Article directory
Note that when testing network connectivity, some machines cannot be pinged, but telnet may be able to pass. Don't give up trying just because you can't ping.
One, ping
1.1 ban ping
Banning ping is achieved by ignoring ICPM packets
Method 1: Set kernel parameters
# 以下方法不会持久化(重启电脑时会被重置)
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all # 使ping没反应(忽略ICMP包)
echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_all # 恢复ping正常
# 以下方法会持久化
echo "net.ipv4.icmp_echo_ignore_all=1" >> /etc/sysctl.conf
Method 2: Set up iptables
# 以下方法不会持久化(重启电脑时会被重置)
iptables -I INPUT -i eth0 -p icmp -s 0/0 -d 0/0 -j DROP # 使ping没反应(忽略ICMP包)
iptables -I INPUT -i eth0 -p icmp -s 0/0 -d 0/0 -j ACCEPT # 恢复ping正常
Two, traceroute
Refer to cisco's official website: Ping and traceroute in actual combat
show the path between the data packet and the host, and the default size of the data packet sent by it is 40 bytes.
Through traceroute, we can know what path the information takes from your computer to the host at the other end of the Internet. Of course, each time a data packet travels from a certain same starting point (source) to a certain same destination (destination), the path taken may be different, but basically the route taken most of the time is the same.
traceroute measures how long it takes by sending small packets to the destination device until it returns. Each device traceroute on a path needs to be tested 3 times. The output includes the time (ms) of each test and the name of the device (if any) and its ip address.
traceroute is an ipv4 command, traceroute6 is an ipv6 command, and the parameters are as follows:
-d:使用Socket层级的排错功能;
-f<存活数值>:设置第一个检测数据包的存活数值TTL的大小;
-F:设置勿离断位;
-g<网关>:设置来源路由网关,最多可设置8个;
-i<网络界面>:使用指定的网络界面送出数据包;
-I:使用ICMP回应取代UDP资料信息;
-m<存活数值>:设置检测数据包的最大存活数值TTL的大小;
-n:直接使用IP地址而非主机名称;
-p<通信端口>:设置UDP传输协议的通信端口;
-r:忽略普通的Routing Table,直接将数据包送到远端主机上。
-s<来源地址>:设置本地主机送出数据包的IP地址;
-t<服务类型>:设置检测数据包的TOS数值;
-v:详细显示指令的执行过程;
-w<超时秒数>:设置等待远端主机回报的时间;
-x:开启或关闭数据包的正确性检验。
# 以下命令在192.168.22.103执行
apt install traceroute
# traceroute 192.168.2.99
traceroute to 192.168.2.99 (192.168.2.99), 30 hops max, 60 byte packets
1 _gateway (192.168.22.254) 6.478 ms 7.174 ms 7.156 ms
2 192.168.2.99 (192.168.2.99) 1.821 ms 1.804 ms 1.789 ms
# traceroute 192.168.100.66
traceroute to 192.168.100.66 (192.168.100.66), 30 hops max, 60 byte packets
1 _gateway (192.168.22.254) 2.939 ms 2.862 ms 2.844 ms
2 192.168.100.66 (192.168.100.66) 2.844 ms 2.819 ms 2.793 ms
The records start from 1 according to the serial number, and each record is a hop, and each hop represents a gateway. We see that each line has three times, and the unit is ms, which is actually the default parameter of -q. After the probe data packet sends three data packets to each gateway, the time for the gateway to respond and return; if traceroute -q 4 www.58.com is used, it means that 4 data packets are sent to each gateway.
Sometimes when we traceroute a host, we will see that some lines are represented by asterisks. In such a situation, it may be that the firewall has blocked the ICMP return information, so we cannot get any relevant data packet return data.
Sometimes we have a long delay at a certain gateway, it may be that a certain gateway is relatively blocked, or it may be the reason of the physical device itself. Of course, if a certain DNS fails to resolve the hostname or domain name, there will also be a long delay; you can add the -n parameter to avoid DNS resolution and output data in IP format.
If it is between different network segments in the LAN, we can use traceroute to troubleshoot the problem, whether it is the problem of the host or the problem of the gateway.
# -m 是设置跳数
# traceroute 192.168.100.66 -m 5
traceroute to 192.168.100.66 (192.168.100.66), 5 hops max, 60 byte packets
1 _gateway (192.168.22.254) 2.750 ms 2.672 ms 2.651 ms
2 192.168.100.66 (192.168.100.66) 2.619 ms 2.599 ms *
# traceroute 192.168.100.66 -m 1
traceroute to 192.168.100.66 (192.168.100.66), 1 hops max, 60 byte packets
1 _gateway (192.168.22.254) 3.173 ms 3.096 ms 3.073 ms
other examples
traceroute -m 10 www.baidu.com # 跳数设置
traceroute -n www.baidu.com # 显示IP地址,不查主机名
traceroute -p 6888 www.baidu.com # 探测包使用的基本UDP端口设置6888
traceroute -q 4 www.baidu.com # 把探测包的个数设置为值4
traceroute -r www.baidu.com # 绕过正常的路由表,直接发送到网络相连的主机
traceroute -w 3 www.baidu.com # 把对外发探测包的等待响应时间设置为3秒
Three, nslookup
3.1 Non-interactive mode
# nslookup www.baidu.com
Server: 127.0.0.53
Address: 127.0.0.53#53
Non-authoritative answer:
www.baidu.com canonical name = www.a.shifen.com.
Name: www.a.shifen.com
Address: 110.242.68.4
Name: www.a.shifen.com
Address: 110.242.68.3
# 指定DNS服务器
192.168.100.66# nslookup www.baidu.com 114.114.114.114
Server: 114.114.114.114
Address: 114.114.114.114#53
Non-authoritative answer:
www.baidu.com canonical name = www.a.shifen.com.
Name: www.a.shifen.com
Address: 110.242.68.4
Name: www.a.shifen.com
Address: 110.242.68.3
192.168.100.66# nslookup www.baidu.com 192.168.2.1
Server: 192.168.2.1
Address: 192.168.2.1#53
Non-authoritative answer:
www.baidu.com canonical name = www.a.shifen.com.
Name: www.a.shifen.com
Address: 110.242.68.4
Name: www.a.shifen.com
Address: 110.242.68.3
# 指定记录类型
# nslookup -query=ns www.baidu.com
Server: 127.0.0.53
Address: 127.0.0.53#53
Non-authoritative answer:
www.baidu.com canonical name = www.a.shifen.com.
Authoritative answers can be found from:
a.shifen.com
origin = ns1.a.shifen.com
mail addr = baidu_dns_master.baidu.com
serial = 2308010034
refresh = 5
retry = 5
expire = 2592000
minimum = 3600
3.2 Interactive mode
# nslookup
> www.baidu.com
Server: 127.0.0.53
Address: 127.0.0.53#53
Non-authoritative answer:
www.baidu.com canonical name = www.a.shifen.com.
Name: www.a.shifen.com
Address: 110.242.68.3
Name: www.a.shifen.com
Address: 110.242.68.4
# nslookup
> set type=ns
> www.baidu.com
Server: 127.0.0.53
Address: 127.0.0.53#53
Non-authoritative answer:
www.baidu.com canonical name = www.a.shifen.com.
Authoritative answers can be found from:
a.shifen.com
origin = ns1.a.shifen.com
mail addr = baidu_dns_master.baidu.com
serial = 2308010034
refresh = 5
retry = 5
expire = 2592000
minimum = 3600