Chapter 7
Network Tools
Chapter 7: Linux Networking Tools Complete Guide
Networking is the lifeblood of modern Linux systems. This chapter systematically covers the Linux network toolchain: the ip command suite replacing deprecated ifconfig, ss/lsof for socket inspection, the art of HTTP debugging with curl/wget, packet capture with tcpdump, advanced SSH configuration, and diagnostic tools like dig/nc. Master these tools and no network problem will leave you stumped.
7.1 Network Interface Management: the ip Command Suite
The ip command belongs to the iproute2 package and is the modern replacement for legacy tools like ifconfig, route, and arp. ifconfig is deprecated in most distros — always prefer ip in production.
# === ip addr — 管理 IP 地址 ===
ip addr show # 显示所有接口的 IP 地址(简写:ip a)
ip addr show eth0 # 只显示 eth0 接口
ip addr add 192.168.1.100/24 dev eth0 # 添加 IP 地址
ip addr del 192.168.1.100/24 dev eth0 # 删除 IP 地址
# === ip link — 管理网络接口 ===
ip link show # 列出所有接口(简写:ip l)
ip link set eth0 up # 启用接口
ip link set eth0 down # 禁用接口
ip link set eth0 mtu 9000 # 设置 MTU(巨帧)
ip link set eth0 promisc on # 开启混杂模式(抓包用)
# === ip route — 路由表管理 ===
ip route show # 查看路由表(简写:ip r)
ip route add default via 192.168.1.1 # 添加默认网关
ip route add 10.0.0.0/8 via 192.168.1.254 # 添加静态路由
ip route del 10.0.0.0/8 # 删除路由
ip route get 8.8.8.8 # 查询特定目标的路由路径
# === ip neigh — ARP 表(替代 arp 命令)===
ip neigh show # 查看 ARP/NDP 邻居表
ip neigh flush dev eth0 # 清空接口的 ARP 缓存
# === 对比:旧命令 vs 新命令 ===
# ifconfig eth0 → ip addr show eth0
# ifconfig eth0 up → ip link set eth0 up
# route -n → ip route show
# arp -n → ip neigh show
# netstat -rn → ip route show
Why abandon ifconfig?
ifconfigcomes from thenet-toolspackage, unmaintained since 2001 and lacking support for modern Linux networking (VRF, network namespaces, multiple routing tables). Theipcommand fromiproute2is maintained by the kernel team and always stays in sync with the kernel network stack. Ubuntu 18.04+ no longer pre-installsnet-tools.
7.2 Ports and Connections: ss / lsof
ss (Socket Statistics) is the modern replacement for netstat. It reads socket structures directly from the kernel, providing faster output and more complete information.
# === ss — Socket 统计 ===
ss -tulnp # 最常用:TCP+UDP 监听端口,不解析域名,显示进程
# -t TCP -u UDP -l listening -n numeric -p process
ss -s # 显示汇总统计(各状态 socket 数量)
ss -an # 所有连接(包含非监听状态)
ss -tnp state established # 只显示已建立的 TCP 连接
ss -tnp dst 10.0.0.1 # 过滤目标地址
ss -tnp sport = :80 # 过滤本地端口 80
# 输出示例解读:
# Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
# tcp LISTEN 0 128 0.0.0.0:22 0.0.0.0:* users:(("sshd",pid=1234,fd=3))
# ↑协议 ↑状态 ↑接收队列 ↑发送队列 ↑本地地址:端口 ↑对端地址:端口 ↑进程信息
# === lsof -i — 通过文件查进程(网络版)===
lsof -i :8080 # 谁在占用 8080 端口
lsof -i tcp # 所有 TCP 连接
lsof -i -nP # -n 不解析主机名,-P 不解析端口名
lsof -i tcp:80 -n # 谁在监听 TCP 80 端口
# === netstat 兼容命令(已弃用,但部分系统仍有)===
netstat -tulnp # 等同 ss -tulnp
netstat -rn # 等同 ip route show
7.3 curl Complete Guide
curl is the most powerful HTTP client tool on Linux, supporting dozens of protocols including HTTP/HTTPS/FTP/SFTP. It is the go-to tool for API debugging, file downloading, and automation scripts.
# === 基本 HTTP 方法 ===
curl https://api.example.com/users # GET 请求
curl -X POST https://api.example.com/users # POST 请求
curl -X PUT https://api.example.com/users/1 # PUT 请求
curl -X DELETE https://api.example.com/users/1 # DELETE 请求
# === 请求头与请求体 ===
curl -H "Content-Type: application/json" \
-H "Authorization: Bearer YOUR_TOKEN" \
-d '{"name":"Alice","age":30}' \
-X POST https://api.example.com/users
# -d 发送 JSON/表单数据(application/x-www-form-urlencoded)
curl -d "username=alice&password=secret" https://example.com/login
# -F 发送 multipart/form-data(文件上传)
curl -F "file=@/path/to/photo.jpg" -F "title=My Photo" https://api.example.com/upload
# === 输出控制 ===
curl -o output.html https://example.com # 保存到文件
curl -O https://example.com/file.tar.gz # 用服务器文件名保存
curl -L https://short.url/abc # -L 跟随 301/302 重定向
curl -v https://example.com # -v 显示完整请求/响应头
curl -I https://example.com # 只获取响应头(HEAD 请求)
curl -s https://example.com # -s 静默模式(不显示进度)
curl -w "\nHTTP Status: %{http_code}\nTime: %{time_total}s\n" -o /dev/null \
https://example.com # 自定义输出格式
# === 认证 ===
curl -u admin:password https://example.com/api # Basic Auth
curl -H "Authorization: Bearer token123" https://api.example.com/data
# === TLS/SSL ===
curl --cacert /path/to/ca.crt https://internal.corp/api # 指定 CA 证书
curl --cert client.crt --key client.key https://api/mtls # 双向 TLS
curl --insecure https://self-signed.example.com # 忽略证书错误(仅测试!)
# === 结合 jq 处理 JSON ===
curl -s https://api.github.com/repos/torvalds/linux \
| jq '.stargazers_count' # 提取字段
curl -s https://api.example.com/users \
| jq '.[] | {id, name}' # 遍历数组
# === 断点续传 ===
curl -C - -O https://example.com/large-file.iso # -C - 从断点继续下载
# === 限速 ===
curl --limit-rate 1M -O https://example.com/file.iso # 限制下载速度 1MB/s
# === 并发(使用 xargs)===
cat urls.txt | xargs -P 4 -I{} curl -s -O {} # 4 并发下载
7.4 wget: Recursive Downloads and Website Mirroring
# 基本下载
wget https://example.com/file.tar.gz
# 断点续传(-c continue)
wget -c https://example.com/large-file.iso
# 后台下载(-b background,日志写入 wget-log)
wget -b https://example.com/file.iso
# 递归下载整个目录
wget -r -np -nH --cut-dirs=2 https://example.com/files/
# 镜像网站(保留目录结构、转换链接为本地路径)
wget --mirror --convert-links --page-requisites \
--no-parent https://example.com/
# 限速与重试
wget --limit-rate=500k --tries=3 --wait=2 https://example.com/file.iso
# 安静模式(不显示进度条)
wget -q -O /dev/null https://example.com/
# 显示进度条(非交互模式下)
wget --progress=bar:force https://example.com/file.iso
# 指定 User-Agent
wget --user-agent="Mozilla/5.0" https://example.com/
curl vs wget: which to use? Use curl for API debugging, processing HTTP responses in scripts, and fine-grained control over headers/methods. Use wget for simple file downloads, recursive website mirroring, and background batch downloading. Both support resuming: curl via
-C -, wget via-c.
7.5 tcpdump: Packet Capture and Analysis
tcpdump is the command-line packet capture tool on Linux. It captures network packets in real time and displays their contents — an essential tool for network troubleshooting and protocol analysis.
# 基本用法
sudo tcpdump -i eth0 # 抓 eth0 上的所有包
sudo tcpdump -i any # 抓所有接口
sudo tcpdump -i eth0 -n # -n 不解析 IP/端口为域名(速度更快)
sudo tcpdump -i eth0 -v # -v 更详细输出(-vv/-vvv 更多)
sudo tcpdump -i eth0 -c 100 # 只捕获 100 个包后退出
# 保存到文件(.pcap 格式,可用 Wireshark 打开)
sudo tcpdump -i eth0 -w capture.pcap
sudo tcpdump -i eth0 -w capture.pcap -G 3600 -W 24 # 每小时轮转,保留24个文件
# 读取 pcap 文件
sudo tcpdump -r capture.pcap
sudo tcpdump -r capture.pcap -n host 10.0.0.1
# 过滤表达式(BPF 语法)
sudo tcpdump -i eth0 host 192.168.1.100 # 过滤主机
sudo tcpdump -i eth0 src host 192.168.1.100 # 只看源地址
sudo tcpdump -i eth0 dst host 192.168.1.100 # 只看目标地址
sudo tcpdump -i eth0 port 80 # 过滤端口
sudo tcpdump -i eth0 tcp # 只看 TCP
sudo tcpdump -i eth0 udp # 只看 UDP
sudo tcpdump -i eth0 tcp and port 443 # 组合过滤(and/or/not)
sudo tcpdump -i eth0 'tcp and (port 80 or port 443)'
sudo tcpdump -i eth0 'tcp[tcpflags] & tcp-syn != 0' # 只看 SYN 包(连接建立)
# 实用组合:HTTP 请求头
sudo tcpdump -i eth0 -n -A 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)>2)) != 0)'
tcpdump Filter Expression Quick Reference
| Filter Expression | Meaning | Example |
|---|---|---|
| host X | Match source or destination | host 10.0.0.1 |
| src host X | Source address only | src host 10.0.0.1 |
| dst host X | Destination address only | dst host 8.8.8.8 |
| net X/mask | Match network | net 192.168.0.0/16 |
| port N | Match port (src or dst) | port 443 |
| portrange N-M | Match port range | portrange 8000-9000 |
| tcp / udp / icmp | Filter by protocol | icmp |
| and / or / not | Logical operators | tcp and not port 22 |
| greater N | Packets larger than N bytes | greater 1000 |
| less N | Packets smaller than N bytes | less 64 |
7.6 Advanced SSH: Key Management and ProxyJump
Key Generation and Deployment
# === 生成 SSH 密钥对 ===
# Ed25519(推荐,更安全、更快)
ssh-keygen -t ed25519 -C "[email protected]"
# RSA 4096(兼容旧系统)
ssh-keygen -t rsa -b 4096 -C "[email protected]"
# 指定文件名(同时管理多对密钥时有用)
ssh-keygen -t ed25519 -f ~/.ssh/id_work -C "[email protected]"
# === 部署公钥到服务器 ===
ssh-copy-id [email protected]
ssh-copy-id -i ~/.ssh/id_work.pub [email protected] # 指定密钥
# 手动部署(当 ssh-copy-id 不可用时)
cat ~/.ssh/id_ed25519.pub | ssh user@server "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"
# === ssh-agent:避免重复输入密码短语 ===
eval "$(ssh-agent -s)" # 启动 ssh-agent
ssh-add ~/.ssh/id_ed25519 # 添加私钥到 agent
ssh-add ~/.ssh/id_work # 添加工作密钥
ssh-add -l # 列出 agent 中的密钥
ssh-add -D # 清空 agent 中的所有密钥
# === 端口转发 ===
# 本地端口转发:将本地 8080 转发到远程服务器的 localhost:3306(访问远端 MySQL)
ssh -L 8080:localhost:3306 [email protected]
# 远程端口转发:将服务器 9090 转发回本地 localhost:8080(内网穿透)
ssh -R 9090:localhost:8080 [email protected]
# 动态端口转发(SOCKS5 代理)
ssh -D 1080 [email protected]
# === sshfs — 挂载远程目录 ===
sudo apt install sshfs
mkdir ~/remote-work
sshfs [email protected]:/var/www ~/remote-work
fusermount -u ~/remote-work # 卸载
~/.ssh/config Configuration File
~/.ssh/config is the SSH client config file. You can set aliases, keys, usernames, and jump hosts per destination — dramatically reducing what you need to type.
# ~/.ssh/config 完整示例
# 全局默认设置
Host *
ServerAliveInterval 60 # 每 60 秒发送心跳(防止超时断连)
ServerAliveCountMax 3 # 3 次无响应后断开
AddKeysToAgent yes # 自动将密钥添加到 ssh-agent
IdentityFile ~/.ssh/id_ed25519 # 默认密钥
# 工作服务器(直接访问)
Host work-web
HostName 203.0.113.10
User deploy
Port 2222
IdentityFile ~/.ssh/id_work
# 使用:ssh work-web
# 内网服务器(通过跳板机 ProxyJump)
Host internal-db
HostName 10.10.0.50
User dbadmin
ProxyJump work-web # 先连 work-web,再跳转到 internal-db
# 旧写法:ProxyCommand ssh -W %h:%p work-web
# 使用:ssh internal-db
# GitHub(多账号管理)
Host github-personal
HostName github.com
User git
IdentityFile ~/.ssh/id_personal
# 使用:git clone git@github-personal:username/repo.git
Host github-work
HostName github.com
User git
IdentityFile ~/.ssh/id_work
# 使用:git clone git@github-work:org/repo.git
# 文件权限要求:
# chmod 600 ~/.ssh/config
# chmod 700 ~/.ssh/
The Power of ProxyJump:
ProxyJumpsupports multi-hop chaining (e.g.ProxyJump jump1,jump2), with each hop having its own key and username. Compared to the oldProxyCommand,ProxyJump(SSH 7.3+) is more secure because it never exposes your private key to the jump host.
7.7 nc/netcat and socat Network Debugging
# === nc(netcat)— "网络界的瑞士军刀" ===
# 端口扫描(-z 扫描模式,-v 详细,-w 超时)
nc -zv 192.168.1.1 22 # 检测单个端口是否开放
nc -zv 192.168.1.1 20-80 # 扫描端口范围
# 简单 TCP 服务器(监听 9999 端口)
nc -l 9999 # 监听并等待连接
nc -lk 9999 # -k 持续监听(每次连接后不退出)
# 连接到服务器
nc 192.168.1.1 9999
# 传输文件(发送方)
nc -l 9999 > received_file.txt # 接收端
nc 192.168.1.1 9999 /tmp/pipe
# === socat — nc 的进化版 ===
# 安装
sudo apt install socat
# 端口转发(将本地 8080 转发到 example.com:80)
socat TCP-LISTEN:8080,fork TCP:example.com:80
# TLS 测试
socat STDIO OPENSSL:example.com:443
# Unix socket 转 TCP
socat TCP-LISTEN:9999,fork UNIX-CONNECT:/var/run/docker.sock
# 文件传输(更快,无需多步骤)
socat -u FILE:file.tar.gz TCP-LISTEN:9999 # 发送端
socat -u TCP:192.168.1.1:9999 FILE:out.tar.gz # 接收端
7.8 DNS Tools: dig / nslookup / host
# === dig — DNS 查询主力工具 ===
dig example.com # 查询 A 记录(默认)
dig example.com A # 明确查询 A 记录(IPv4)
dig example.com AAAA # 查询 AAAA 记录(IPv6)
dig example.com MX # 查询邮件交换记录
dig example.com NS # 查询权威域名服务器
dig example.com CNAME # 查询别名记录
dig example.com TXT # 查询 TXT 记录(SPF/DKIM 等)
dig example.com SOA # 查询授权信息
# 指定 DNS 服务器(绕过系统 /etc/resolv.conf)
dig @8.8.8.8 example.com # 使用 Google DNS
dig @1.1.1.1 example.com # 使用 Cloudflare DNS
dig @192.168.1.1 example.com # 使用内网 DNS
# 简洁输出(+short 只显示结果)
dig +short example.com
dig +short example.com MX
# 追踪完整解析链(+trace 从根 DNS 开始)
dig +trace example.com
# 反向 DNS 查询(IP → 域名)
dig -x 8.8.8.8
# === nslookup — 交互式 DNS 工具 ===
nslookup example.com
nslookup example.com 8.8.8.8 # 指定 DNS 服务器
nslookup -type=MX example.com # 查询特定记录类型
# === host — 简洁查询 ===
host example.com
host -t MX example.com
host 8.8.8.8 # 反向查询
# === 本地 DNS 配置文件 ===
# /etc/hosts — 本地静态解析(优先级高于 DNS)
cat /etc/hosts
# 127.0.0.1 localhost
# 192.168.1.10 internal-server db.local
# /etc/resolv.conf — DNS 服务器配置
cat /etc/resolv.conf
# nameserver 8.8.8.8
# nameserver 8.8.4.4
# search example.com # 默认搜索域
# 刷新 DNS 缓存
sudo systemd-resolve --flush-caches # systemd-resolved
sudo resolvectl flush-caches # 新版语法
sudo service nscd restart # nscd 缓存
7.9 Network Diagnostics: ping / traceroute / mtr
# === ping ===
ping example.com # 持续 ping
ping -c 4 example.com # 只 ping 4 次
ping -i 0.5 example.com # 每 0.5 秒发一次
ping6 2001:4860:4860::8888 # IPv6 ping
# === traceroute — 路由跟踪 ===
traceroute example.com
traceroute -n example.com # -n 不解析主机名(更快)
traceroute -T -p 80 example.com # 使用 TCP(穿越部分防火墙)
# === mtr — ping + traceroute 的实时结合(推荐)===
sudo apt install mtr
mtr example.com # 实时动态视图
mtr -n --report example.com # 非交互,报告模式(可用于记录)
mtr --report-cycles 20 example.com # 发 20 次后输出报告
Connection Failure Troubleshooting Checklist
- Physical/Link Layer:
ip link show— Is the interface UP?ethtool eth0— Is there a link signal? - IP Address:
ip addr show— Is there a valid IP address? Is the subnet mask correct? - Gateway/Routing:
ip route show— Is there a default gateway? Can youpingthe gateway IP? - DNS:
dig +short example.com @8.8.8.8— bypass local DNS for testing. Check/etc/resolv.conf. - Target Port:
nc -zv target 80— Is the target port open?ss -tulnp— Is anything listening locally? - Firewall:
sudo iptables -L -norsudo ufw status— Are any rules blocking the connection? - Packet Capture:
sudo tcpdump -i eth0 host target -n— Are packets arriving at / leaving the machine?
7.10 iptables / ufw Firewall Basics
# === ufw(Ubuntu 防火墙,iptables 的友好前端)===
sudo ufw status verbose # 查看状态和规则
sudo ufw enable # 启用防火墙
sudo ufw disable # 禁用防火墙
sudo ufw allow 22 # 允许 SSH(端口 22)
sudo ufw allow 80/tcp # 允许 HTTP
sudo ufw allow 443 # 允许 HTTPS
sudo ufw deny 23 # 拒绝 Telnet
sudo ufw allow from 192.168.1.0/24 # 允许来自特定子网
sudo ufw delete allow 80/tcp # 删除规则
sudo ufw reset # 重置所有规则
# === iptables — 底层规则(需要 root)===
sudo iptables -L -n -v # 列出所有规则(-n 不解析,-v 显示计数)
sudo iptables -L INPUT -n --line-numbers # 显示行号
# 基本规则示例
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT # 允许 SSH
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT # 允许 HTTP
sudo iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # 允许已建立连接
sudo iptables -A INPUT -j DROP # 默认拒绝所有
# 保存规则(Ubuntu)
sudo iptables-save > /etc/iptables/rules.v4
sudo ip6tables-save > /etc/iptables/rules.v6
# 查看 nftables(现代防火墙,替代 iptables)
sudo nft list ruleset
Remote Firewall Warning: When modifying iptables rules over SSH, always add
ACCEPTrules beforeDROPrules, and ensure the SSH port (22) is always in the ACCEPT list. One wrong rule can lock you out permanently. Before any changes, set a scheduled rollback:echo "iptables -F" | at now + 5 min.
Chapter Summary: This chapter covered the full landscape of Linux networking tools: the
ipsuite for interface and routing management,ssfor socket inspection,curlfor HTTP/API debugging,tcpdumpfor packet analysis, advanced SSH configuration for efficient remote work,nc/socatfor quick network testing,digfor DNS troubleshooting, and a systematic connection failure checklist. The next chapter dives into Linux storage and disk management.
Previous
← Ch6: Permissions
Next
Ch8: Storage →