抓包工具

红色的比较重要。读一下这些工具的源码。

iperf：网络性能测试工具

https:///iperf-doc.php

-t：指定监听时间(s)

-i：指定打印间隔(s)

默认TCP窗口大小为128KB

监听30s，每隔2s打印一次。

-w ：指定TCP窗口大小

改变窗口大小看看：

-n：发送多少数据

-m： --print_mss

Tcpdump

标志中C表示cache

tcpdump过滤协议：

tcpdump中三种逻辑运算，取非运算是 'not ' '! ', 与运算是'and','&&';或运算 是'or' ,'||'；

使用and、&&

arp

ethtool

ethtool ens33：查询网口基本信息，包括速率、双工、自协商信息等。

下面这个Link detected：yes表示这个网口是接了网线的。

root@hy-virtual-machine:~# ethtool ens33Settings for ens33: Supported ports: [ TP ] // 支持模式 Supported link modes: 10baseT/Half 10baseT/Full 100baseT/Half 100baseT/Full 1000baseT/Full Supported pause frame use: No Supports auto-negotiation: Yes // 支持自动协商 Supported FEC modes: Not reported // 通告模式 Advertised link modes: 10baseT/Half 10baseT/Full 100baseT/Half 100baseT/Full 1000baseT/Full Advertised pause frame use: No Advertised auto-negotiation: Yes // 使用自动协商 Advertised FEC modes: Not reported Speed: 1000Mb/s // 当前速率 1000Mb/s Duplex: Full // 工作模式为全双工 Port: Twisted Pair PHYAD: 0 Transceiver: internal Auto-negotiation: on // 自动协商打开 MDI-X: off (auto) Supports Wake-on: d Wake-on: d Current message level: 0x00000007 (7) drv probe link Link detected: yes //端口接了网线

ethtool -i ens33：查询网卡驱动信息

ethtool -d ens33：查询网路设备寄存器信息

root@hy-virtual-machine:~# ethtool -d ens33MAC Registers-------------0x00000: CTRL (Device control register)  0x00C00249 //控制寄存器      Endian mode (buffers):             little      Link reset:                        reset      Set link up:                       1      Invert Loss-Of-Signal:             no      Receive flow control:              disabled      Transmit flow control:             disabled      VLAN mode:                         disabled      Auto speed detect:                 disabled      Speed select:                      1000Mb/s      Force speed:                       no      Force duplex:                      no0x00008: STATUS (Device status register) 0x0000CB83 //状态寄存器      Duplex:                            full      Link up:                           link config      TBI mode:                          disabled      Link speed:                        1000Mb/s      Bus type:                          PCI      Bus speed:                         66MHz      Bus width:                         32-bit0x00100: RCTL (Receive control register) 0x00008002 //接收控制寄存器      Receiver:                          enabled      Store bad packets:                 disabled      Unicast promiscuous:               disabled      Multicast promiscuous:             disabled      Long packet:                       disabled      Descriptor minimum threshold size: 1/2      Broadcast accept mode:             accept      VLAN filter:                       disabled      Canonical form indicator:          disabled      Discard pause frames:              filtered      Pass MAC control frames:           don't pass      Receive buffer size:               20480x02808: RDLEN (Receive desc length)     0x000010000x02810: RDH   (Receive desc head)       0x000000920x02818: RDT   (Receive desc tail)       0x000000900x02820: RDTR  (Receive delay timer)     0x000000000x00400: TCTL (Transmit ctrl register)   0x0103F0FA      Transmitter:                       enabled      Pad short packets:                 enabled      Software XOFF Transmission:        disabled      Re-transmit on late collision:     enabled0x03808: TDLEN (Transmit desc length)    0x000010000x03810: TDH   (Transmit desc head)      0x000000270x03818: TDT   (Transmit desc tail)      0x000000270x03820: TIDV  (Transmit delay timer)    0x00000008PHY type:                                M88M88 PHY STATUS REGISTER:                 0x0000AC00      Jabber:                            no      Polarity:                          normal      Downshifted:                       no      MDI/MDIX:                          MDI      Cable Length Estimate:             0-50 meters      Link State:                        Up      Speed & Duplex Resolved:           Yes      Page Received:                     No      Duplex:                            Full      Speed:                             1000 mbpsM88 PHY CONTROL REGISTER:                0x00000B68      Jabber function:                   enabled      Auto-polarity:                     disabled      SQE Test:                          disabled      CLK125:                            enabled      Auto-MDIX:                         auto      Extended 10Base-T Distance:        disabled      100Base-TX Interface:              5-bit      Scrambler:                         disabled      Force Link Good:                   disabled      Assert CRS on Transmit:            enabled

ethtool - S ens33：查询网口收发包统计信息

root@hy-virtual-machine:~# ethtool -S ens33NIC statistics: rx_packets: 348285 tx_packets: 167633 rx_bytes: 295334312 tx_bytes: 29736337 rx_broadcast: 0 tx_broadcast: 0 rx_multicast: 0 tx_multicast: 0 rx_errors: 0 tx_errors: 0 tx_dropped: 0 multicast: 0 collisions: 0 rx_length_errors: 0 rx_over_errors: 0 rx_crc_errors: 0 rx_frame_errors: 0 rx_no_buffer_count: 0 rx_missed_errors: 0 tx_aborted_errors: 0 tx_carrier_errors: 0 tx_fifo_errors: 0 tx_heartbeat_errors: 0 tx_window_errors: 0 tx_abort_late_coll: 0 tx_deferred_ok: 0 tx_single_coll_ok: 0 tx_multi_coll_ok: 0 tx_timeout_count: 0 tx_restart_queue: 0 rx_long_length_errors: 0 rx_short_length_errors: 0 rx_align_errors: 0 tx_tcp_seg_good: 1390 tx_tcp_seg_failed: 0 rx_flow_control_xon: 0 rx_flow_control_xoff: 0 tx_flow_control_xon: 0 tx_flow_control_xoff: 0 rx_long_byte_count: 295334312 rx_csum_offload_good: 261684 rx_csum_offload_errors: 1 alloc_rx_buff_failed: 0 tx_smbus: 0 rx_smbus: 0 dropped_smbus: 0

ethtool -s ens33 autoneg off speed 100 duplex full ：设置网口工作速率、双工、自协商

root@hy-virtual-machine:~# ethtool -s ens33 autoneg off speed 100 duplex full  root@hy-virtual-machine:~# ethtool ens33Settings for ens33:        Supported ports: [ TP ]        Supported link modes:   10baseT/Half 10baseT/Full                                 100baseT/Half 100baseT/Full                                 1000baseT/Full         Supported pause frame use: No        Supports auto-negotiation: Yes        Supported FEC modes: Not reported        Advertised link modes:  Not reported        Advertised pause frame use: No        Advertised auto-negotiation: No        Advertised FEC modes: Not reported        Speed: 100Mb/s        Duplex: Full        Port: Twisted Pair        PHYAD: 0        Transceiver: internal        Auto-negotiation: off        MDI-X: off (auto)        Supports Wake-on: d        Wake-on: d        Current message level: 0x00000007 (7)                               drv probe link        Link detected: yes

ip命令

ip -s link ls ens33：查看端口收发包信息

root@hy-virtual-machine:~# ip -s link ls ens332: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000 link/ether 00:0c:29:59:dd:f5 brd ff:ff:ff:ff:ff:ff RX: bytes packets errors dropped overrun mcast 294140472 351070 0 16228 0 0 TX: bytes packets errors dropped carrier collsns 29853978 168800 0 0 0 0

ip link show：查看端口二层信息

root@hy-virtual-machine:~# ip link show1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:002: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000    link/ether 00:0c:29:59:dd:f5 brd ff:ff:ff:ff:ff:ff

ip addr show：查看端口二三层信息

root@hy-virtual-machine:~# ip addr show1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 00:0c:29:59:dd:f5 brd ff:ff:ff:ff:ff:ff inet 192.168.1.6/24 brd 192.168.1.255 scope global noprefixroute ens33 valid_lft forever preferred_lft forever inet6 2409:8a4d:c52:60e0:d04:f582:6766:6078/64 scope global temporary dynamic valid_lft 258924sec preferred_lft 82304sec inet6 2409:8a4d:c52:60e0:9cb5:72a9:1d3f:a4d3/64 scope global dynamic mngtmpaddr noprefixroute valid_lft 258924sec preferred_lft 172524sec inet6 fe80::cfbd:7121:57cc:56f4/64 scope link noprefixroute valid_lft forever preferred_lft forever

nmap：重要

root@hy-virtual-machine:~# nmap -v localhostStarting Nmap 7.80 ( https:// ) at 2020-06-01 21:27 CSTInitiating SYN Stealth Scan at 21:27Scanning localhost (127.0.0.1) [1000 ports]Discovered open port 139/tcp on 127.0.0.1Discovered open port 22/tcp on 127.0.0.1Discovered open port 445/tcp on 127.0.0.1Discovered open port 631/tcp on 127.0.0.1Completed SYN Stealth Scan at 21:27, 0.08s elapsed (1000 total ports)Nmap scan report for localhost (127.0.0.1)Host is up (0.0000090s latency).Not shown: 996 closed portsPORT    STATE SERVICE22/tcp  open  ssh139/tcp open  netbios-ssn445/tcp open  microsoft-ds631/tcp open  ippRead data files from: /usr/bin/../share/nmapNmap done: 1 IP address (1 host up) scanned in 0.15 seconds           Raw packets sent: 1000 (44.000KB) | Rcvd: 2004 (84.176KB)

nslookup：

域名解析

root@hy-virtual-machine:~# nslookup www.baidu.comServer: 127.0.0.53Address: 127.0.0.53#53Non-authoritative answer:www.baidu.com canonical name = www.a.shifen.com.Name: www.a.shifen.comAddress: 36.152.44.96Name: www.a.shifen.comAddress: 36.152.44.95Name: www.a.shifen.comAddress: ::1