内容简介:本文风哥教程参考Linux官方文档、Red Hat Enterprise Linux官方文档、Ansible Automation Platform官方文档、Docker官方文档、Kubernetes官方文档和Podman官方文档等内容,详细介绍了相关技术的配置和使用方法。
本文档详细介绍Li
风哥提示:
nux网络故障诊断工具的使用方法和实战技巧。
Part01-连通性测试工具
1.1 ping命令详解
$ ping -c 4 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=117 time=15.5 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=117 time=15.2 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=117 time=15.8 ms
64 bytes from 8.8.8.8: icmp_seq=4 ttl=117 time=15.3 ms
— 8.8.8.8 ping statistics —
4 packets transmitted, 4 received, 0% packet loss, time 3005ms
rtt min/avg/max/mdev = 15.208/15.458/15.808/0.248 ms
# 指定数据包大小
$ ping -c 4 -s 1000 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 1008(1036) bytes of data.
1016 bytes from 8.8.8.8: icmp_seq=1 ttl=117 time=16.2 ms
1016 bytes from 8.8.8.8: icmp_seq=2 ttl=117 time=16.0 ms
# 持续ping测试
$ ping -i 0.2 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=117 time=15.5 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=117 time=15.2 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=117 time=15.8 ms
# ping网段扫描
$ for i in {1..254}; do ping -c 1 -W 1 192.168.1.$i & done
# 使用ping检测MTU
$ ping -M do -s 1472 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 1472(1500) bytes of data.
1480 bytes from 8.8.8.8: icmp_seq=1 ttl=117 time=15.5 ms
# traceroute追踪路由
$ traceroute 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
1 gateway (192.168.1.1) 0.521 ms 0.489 ms 0.512 ms
2 172.16.0.1 (172.16.0.1) 5.678 ms 5.789 ms 5.890 ms
3 10.0.0.1 (10.更多学习教程公众号风哥教程itpux_com0.0.1) 10.123 ms 10.234 ms 10.345 ms
4 * * *
5 dns.google (8.8.8.8) 15.456 ms 15.567 ms 15.678 ms
# 使用TCP traceroute
$ sudo tcptraceroute 8.8.8.8 80
Selected device eth0, address 192.学习交流加群风哥QQ113257174168.1.100, port 54321 for outgoing packets
Tracing the path to 8.8.8.8 on TCP port 80, 30 hops max
1 192.168.1.1 0.521 ms 0.489 ms 0.512 ms
2 172.16.0.学习交流加群风哥微信: itpux-com1 5.678 ms 5.789 ms 5.890 ms
3 8.8.8.8 15.456 ms 15.567 ms 15.678 ms
Part02-端口扫描工具
2.1 使用nmap扫描
$ sudo dnf install -y nmap
# 扫描主机存活
$ nmap -sn 192.168.1.0/24
Starting Nmap 7.92 ( https://nmap.org ) at 2026-04-03 21:00:00 CST
Nmap scan report for 192.168.1.1
Host is up (0.00052s latency).
MAC Address: 00:11:22:33:44:55 (Router)
Nmap scan report for 192.168.1.10
Host is up (0.00049s latency).
MAC Address: 08:00:27:AB:CD:EF (Oracle VirtualBox virtual NIC)
Nmap done: 256 IP addresses (2 hosts up) scanned in 2.05 seconds
# 扫描常用端口
$ nmap -F 192.168.1.100
Starting Nmap 7.92 ( https://nmap.org ) at 2026-04-03 21:00:30 CST
Nmap scan report for 192.168.1.100
Host is up (0.000012s latency).
Not shown: 97 closed tcp ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
443/tcp open https
Nmap done: 1 IP address (1 host up) scanned in 0.10 seconds
# 扫描所有端口
$ nmap -p- 192.168.1.100
# 扫描特定端口
$ nmap -p 22,80,443 192.168.1.100
# 服务版本扫描
$ nmap -sV 192.168.1.100
Starting Nmap 7.92 ( https://nmap.org ) at 2026-04-03 21:01:00 CST
Nmap scan report for 192.168.1.100
Host is up (0.000012s latency).
Not shown: 997 closed tcp ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 8.7p1
80/tcp open http Apache httpd 2.4.53
443/tcp open ssl/http Apache httpd 2.4.53
# 操作系统检测
$ sudo nmap -O 192.168.1.100
Starting Nmap 7.92 ( https://nmap.org ) at 2026-04-03 21:01:30 CST
Nmap scan report for 192.168.1.100
Host is up (0.000012s latency).
OS details: Linux 4.15 – 5.6
Network Distance: 1 hop
# 使用nc测试端口
$ nc -zv 192.168.1.100 22
Ncat: Version 7.92 ( https://nmap.org/ncat )
Ncat: Connected to 192.168.1.100:22.
Ncat: 0 bytes sent, 0 bytes received in 0.01 seconds.
# 扫描端口范围
$ nc -zv 192.168.1.100 20-30
Ncat: Version 7.92 ( https://nmap.org/ncat )
Ncat: Connected to 192.168.1.100:22.
Ncat: 0 bytes sent, 0 bytes received in 0.01 seconds.
Part03-网络抓包工具
3.1 使用tcpdump抓包
$ sudo tcpdump -i eth0
tcpdump: verbose output suppressed, use -v[v]… for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
21:05:00.123456 IP 192.168.1.100.ssh > 192.168.1.10.54321: Flags [P.], seq 1:100, ack 1,更多视频教程www.fgedu.net.cn win 501, length 99
21:05:00.134567 IP 192.168.1.10.54321 > 192.168.1.100.ssh: Flags [.], ack 100, win 501, length 0
# 抓取特定端口
$ sudo tcpdump -i eth0 port 80
tcpdump: verbose output suppressed, use -v[v]… for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
21:05:30.123456 IP 192.168.1.10.54322 > 192.168.1.100.http: Flags [S], seq 12345678, win 65535, length 0
21:05:30.123789 IP 192.168.1.100.http > 192.168.1.10.54322: Flags [S.], seq 87654321, ack 12345679, win 65535, length 0
# 抓取特定主机
$ sudo tcpdump -i eth0 host 192.168.1.10
# 抓取特定协议
$ sudo tcpdump -i eth0 icmp
tcpdump: verbose output suppressed, use -v[v]… for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
21:06:00.123456 IP 192.168.1.100 > 8.8.8.8: ICMP echo request, id 12345, seq 1, length 64
21:06:00.134567 IP 8.8.8.8 > 192.168.1.100: ICMP echo reply, id 12345, seq 1, length 64
# 保存到文件
$ sudo tcpdump -i eth0 -w capture.pcap
# 读取抓包文件
$ sudo tcpdump -r capture.pcap
# 显示ASCII内容
$ sudo tcpdump -i eth0 -A port 80
# 显示十六进制内容
$ sudo tcpdump -i eth0 -XX port 80
# 抓取TCP SYN包
$ sudo tcpdump -i eth0 ‘tcp[tcpflags] & tcp-syn != 0’
Part04-网络流量分析
4.1 使用iftop监控流量
$ sudo dnf install -y iftop
# 监控网络流量
$ sudo iftop -i eth0
interface: eth0
IP address is: 192.168.1.100
MAC address is: 08:00:27:12:34:56
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
# 显示端口信息
$ sudo iftop -i eth0 -P
# 使用nethogs监控进程流量
$ sudo dnf install -y nethogs
$ sudo nethogs eth0
PID USER PROGRAM DEV SENT RECEIVED
12345 user /usr/bin/curl eth0 10.5KB 50.2KB
12346 user /usr/bin/wget eth0 5.2KB 25.1KB
# 使用ss查看网络连接
$ ss -tunap
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
tcp ESTAB 0 0 192.168.1.100:22 192.168.1.10:54321 users:((“sshd”,pid=12345,fd=3))
tcp ESTAB 0 0 192.168.1.100:443 192.168.1.10:54322 users:((“httpd”,pid=12346,fd=4))
# 查看网络统计
$ cat /proc/net/dev
Inter-| Receive | Transmit
face |bytes packets errs drop fifo frame compressed multicast|bytes packets errs drop fifo colls carrier compressed
lo: 1000000 10000 0 0 0 0 0 0 1000000 10000 0 0 0 0 0 0
eth0: 50000000 50000 0 0 0 0 0 100 25000000 25000 0 0 0 0 0 0
# 使用sar监控网络
$ sar -n DEV 1 5
Linux 5.14.0-284.11.1.el9_2.x86_64 (rhel10) 04/03/2026 _x86_64_ (2 CPU)
09:00:00 PM IFACE rxpck/s txpck/s rxkB/s txkB/s rxcmp/s txcmp/s rxmcst/s
09:00:01 PM eth0 50.00 50.00 25.00 25.00 0.00 0.00 0.00
09:00:01 PM lo 10.00 10.00 5.00 5.00 0.00 0.00 0.00
Part05-综合诊断脚本
5.1 网络诊断脚本
$ cat > /usr/local/bin/network-diag.sh << 'EOF' #!/bin/bash echo "=== Network Diagnostic Script ===" echo "Date: $(date)" echo "" echo "=== Network Interfaces ===" ip addr show echo "" echo "=== Routing Table ===" ip route show echo "" echo "=== DNS Configuration ===" cat /etc/resolv.conf echo "" echo "=== Firewall Status ===" sudo firewall-cmd --state sudo firewall-cmd --list-all echo "" echo "=== Network Connectivity Test ===" ping -c 3 8.8.8.8 echo "" echo "=== DNS Resolution Test ===" nslookup www.google.com echo "" echo "=== Active Connections ===" ss -tunap echo "" echo "=== Network Statistics ===" cat /proc/net/dev echo "" echo "=== ARP Table ===" ip neigh show echo "" echo "=== Diagnostic Complete ===" EOF chmod +x /usr/local/bin/network-diag.sh # 执行诊断脚本 $ sudo /usr/local/bin/network-diag.sh === Network Diagnostic Script === Date: Thu Apr 3 21:10:00 CST 2026 === Network Interfaces === 1: lo:
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope hfrom PG视频:www.itpux.comost lo
valid_lft forever preferred_lft forever
2: eth0:
link/ether 08:00:27:12:34:56 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.100/24 brd 192.168.1.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
=== Routing Table ===
default via 192.168.1.1 dev eth0 proto static metric 100
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.100 metric 100
…
1. 根据故障类型选择合适的工具
2. 组合使用多种工具交叉验证
3. 保存诊断结果便于分析
4. 定期检查网络基线数据
5. 建立故障诊断流程
本文由风哥教程整理发布,仅用于学习测试使用,转载注明出处:http://www.fgedu.net.cn/10327.html
