "$PORT_CONN" -gt "$CRITICAL" ]];then echo "Port $PORT connection critical for $PORT_CONN!! | Port ${PORT}=${PORT_CONN};${WARNING};${CRITICAL};0;0" exit 2 else echo "Port $PORT connection warning for $PORT_CONN! | Port ${PORT}=${PORT_CONN};${WARNING};${CRITICAL};0;0" exit 1 fi ``` ```bash # Gawk version # Remote grep -v "rem_address" /proc/net/tcp | awk '{x=strtonum("0x"substr($3,index($3,":")-2,2)); for (i=5; i>0; i-=2) x = x"."strtonum("0x"substr($3,i,2))}{print x":"strtonum("0x"substr($3,index($3,":")+1,4))}' # Local grep -v "rem_address" /proc/net/tcp | awk '{x=strtonum("0x"substr($2,index($2,":")-2,2)); for (i=5; i>0; i-=2) x = x"."strtonum("0x"substr($2,i,2))}{print x":"strtonum("0x"substr($2,index($2,":")+1,4))}' # No Gawk # Local grep -v "rem_address" /proc/net/tcp | awk 'function hextodec(str,ret,n,i,k,c){ ret = 0 n = length(str) for (i = 1; i <= n; i++) { c = tolower(substr(str, i, 1)) k = index("123456789abcdef", c) ret = ret * 16 + k } return ret } {x=hextodec(substr($2,index($2,":")-2,2)); for (i=5; i>0; i-=2) x = x"."hextodec(substr($2,i,2))}{print x":"hextodec(substr($2,index($2,":")+1,4))}' # Remote grep -v "rem_address" /proc/net/tcp | awk 'function hextodec(str,ret,n,i,k,c){ ret = 0 n = length(str) for (i = 1; i <= n; i++) { c = tolower(substr(str, i, 1)) k = index("123456789abcdef", c) ret = ret * 16 + k } return ret } {x=hextodec(substr($3,index($3,":")-2,2)); for (i=5; i>0; i-=2) x = x"."hextodec(substr($3,i,2))}{print x":"hextodec(substr($3,index($3,":")+1,4))}' # All in one awk 'function hextodec(str,ret,n,i,k,c){ ret = 0 n = length(str) for (i = 1; i <= n; i++) { c = tolower(substr(str, i, 1)) k = index("123456789abcdef", c) ret = ret * 16 + k } return ret } function getIP(str,ret){ ret=hextodec(substr(str,index(str,":")-2,2)); for (i=5; i>0; i-=2) { ret = ret"."hextodec(substr(str,i,2)) } ret = ret":"hextodec(substr(str,index(str,":")+1,4)) return ret } NR > 1 {{if(NR==2)print "Local - Remote";local=getIP($2);remote=getIP($3)}{print local" - "remote}}' /proc/net/tcp ``` # 子网 ```toml # 172.168.20.0/24 主机个数 #【2^（32-24）】-2=254个 # 172.168.20.0/16 主机个数 #【2^（32-16）】-2=65534个 # 191.172.16.10.33/27 中的/27也就是说子网掩码是255.255.255.224 即27个全1 # 子网掩码255.255.255.0，当然十进制是为了方便人的理解，转换成机器能识别的二进制后，每个数段由8个0或1组成，一个完整的IP地址或子网掩码就转换成32个0或1组成的序列 # 可用主机数=【2^ (32-) 】 # 11100000 = # 1*2 7= 128 # 1*2 6= 64 # 1*2 5= 32 # 1*2 4= 16 # 1*2 3= 8 # 1*2 2= 4 # 1*2 1= 2 # 1*2 0 =1 ### # 0000 0000 = 0 // 24 【2^（32-24）】-2=254 # 1000 0000 = 128 // 25 【2^（32-25）】-2=126 # 1100 0000 = 192 // 26 【2^（32-26）】-2=62 # 1110 0000 = 224 // 27 【2^（32-27）】-2=30 # 1111 0000 = 240 // 28 【2^（32-28）】-2=14 # 1111 1000 = 248 // 29 【2^（32-29）】-2=6 # 1111 1100 = 252 // 30 【2^（32-30）】-2=2 # 1111 1110 = 254 // 31 【2^（32-31）】-2=0 # 1111 1111 = 255 // 32 【2^（32-32）】-2= ``` # 参考 * [awk_netstat.sh](https://gist.github.com/staaldraad/4c4c80800ce15b6bef1c1186eaa8da9f) * [Linux ip Command Examples](https://www.cyberciti.biz/faq/linux-ip-command-examples-usage-syntax/)