一,网络基础知识
1,常见网络设备:
中继器,集线器,网桥,交换机,路由器
2,OSI七层模型:
(1)物理层:物理设备,传输介质,组网
(2)数据链路层:提供介质访问和链路管理(数据成帧,数据监测,重发,MAC地址寻址,)
(3)网络层:将网络地址转换为物理地址,网络地址寻址,路由转发
(4)传输层:提供端对端的数据交换。
(5)会话层:建立,管理,维护会话(提供点对点连接)
(6) 表示层:数据格式化,数据加密
(7)应用层:为应用程序提供服务
3,TCP/IP的五层,四层模型:
(1)物理层:物理介质,组网,光纤,双绞线
(2)数据链路层:MAC(48位的二进制数,用12个16禁止表示,确定设备位置)。数据成帧,封装,以太网包头。
(3)网络层:IP协议:网络寻址;(网络地址,主机地址)<1>,IP地址划分:ABCDE <2>,子网掩码(与运算) <3>,路由: 静态路由:手工路由表 动态路由:路由协议学习 OSPF,RIP 默认路由:缺省路由(0.0.0.0) <4>,ARP 地址解析 IP——>mac地址
(4)传输层:
<1>端口:数据包区分,IP+端口 > <2>,UDP:简单,容易实现,不可靠传输 > <3>TCP:可靠传输 TCP:报文格式:20字节 > <4>三次握手: 1,建立连接,客户端发送syn包(SYN=1),SYN_SENT,等待服务器确认,同步序号seq=x; > 2,服务器收到syn包,确认syn包,序号ack=x+1,发送SYN=1,seq=y,SYN_REVD状态; > 3,客户端收到服务器的SYN+ACK包,发送ACK(ack=y+1),seq=x+1,服务器和客户端基础连接状态 <5>SYN攻击: 在第一次握手中,攻击者在短时间内伪造大量的syn包发送给服务器端,服务器回复确认包,却等不到客户端的确认,而服务器需要不断的重发至超时,这些伪造的syn包长时间占用未连接队列,正常的syn包被抛弃,严重会引起系统瘫痪。 > <6>四次挥手: 1,客户端请求释放连接,停止发送数据。发送FIN=1,seq=u。进入FIN-WAIT-1, > 2,服务器收到释放连接请求。发出确认报文,ACK=1,ack=u+1,seq=v,进入CLOSE_WAIT。 > 3,客户端收到服务器端的确认请求报文,进FIN_WAIT-2 > 4,服务器端发送完数据。发送释放连接请求,FIN=1,ACK=1,seq=w,ack=u+1,服务器进入LAST-ACK > 5,客户端收到服务器端的释放连接请求,发出确认,ACK=1,seq=u+1,ack=w+1,进入TIME-WAIT(2MSL—最长报文段寿命),进入close > 6,服务器端收到客户端的ACK=1后,直接进入CLOSE
(5)应用层: 数据格式化;
以太网包头+IP包头+TCP/UDP包头+数据包;
二,网络相关命令
1,netstat——显示本机的网络连接,运行端口,路由表等信息
(1)-a:列出系统中所有连接
[root@demo3 ~]# netstat -a
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:ssh *:* LISTEN
tcp 0 0 localhost:smtp *:* LIST
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 9498 @/com/ubuntu/upstart
unix 2 [ ACC ] STREAM LISTENING 12061 public/cleanup
unix 2 [ ACC ] STREAM LISTENING 12068 private/tlsmgr
(2)-t:列出TCP连接
[root@demo3 ~]# netstat -t
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 192.168.3.55:ssh 192.168.3.1:65369 ESTABLISHED
tcp 0 0 192.168.3.55:ssh 192.168.3.1:51788 ESTABLISHED
tcp 0 0 192.168.3.55:ssh 192.168.3.1:65366 ESTABLISHED
(3)-u:列出UDP连接
[root@demo3 ~]# netstat -u
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
注:由于没有UDP连接
(4)-l:列出当前系统正在监听的服务
[root@demo3 ~]# netstat -l
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:ssh *:* LISTEN
tcp 0 0 localhost:smtp *:* LISTEN
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 9498 @/com/ubuntu/upstart
unix 2 [ ACC ] STREAM LISTENING 12061 public/cleanup
unix 2 [ ACC ] STREAM LISTENING 12068 private/tlsmgr
(5)-n:用端口显示服务,而不是服务名
[root@demo3 ~]# netstat -n
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 192.168.3.55:22 192.168.3.1:65369 ESTABLISHED
tcp 0 0 192.168.3.55:22 192.168.3.1:51788 ESTABLISHED
tcp 0 0 192.168.3.55:22 192.168.3.1:65366 ESTABLISHED
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ] DGRAM 9920 @/org/kernel/udev/udevd
unix 8 [ ] DGRAM 11684 /dev/log
(6)-p:显示服务的进程ID(PID)
[root@demo3 ~]# netstat -p
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 192.168.3.55:ssh 192.168.3.1:65369 ESTABLISHED 1448/sshd
tcp 0 0 192.168.3.55:ssh 192.168.3.1:51788 ESTABLISHED 1340/sshd
tcp 0 48 192.168.3.55:ssh 192.168.3.1:65366 ESTABLISHED 1444/sshd
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags Type State I-Node PID/Program name Path
unix 2 [ ] DGRAM 9920 489/udevd @/org/kernel/udev/udevd
(7)-s:按协议统计
[root@demo3 ~]# netstat -s
Ip:
1534 total packets received
1 with invalid addresses
0 forwarded
0 incoming packets discarded
1466 incoming packets delivered
958 requests sent out
12 outgoing packets dropped
Icmp:
50 ICMP messages received
0 input ICMP message failed.
ICMP input histogram:
destination unreachable: 50
50 ICMP messages sent
0 ICMP messages failed
(8)-c:每隔固定时间执行
[root@demo3 ~]# netstat -c
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 192.168.3.55:ssh 192.168.3.1:65369 ESTABLISHED
tcp 0 0 192.168.3.55:ssh 192.168.3.1:51788 ESTABLISHED
tcp 0 0 192.168.3.55:ssh 192.168.3.1:65366 ESTABLISHED
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ] DGRAM 9920 @/org/kernel/udev/udevd
unix 8 [ ] DGRAM 11684 /dev/log
注:命令一直在执行。
(9)-r:显示路由
[root@demo3 ~]# netstat -r
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.3.0 * 255.255.255.0 U 0 0 0 eth0
link-local * 255.255.0.0 U 0 0 0 eth0
default 192.168.3.2 0.0.0.0 UG 0 0 0 eth0
2,ss——显示当前网络接口的状态
(1)-t:列出TCP连接
[root@demo3 ~]# ss -t
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 0 192.168.3.55:ssh 192.168.3.1:65369
ESTAB 0 0 192.168.3.55:ssh 192.168.3.1:51788
ESTAB 0 0 192.168.3.55:ssh 192.168.3.1:65366
(2)-u:列出UDP连接
[root@demo3 ~]# ss -u
State Recv-Q Send-Q Local Address:Port Peer Address:Port
注:没有UDP连接·。
(3)-l:监听状态的连接
[root@demo3 ~]# ss -l
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 :::ssh :::*
LISTEN 0 128 *:ssh *:*
LISTEN 0 100 ::1:smtp :::*
LISTEN 0 100 127.0.0.1:smtp *:*
(4)-a:所有连接
[root@demo3 ~]# ss -a
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 :::ssh :::*
LISTEN 0 128 *:ssh *:*
LISTEN 0 100 ::1:smtp :::*
LISTEN 0 100 127.0.0.1:smtp *:*
ESTAB 0 0 192.168.3.55:ssh 192.168.3.1:65369
ESTAB 0 0 192.168.3.55:ssh 192.168.3.1:51788
ESTAB 0 0 192.168.3.55:ssh 192.168.3.1:65366
(5)-p:显示服务的进程ID(PID)
[root@demo3 ~]# ss -p
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 0 192.168.3.55:ssh 192.168.3.1:65369 users:(("sshd",1448,3))
ESTAB 0 0 192.168.3.55:ssh 192.168.3.1:51788 users:(("sshd",1340,3))
ESTAB 0 0 192.168.3.55:ssh 192.168.3.1:65366 users:(("sshd",1444,3))
(6)-e:扩展信息
[root@demo3 ~]# ss -e
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 0 192.168.3.55:ssh 192.168.3.1:65369 timer:(keepalive,74min,0) ino:13419 sk:ffff88003bbbc0c0
ESTAB 0 0 192.168.3.55:ssh 192.168.3.1:51788 timer:(keepalive,37min,0) ino:12661 sk:ffff880037720800
ESTAB 0 0 192.168.3.55:ssh 192.168.3.1:65366 timer:(keepalive,74min,0) ino:13356 sk:ffff88003bbbc7c0
(7)-m:连接使用内存信息
[root@demo3 ~]# ss -m
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 0 192.168.3.55:ssh 192.168.3.1:65369
mem:(r0,w0,f0,t0)
ESTAB 0 0 192.168.3.55:ssh 192.168.3.1:51788
mem:(r0,w0,f0,t0)
ESTAB 0 48 192.168.3.55:ssh 192.168.3.1:65366
mem:(r0,w600,f3496,t0)
3,traceroute——获取当前主机到目标主机经过的路由
[root@demo3 ~]# traceroute www.baidu.com
traceroute to www.baidu.com (39.156.66.18), 30 hops max, 60 byte packets
1 192.168.3.2 (192.168.3.2) 0.341 ms 0.240 ms 0.244 ms
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * *^C
4,mtr——获取当前主机到目标主机经过的路由
(1)-r:以报告的形式显示
[root@demo3 ~]# mtr -r 192.168.3.2
HOST: demo3 Loss% Snt Last Avg Best Wrst StDev
1. 192.168.3.2 0.0% 10 0.5 0.4 0.1 0.5 0.1
(2)-a:那个IP地址发送数据包(适用于一个主机有多个IP)
(3)-s:指定ping包大小
5,wget——网上下载
(1)-nd,–no-directories:忽略目录层级
[root@demo3 ~]# wget -nd https://mirror.bit.edu.cn/apache/httpd/httpd-2.4.38.tar.gz
(2)-r:下载目录结构
[root@demo3 ~]# wget -r https://mirror.bit.edu.cn/apache/httpd/httpd-2.4.38.tar.gz
--2019-08-01 19:56:17-- https://mirror.bit.edu.cn/apache/httpd/httpd-2.4.38.tar.gz
(3)-c:断点续传
[root@demo3 ~]# wget -c https://mirror.bit.edu.cn/apache/httpd/httpd-2.4.38.tar.gz
(4)-O filename:重命名
[root@demo3 ~]# wget -O apache https://mirror.bit.edu.cn/apache/httpd/httpd-2.4.38.tar.gz
(5)-q:不输出任何信息
[root@demo3 ~]# wget -q https://mirror.bit.edu.cn/apache/httpd/httpd-2.4.38.tar.gz
(6)-t num:指定重试次数,默认是20次(-t 0不限制)
[root@demo3 ~]# wget -t 5 https://mirror.bit.edu.cn/apache/httpd/httpd-2.4.38.tar.gz
(7)–limit-rate=num:限速下载
[root@demo3 ~]# wget --limit-rate=50k https://mirror.bit.edu.cn/apache/httpd/httpd-2.4.38.tar.gz
--2019-08-01 20:01:00-- https://mirror.bit.edu.cn/apache/httpd/httpd-2.4.38.tar.gz
Resolving mirror.bit.edu.cn... 219.143.204.117, 202.204.80.77, 2001:da8:204:1::22
Connecting to mirror.bit.edu.cn|219.143.204.117|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 9187294 (8.8M) [application/octet-stream]
Saving to: “httpd-2.4.38.tar.gz.1”
1% [ ] 114,420 50.0K/s ^
(8)-b:后台下载
[root@demo3 ~]# wget -b https://mirror.bit.edu.cn/apache/httpd/httpd-2.4.38.tar.gz
Continuing in background, pid 1564.
Output will be written to “wget-log”.
6,scp——复制
[root@demo3 ~]# yum install openssh-clients(下载scp)