网络检测工具

安装

sudo apt install net-tools

手册

man 7 socket - socket options
man 7 tcp - tcp options

文件系统

/proc/sys/net/ipv4/ip_local_port_range

概念

网关（Gateway）

网关（Gateway）是一个网络节点，它充当其他网络之间的访问点或网关。网关通常用于连接不同的网络，并且可以在不同的协议之间进行转换。网关设备可以是路由器、服务器或其他网络设备。当本地网络中的设备需要与外部网络通信时，它们会将数据包发送到网关，网关再将数据包转发到目标网络。

举例：假设你的本地网络使用的IP地址范围是192.168.1.0/24，而你的网关IP地址是192.168.1.1。当你的计算机需要访问外部网络（例如互联网）时，它会将数据包发送到网关（192.168.1.1），然后由网关将数据包转发到目标网络。

在Linux系统中，你可以使用ip route命令查看默认网关。例如：

在这个例子中，default via 192.168.1.1 dev eth0表示默认网关是192.168.1.1，你的计算机通过网络接口eth0与网关连接。

子网（CIDR表示法）

CIDR（Classless Inter-Domain Routing，无类别域间路由）是一种用于分配IP地址和路由的标准，使用斜杠（/）后跟一个数字来表示子网掩码的位数。

在CIDR表示法中，192.168.1.0/24表示一个子网，其中/24表示子网掩码为255.255.255.0。这意味着子网中有256个IP地址（从0到255），但其中两个地址是保留的：

网络地址：192.168.1.0，用于标识子网本身。
广播地址：192.168.1.255，用于向子网中的所有设备发送广播消息。

因此，有效的主机IP地址范围是从192.168.1.1到192.168.1.254，共254个可用的IP地址。

Link-local Adress

The link-local address range refers to IP addresses that are used for communication within a single network segment or link. These addresses are not routable, meaning they are not intended to be used for communication beyond the local network segment.

For IPv4, the link-local address range is 169.254.0.0/16. This range is automatically assigned to network interfaces when no other IP address is available (e.g., when DHCP fails). Devices on the same local network can communicate with each other using these addresses without requiring a router.

For IPv6, the link-local address range is fe80::/10. These addresses are automatically configured on all IPv6-enabled interfaces and are used for local network communication.

The IP address range 169.254.0.0/16 is regarded as link-local because it is reserved for link-local addresses by the Internet Assigned Numbers Authority (IANA). These addresses are used for communication within a single network segment or link and are not routable beyond that segment.

Characteristics of Link-Local Addresses:

Automatic Assignment: Devices automatically assign themselves an IP address from the 169.254.0.0/16 range if they cannot obtain an IP address through DHCP.
Non-Routable: These addresses are not meant to be routed across different network segments. They are only valid within the local network.
Zero Configuration: Link-local addresses allow devices to communicate without manual configuration or a DHCP server.

Example:
When a device fails to get an IP address from a DHCP server, it might assign itself an address like 169.254.1.2. Other devices on the same local network segment will also have addresses in the 169.254.0.0/16 range, allowing them to communicate directly.

命令

ip

NAME

ip - show / manipulate routing, devices, policy routing and tunnels.

1
2
3

$ ip route get 8.8.8.8
8.8.8.8 via 192.168.1.1 dev eth0 src 192.168.1.100 uid 1000
    cache

说明：

8.8.8.8: The destination IP address for which the route is being queried.
via 192.168.1.1: The gateway IP address through which the destination can be reached.
dev eth0: The network interface (e.g., eth0) used to reach the destination.
src 192.168.1.100: The source IP address used for sending packets to the destination.
uid 1000: The user ID of the process that issued the command.
cache: Indicates that the route information is cached.

$ ip route show
default via 192.168.1.1 dev eth0 
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.100
169.254.0.0/16 dev idrac proto kernel scope link src 169.254.1.2

说明：该命令用于显示路由表：

default via 192.168.1.1 dev eth0: The default route, packets to any destination not in the routing table will be sent to 192.168.1.1 via the eth0 interface.
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.100: A route for the 192.168.1.0/24 network (destination network), directly reachable via the eth0 interface, with the source IP 192.168.1.100.
192.168.1.0/24: Destination network.
dev eth0: Interface eth0.
proto kernel: Added by the kernel.
scope link: Directly reachable.
src 192.168.1.100: Source IP address.
169.254.0.0/16: Link-local address range.

netstat / ss

NAME

ss - another to investigate sockets.

Reference

查看进程占用的端口

COMMANDS

ss -lnpt

OPTIONS

-n, --numberic

-l, --listening

-t, --tcp
    Note: Only established (non-listening) connections.

-a, --all
    Display both listening and non-linstening (for TCP this means established connections) sockets.

-u, --udp

-p, --process

lsof

Options:

-n inhibits the conversion of network numbers to host names for network files.

-P inhibits the conversion of port numbers to port names for network files.

-i specifies the Internet addresses

    multiple addresses (up to a limit of 100) may be specified with multiple options.

    An Internet address is specified in the form (Items in square brackets are optional.):

    [46][protocol][@hostname|hostaddr][:service|port]

    where:
    46 specifies the IP version, IPv4 or IPv6
        that applies to the following address.
        '6' may be be specified only if the UNIX
        dialect supports IPv6.  If neither '4' nor
        '6' is specified, the following address
        applies to all IP versions.
    protocol is a protocol name - TCP, UDP
    hostname is an Internet host name.  Unless a
        specific IP version is specified, open
        network files associated with host names
        of all versions will be selected.
    hostaddr is a numeric Internet IPv4 address in
        dot form; or an IPv6 numeric address in
        colon form, enclosed in brackets, if the
        UNIX dialect supports IPv6.  When an IP
        version is selected, only its numeric
        addresses may be specified.
    service is an /etc/services name - e.g., smtp -
        or a list of them.
    port is a port number, or a list of them.

-s list file size

-s p:s  exclude(^)|select protocol (p = TCP|UDP) states by name(s).

Examples:

1
2
3

lsof -i:<port>
lsof -i -P -n | grep LISTEN
lsof -nP -iTCP -sTCP:LISTEN

nc/netcat/nmap

socket

Create a TCP or a UNIX domain socket and connect to stdin/out.

Installation:

sudo apt-get install socket