ping
The ping utility is used to check connectivity to a host (to check if a host’s operating and network connections are intact). A small packet is sent through the network to a particular IP address. This packet contains 64 bytes containing 56 data bytes and 8 bytes of protocol header information. The host that sent the packet waits (or ‘listens’) for a return packet. A valid return packet will be received if the connections are good and the target host is up. The ping can also measure the round trip time of a packet. We use the following forms of the command:
ping host
where the host is the name or IP address of a host. It only answers whether the connectivity to the host is OK or not.
ping -s packetsize host
Option -s packetsize specifies the number of data bytes to be sent. The default is 56 Bytes (Linux).
ping -i interval host
Option -i interval specifies the interval between sending ping requests. The default is one second.
nslookup
nslookup www.telstra.com.au
z5541664@vx14:~/Desktop$ nslookup www.telstra.com.au
Server: 129.94.242.2
Address: 129.94.242.2#53
Non-authoritative answer:
www.telstra.com.au canonical name = d2l3pjybjlbg0l.cloudfront.net.
Name: d2l3pjybjlbg0l.cloudfront.net
Address: 18.67.110.87
Name: d2l3pjybjlbg0l.cloudfront.net
Address: 18.67.110.86
Name: d2l3pjybjlbg0l.cloudfront.net
Address: 18.67.110.83
Name: d2l3pjybjlbg0l.cloudfront.net
Address: 18.67.110.103
Name: d2l3pjybjlbg0l.cloudfront.net
Address: 2600:9000:2215:7600:17:876d:b540:93a1
Name: d2l3pjybjlbg0l.cloudfront.net
Address: 2600:9000:2215:8800:17:876d:b540:93a1
Name: d2l3pjybjlbg0l.cloudfront.net
Address: 2600:9000:2215:f000:17:876d:b540:93a1
Name: d2l3pjybjlbg0l.cloudfront.net
Address: 2600:9000:2215:6200:17:876d:b540:93a1
Name: d2l3pjybjlbg0l.cloudfront.net
Address: 2600:9000:2215:1400:17:876d:b540:93a1
Name: d2l3pjybjlbg0l.cloudfront.net
Address: 2600:9000:2215:1e00:17:876d:b540:93a1
Name: d2l3pjybjlbg0l.cloudfront.net
Address: 2600:9000:2215:9a00:17:876d:b540:93a1
Name: d2l3pjybjlbg0l.cloudfront.net
Address: 2600:9000:2215:e000:17:876d:b540:93a1
nslookup 129.94.208.2 是反向查询(Reverse DNS Lookup),即从 IP 地址查询对应的主机名(PTR 记录)。
返回的结果 bartok.orchestra.cse.unsw.EDU.AU. 是 129.94.208.2 这个 IP 地址的主机名,说明这个 IP 有一个 PTR 记录指向 bartok.orchestra.cse.unsw.EDU.AU.。
2.208.94.129.in-addr.arpa 前面ip为啥是反的,后面字符串是啥
这是因为 DNS 反向解析(Reverse DNS Lookup) 使用了一种特殊的域名格式,称为 PTR 记录(Pointer Record),它用于将 IP 地址映射回主机名。
正常的 IP 地址
129.94.208.2
反向解析的格式
2.208.94.129.in-addr.arpa
IP 地址的各个八位组(octet)被倒序排列,然后添加 .in-addr.arpa 这个后缀。
DNS 解析是层级结构的,从右到左解析:
正向查询时,域名层级是 从右到左:
www.google.com
解析时,DNS 服务器先查 .com 顶级域名,再查 google.com,最后查 www.google.com。
反向查询时,IP 地址的层级是 从左到右:
129.94.208.2
129 是 A 类地址的网络号,最左边的部分最重要。
但 DNS 解析是从右到左,所以反向解析时,需要倒序排列 IP 地址的八位组。
PTR 记录(Pointer Record)详解
什么是 PTR 记录?
PTR(Pointer Record)记录是 DNS 反向解析(Reverse DNS Lookup) 中的一种 DNS 记录类型,它用于将 IP 地址映射回域名。
正向解析(A 记录):把 域名解析为 IP
例如:
example.com -> 93.184.216.34
反向解析(PTR 记录):把 IP 解析为域名
例如:
93.184.216.34 -> example.com
traceroute
The traceroute utility traces an IP packet’s route from your host to another Internet host. It shows how a host is physically connected to the Internet. Along the way, it gives an understanding of how networks interconnect. This network utility can also measure the round trip time between your host and the intermediate routers along the path.
The traceroute command is used to discover the routes packets take when travelling to their destination. The device (for example, a router or a PC) sends a sequence of User Datagram Protocol (UDP) datagrams to an invalid port address at the remote host. The default IP probe packet, which encapsulates the UDP datagram, is 40 bytes long.
Three UDP datagrams are sent, each with a Time-To-Live (TTL) field value set to one. The TTL value of 1 causes the datagram to “timeout” as soon as it hits the first router in the path; this router then responds with an ICMP Time Exceeded Message (TEM) indicating that the datagram has expired.
Another three UDP messages are now sent, each with the TTL value set to 2, which causes the second router to return ICMP TEMs. This process continues until the packets reach the destination. Since these datagrams are trying to access an invalid port at the destination host, ICMP Port Unreachable Messages are returned, indicating an unreachable port; this event signals the Traceroute program is finished.
The purpose is to record the source of each ICMP Time Exceeded Message to trace the path the packet took to reach the destination.
命令内容详解
traceroute host
z5541664@vx14:~/Desktop$ traceroute www.telstra.com.au
traceroute to www.telstra.com.au (18.67.110.86), 30 hops max, 60 byte packets
1 cserouter1-server.orchestra.cse.unsw.EDU.AU (129.94.242.251) 0.077 ms 0.084 ms 0.070 ms
2 unsw-gateway.orchestra.cse.unsw.EDU.AU (129.94.39.17) 0.477 ms 0.492 ms 0.490 ms
3 172.17.47.2 (172.17.47.2) 1.806 ms 1.472 ms 1.443 ms
4 172.17.17.9 (172.17.17.9) 0.923 ms 172.17.17.45 (172.17.17.45) 0.702 ms 172.17.17.9 (172.17.17.9) 1.243 ms
5 138.44.18.70 (138.44.18.70) 0.997 ms 1.222 ms 172.17.17.33 (172.17.17.33) 0.828 ms
6 ae2.bdr1.msc4.nsw.aarnet.net.au (113.197.15.77) 1.067 ms 138.44.18.70 (138.44.18.70) 0.973 ms ae2.bdr1.msc4.nsw.aarnet.net.au (113.197.15.77) 1.048 ms
7 * ae2.bdr1.msc4.nsw.aarnet.net.au (113.197.15.77) 1.971 ms *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 15.230.149.4 (15.230.149.4) 1.679 ms 1.493 ms 1.467 ms
14 * 15.230.149.5 (15.230.149.5) 1.658 ms 1.666 ms
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *
30 hops max, 60 byte packets在说探测最大30跳,每个包携带60字节。
Hops 的英文全称是 “Hop Count”,其中 Hop 指的是数据包在网络中经过的一个路由器,而 Hop Count 指的是数据包从源头到目的地所经过的路由跳数。
在 traceroute 结果中,每一行的数字(如 7)表示当前数据包经过的 第几跳(hop)。
每行的* * *表示每个hop会发送3个探测包,发送方只需要设置TTL多少跳,然后等unreachable的响应。因此我们可以探测到,跳这么几下,能访问到的路由接口大概有哪些。
注意,路由接口不是路由器,你可以理解成和路由器上的多网卡相关,但是这不是我们关心的。tracerouter并不返回具体的哪个路由,辨别不了,但是会返回路由接口。
为什么会出现 *?
在 traceroute 结果中,每一行的格式是:
跳数 响应时间1 响应时间2 响应时间3
跳数 * 响应时间 *
* 表示该探测包 没有收到 ICMP 响应,可能的原因包括:
该路由器丢弃 ICMP 超时(TTL exceeded)消息
可能是防火墙策略不允许返回 ICMP Time Exceeded。
负载均衡或不同路径
可能 traceroute 的三个探测包走了不同路径,其中有的路径不返回响应。
ICMP 速率限制
该路由器可能设置了ICMP 响应频率限制,有时会返回,有时不会。
7 ae2.bdr1.msc4.nsw.aarnet.net.au (113.197.15.77) 1.971 ms
(第一个探测包):没有收到该路由器的 ICMP 响应(可能是防火墙或 ICMP 限制)。
1.971 ms(第二个探测包):成功收到 ICMP 响应。
(第三个探测包):同样没有收到 ICMP 响应。
telnet (obsolete)
The telnet utility connects one host to another (remote login) via the Internet. This command allows you to log onto machines worldwide that you have accounts on or that allow public access. The most common way to use the command is:
telnet host [port]
port indicates a port number (address of an application); if it is not specified, the default telnet port is used.
After issuing the telnet command, you will receive a login prompt for the host system. You may now log in to the host system. When you are finished with your remote session, log out as usual. Telnet is inherently insecure and is often disabled on most hosts.
ssh
SSH is a set of standards and an associated network protocol that allows for establishing a secure channel between a local and a remote computer. The SSH client - ssh - that supports terminal protocols is typically used to administer the SSH server computer remotely via the terminal console. Thus, it is used as an alternative to telnet . The most common way to use the command is:
ssh -l username hostname
or
ssh username@hostname
After issuing the ssh command, if the remote computer authenticates you successfully, you will receive a login prompt for the remote machine. You may now log in to the host system. When you are finished with your remote session, log out as usual.
ifconfig
The ifconfig utility is used to assign an address to a network interface and to configure or display the current network interface configuration information. It must be used at system startup to define the network address of each interface present on a machine. After system startup, it can redefine an interface’s address and other operating parameters. If a single interface argument is given, it displays the status of the given interface only; if a single -a argument is given, it shows the status of all interfaces. Otherwise, it configures an interface.
Note: the directory /sbin is not the path of a typical user. So you may have to type /sbin/ifconfig
netstat
The netstat utility allows the printing of various data related to the network configuration of a station. Here, we show only two forms of this command:
Option -i allows printing the state of the network interfaces (e.g. eth0 or lo).
The MTU and Met fields show the interface’s current MTU and metric values. The RX and TX columns show the number of packets received or transmitted error-free (RX-OK/TX-OK) or damaged (RX-ERR/TX-ERR), dropped (RX-DRP/TX-DRP), and lost because of an overrun (RX-OVR/TX-OVR).
The last column shows the flags that have been set for this interface. These characters are one-character versions of the long flag names that are printed when you display the interface configuration with ifconfig :
curl
curl www.example.com
The command will show the response text of HTTP only. It wont show the request and response headers.
curl -v www.example.com
The command will show the response text of HTTP only. It also shows the request and response headers.
curl -v www.example.com
* Trying 23.40.52.182:80...
* Connected to www.example.com (23.40.52.182) port 80 (#0)
> GET / HTTP/1.1
> Host: www.example.com
> User-Agent: curl/7.88.1
> Accept: */*
>
< HTTP/1.1 200 OK
< Content-Type: text/html
< ETag: "84238dfc8092e5d9c0dac8ef93371a07:1736799080.121134"
< Last-Modified: Mon, 13 Jan 2025 20:11:20 GMT
< Cache-Control: max-age=3538
< Date: Sun, 02 Mar 2025 22:37:52 GMT
< Content-Length: 1256
< Connection: keep-alive
<
<!doctype html>
<html>
<head>
Welcome to point out the mistakes and faults!