Iproute2

(OSI 네트워크 계층의 프로토콜은 Internet Protocol 항목 참조.)

iproute2 is a collection of userspace utilities for controlling and monitoring various aspects of networking in the Linux kernel, including routing, network interfaces, tunnels, traffic control, and network-related device drivers.

iproute2 is an open-source project released under the terms of version 2 of the GNU General Public License. Its development is closely tied to the development of networking components of the Linux kernel. As of December 2013, iproute2 is maintained by Stephen Hemminger. The original author, Alexey Kuznetsov, was responsible for the quality of service (QoS) implementation in the Linux kernel.

iproute2 collection contains the following command-line utilities: ip, ss, bridge, rtacct, rtmon, tc, ctstat, lnstat, nstat, routef, routel, rtstat, tipc, arpd and devlink. tc is used for traffic control. iproute2 utilities communicate with the Linux kernel using the netlink protocol. Some of the iproute2 utilities are often recommended over now-obsolete net-tools utilities that provide the same functionality. Below is a table of obsolete utilities and their iproute2 replacements.

ip (linux command)

ip-address: protocol address management - Linux Man Pages (8)

ip는 리눅스 운영체계에서 네트워크 매니저 데몬 (network manager daemon)수준에서 ip 관련 정보 조회및 설정에 관련한 명령어이다.

ip 명령어는 링크(link),라우트(route),ip address등 컴퓨터상의 네트워크에 관한 광범위한 정보조회가 가능한 기본 명령어이다.

utilities obsoleted by iproute2
Legacy utility	Replacement command	Note
ifconfig	ip addr, ip link, ip -s	Address and link configuration
route	ip route	Routing tables
arp	ip neigh	Neighbors
iptunnel	ip tunnel	Tunnels
nameif	ifrename, ip link set name	Rename network interfaces
ipmaddr	ip maddr	Multicast
netstat	ip -s, ss, ip route	Show various networking statistics
brctl	bridge	Handle bridge addresses and devices

네트워크 인테페이스가 물리적으로 연결되었는지 확인하는 방법

ip link 명령을 치면 인터페이스 상태 정보 옆에 state DOWN이 state UP으로 전환되면 된다.

$ ip link
...
2: wlp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DORMANT group default qlen 1000
...

Installing The Linux Dummy-Network Interface

If your NST system does not have an active NIC adapter installed or is off-line from the network, you can install a Dummy Network Interface Module to simulate a network computing environment. This can be quite useful for testing out various networking tools (e.g., Wireshark and Snort) with the Network Security Toolkit when off-line. Use the following procedure to install the Linux Dummy-Network Interface:

1. Add an IP address and host name to your "/etc/hosts" table. For example, an Internet address of 10.0.0.1 would result in:

$ echo 10.0.0.1 ${HOSTNAME} >> /etc/hosts;

2. Preload the dummy network driver on the machine. If this command is successful, you do not receive any messages from the server.

$ modprobe dummy;

3. Create the interface(s) (Example: Network Interface: dummy1):

$ ip link add dummy1 type dummy;

4. Bind an IPv4 Address to Network Interface dummy1:

$ ip addr add 10.0.0.1/24 dev dummy1;

## OR:
$ ip addr add ${HOSTNAME}/24 dev dummy1;

5. Bring the dummy1 Network Interface up:

$ ip link set dummy1 up;

6. If you need to add more than one (1) dummy interface use the following:

$ ip link add dummy2 type dummy;
$ ip link add dummy3 type dummy;
$ ip addr add 10.0.0.2/24 dev dummy2;
$ ip addr add 10.0.0.3/24 dev dummy3;
$ ip link set dummy2 up; 
$ ip link set dummy3 up;

7. Check the network bindings with the linux ip command:

 [root@nst28-dev ~]# ip a
 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
     inet 127.0.0.1/8 scope host lo
        valid_lft forever preferred_lft forever
     inet6 ::1/128 scope host 
        valid_lft forever preferred_lft forever
 2: dummy1: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
     link/ether 36:f5:1b:3a:12:41 brd ff:ff:ff:ff:ff:ff
     inet 10.0.0.1/24 scope global dummy1
        valid_lft forever preferred_lft forever
     inet6 fe80::34f5:1bff:fe3a:1241/64 scope link 
        valid_lft forever preferred_lft forever
 3: dummy2: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
     link/ether 6a:5c:3f:56:dc:2d brd ff:ff:ff:ff:ff:ff
     inet 10.0.0.2/24 scope global dummy2
        valid_lft forever preferred_lft forever
     inet6 fe80::685c:3fff:fe56:dc2d/64 scope link 
        valid_lft forever preferred_lft forever
 4: dummy3: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
     link/ether 86:d5:9f:08:f1:32 brd ff:ff:ff:ff:ff:ff
     inet 10.0.0.3/24 scope global dummy3
        valid_lft forever preferred_lft forever
     inet6 fe80::84d5:9fff:fe08:f132/64 scope link 
        valid_lft forever preferred_lft forever

Removing The Linux Dummy-Network Interface

1. Unbind the dummy established Network Interface(s):

$ ifconfig dummy1 down;
$ ifconfig dummy2 down;
$ ifconfig dummy3 down;

2. Remove interface:

$ ip link delete dummy1
$ ip link delete dummy2
$ ip link delete dummy3

3. Remove the dummy kernel module.

$ rmmod dummy;

Edit Routing Table

Add Route

How To Add Route on Linux – devconnected

$ sudo ip route add 10.0.3.0/24 via 10.0.3.1

특정 인터페이스의 IP 주소 확인 방법

"nebula1" 인터페이스의 IPv4 주소 확인하는 스크립트:

ip -4 addr show nebula1 | grep -oP '(?<=inet\s)\d+(\.\d+){3}'

서로 다른 대역의 IP끼리 통신하도록 설정하는 방법

Internet Protocol#서로 다른 대역의 IP끼리 통신하도록 설정하는 방법 항목 참조.

Examples

[추천] Linux ip Command Examples - nixCraft

다음과 같은 예제 추가:

List all network interfaces details
Assign an IP address
Delete the IP address
Flush the IP address
Mark interface as UP or DOWN
Set the txqueuelen
Set the MTU
Show ARP cache
Add a new ARP entry
Delete a ARP entry
Flush ARP cache
Show routing table
Add a new route
Delete a route
Change MAC address
Configure color output
Displaying all IP address
Old vs. new tool