Skip to content

Iproute2

(OSI 네트워크 계층의 프로토콜은 Internet Protocol 항목 참조.)

iproute2 is a collection of userspace utilities for controlling and monitoring various aspects of networking in the Linux kernel, including routing, network interfaces, tunnels, traffic control, and network-related device drivers.

iproute2 is an open-source project released under the terms of version 2 of the GNU General Public License. Its development is closely tied to the development of networking components of the Linux kernel. As of December 2013, iproute2 is maintained by Stephen Hemminger. The original author, Alexey Kuznetsov, was responsible for the quality of service (QoS) implementation in the Linux kernel.

iproute2 collection contains the following command-line utilities: ip, ss, bridge, rtacct, rtmon, tc, ctstat, lnstat, nstat, routef, routel, rtstat, tipc, arpd and devlink. tc is used for traffic control. iproute2 utilities communicate with the Linux kernel using the netlink protocol. Some of the iproute2 utilities are often recommended over now-obsolete net-tools utilities that provide the same functionality. Below is a table of obsolete utilities and their iproute2 replacements.

ip (linux command)

ip는 리눅스 운영체계에서 네트워크 매니저 데몬 (network manager daemon)수준에서 ip 관련 정보 조회및 설정에 관련한 명령어이다.

ip 명령어는 링크(link),라우트(route),ip address등 컴퓨터상의 네트워크에 관한 광범위한 정보조회가 가능한 기본 명령어이다.

utilities obsoleted by iproute2

Legacy utility

Replacement command

Note

ifconfig

ip addr, ip link, ip -s

Address and link configuration

route

ip route

Routing tables

arp

ip neigh

Neighbors

iptunnel

ip tunnel

Tunnels

nameif

ifrename, ip link set name

Rename network interfaces

ipmaddr

ip maddr

Multicast

netstat

ip -s, ss, ip route

Show various networking statistics

brctl

bridge

Handle bridge addresses and devices

네트워크 인테페이스가 물리적으로 연결되었는지 확인하는 방법

ip link 명령을 치면 인터페이스 상태 정보 옆에 state DOWNstate UP으로 전환되면 된다.

$ ip link
...
2: wlp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DORMANT group default qlen 1000
...

Installing The Linux Dummy-Network Interface

If your NST system does not have an active NIC adapter installed or is off-line from the network, you can install a Dummy Network Interface Module to simulate a network computing environment. This can be quite useful for testing out various networking tools (e.g., Wireshark and Snort) with the Network Security Toolkit when off-line. Use the following procedure to install the Linux Dummy-Network Interface:

1. Add an IP address and host name to your "/etc/hosts" table. For example, an Internet address of 10.0.0.1 would result in:

$ echo 10.0.0.1 ${HOSTNAME} >> /etc/hosts;

2. Preload the dummy network driver on the machine. If this command is successful, you do not receive any messages from the server.

$ modprobe dummy;

3. Create the interface(s) (Example: Network Interface: dummy1):

$ ip link add dummy1 type dummy;

4. Bind an IPv4 Address to Network Interface dummy1:

$ ip addr add 10.0.0.1/24 dev dummy1;

## OR:
$ ip addr add ${HOSTNAME}/24 dev dummy1;

5. Bring the dummy1 Network Interface up:

$ ip link set dummy1 up;

6. If you need to add more than one (1) dummy interface use the following:

$ ip link add dummy2 type dummy;
$ ip link add dummy3 type dummy;
$ ip addr add 10.0.0.2/24 dev dummy2;
$ ip addr add 10.0.0.3/24 dev dummy3;
$ ip link set dummy2 up; 
$ ip link set dummy3 up;

7. Check the network bindings with the linux ip command:

 [root@nst28-dev ~]# ip a
 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
     inet 127.0.0.1/8 scope host lo
        valid_lft forever preferred_lft forever
     inet6 ::1/128 scope host 
        valid_lft forever preferred_lft forever
 2: dummy1: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
     link/ether 36:f5:1b:3a:12:41 brd ff:ff:ff:ff:ff:ff
     inet 10.0.0.1/24 scope global dummy1
        valid_lft forever preferred_lft forever
     inet6 fe80::34f5:1bff:fe3a:1241/64 scope link 
        valid_lft forever preferred_lft forever
 3: dummy2: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
     link/ether 6a:5c:3f:56:dc:2d brd ff:ff:ff:ff:ff:ff
     inet 10.0.0.2/24 scope global dummy2
        valid_lft forever preferred_lft forever
     inet6 fe80::685c:3fff:fe56:dc2d/64 scope link 
        valid_lft forever preferred_lft forever
 4: dummy3: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
     link/ether 86:d5:9f:08:f1:32 brd ff:ff:ff:ff:ff:ff
     inet 10.0.0.3/24 scope global dummy3
        valid_lft forever preferred_lft forever
     inet6 fe80::84d5:9fff:fe08:f132/64 scope link 
        valid_lft forever preferred_lft forever

Removing The Linux Dummy-Network Interface

1. Unbind the dummy established Network Interface(s):

$ ifconfig dummy1 down;
$ ifconfig dummy2 down;
$ ifconfig dummy3 down;

2. Remove interface:

$ ip link delete dummy1
$ ip link delete dummy2
$ ip link delete dummy3

3. Remove the dummy kernel module.

$ rmmod dummy;

Edit Routing Table

Add Route

$ sudo ip route add 10.0.3.0/24 via 10.0.3.1

특정 인터페이스의 IP 주소 확인 방법

"nebula1" 인터페이스의 IPv4 주소 확인하는 스크립트:

ip -4 addr show nebula1 | grep -oP '(?<=inet\s)\d+(\.\d+){3}'

서로 다른 대역의 IP끼리 통신하도록 설정하는 방법

Internet Protocol#서로 다른 대역의 IP끼리 통신하도록 설정하는 방법 항목 참조.

Examples

다음과 같은 예제 추가:

  • List all network interfaces details
  • Assign an IP address
  • Delete the IP address
  • Flush the IP address
  • Mark interface as UP or DOWN
  • Set the txqueuelen
  • Set the MTU
  • Show ARP cache
  • Add a new ARP entry
  • Delete a ARP entry
  • Flush ARP cache
  • Show routing table
  • Add a new route
  • Delete a route
  • Change MAC address
  • Configure color output
  • Displaying all IP address
  • Old vs. new tool

See also

Favorite site