Iproute2
(OSI 네트워크 계층의 프로토콜은 Internet Protocol 항목 참조.)
iproute2 is a collection of userspace utilities for controlling and monitoring various aspects of networking in the Linux kernel, including routing, network interfaces, tunnels, traffic control, and network-related device drivers.
iproute2 is an open-source project released under the terms of version 2 of the GNU General Public License. Its development is closely tied to the development of networking components of the Linux kernel. As of December 2013, iproute2 is maintained by Stephen Hemminger. The original author, Alexey Kuznetsov, was responsible for the quality of service (QoS) implementation in the Linux kernel.
iproute2 collection contains the following command-line utilities: ip, ss, bridge, rtacct, rtmon, tc, ctstat, lnstat, nstat, routef, routel, rtstat, tipc, arpd and devlink. tc is used for traffic control. iproute2 utilities communicate with the Linux kernel using the netlink protocol. Some of the iproute2 utilities are often recommended over now-obsolete net-tools utilities that provide the same functionality. Below is a table of obsolete utilities and their iproute2 replacements.
ip (linux command)
ip는 리눅스 운영체계에서 네트워크 매니저 데몬 (network manager daemon)수준에서 ip 관련 정보 조회및 설정에 관련한 명령어이다.
ip 명령어는 링크(link),라우트(route),ip address등 컴퓨터상의 네트워크에 관한 광범위한 정보조회가 가능한 기본 명령어이다.
Legacy utility | Replacement command | Note |
ip addr, ip link, ip -s | Address and link configuration | |
route | ip route | Routing tables |
arp | ip neigh | Neighbors |
iptunnel | ip tunnel | Tunnels |
nameif | ifrename, ip link set name | Rename network interfaces |
ipmaddr | ip maddr | Multicast |
ip -s, ss, ip route | Show various networking statistics | |
brctl | bridge | Handle bridge addresses and devices |
네트워크 인테페이스가 물리적으로 연결되었는지 확인하는 방법
ip link
명령을 치면 인터페이스 상태 정보 옆에 state DOWN
이 state UP
으로 전환되면 된다.
$ ip link
...
2: wlp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DORMANT group default qlen 1000
...
Installing The Linux Dummy-Network Interface
If your NST system does not have an active NIC adapter installed or is off-line from the network, you can install a Dummy Network Interface Module to simulate a network computing environment. This can be quite useful for testing out various networking tools (e.g., Wireshark and Snort) with the Network Security Toolkit when off-line. Use the following procedure to install the Linux Dummy-Network Interface:
1. Add an IP address and host name to your "/etc/hosts" table. For example, an Internet address of 10.0.0.1 would result in:
2. Preload the dummy network driver on the machine. If this command is successful, you do not receive any messages from the server.
3. Create the interface(s) (Example: Network Interface: dummy1):
4. Bind an IPv4 Address to Network Interface dummy1:
5. Bring the dummy1 Network Interface up:
6. If you need to add more than one (1) dummy interface use the following:
$ ip link add dummy2 type dummy;
$ ip link add dummy3 type dummy;
$ ip addr add 10.0.0.2/24 dev dummy2;
$ ip addr add 10.0.0.3/24 dev dummy3;
$ ip link set dummy2 up;
$ ip link set dummy3 up;
7. Check the network bindings with the linux ip command:
[root@nst28-dev ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: dummy1: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
link/ether 36:f5:1b:3a:12:41 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.1/24 scope global dummy1
valid_lft forever preferred_lft forever
inet6 fe80::34f5:1bff:fe3a:1241/64 scope link
valid_lft forever preferred_lft forever
3: dummy2: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
link/ether 6a:5c:3f:56:dc:2d brd ff:ff:ff:ff:ff:ff
inet 10.0.0.2/24 scope global dummy2
valid_lft forever preferred_lft forever
inet6 fe80::685c:3fff:fe56:dc2d/64 scope link
valid_lft forever preferred_lft forever
4: dummy3: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
link/ether 86:d5:9f:08:f1:32 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.3/24 scope global dummy3
valid_lft forever preferred_lft forever
inet6 fe80::84d5:9fff:fe08:f132/64 scope link
valid_lft forever preferred_lft forever
Removing The Linux Dummy-Network Interface
1. Unbind the dummy established Network Interface(s):
2. Remove interface:
3. Remove the dummy kernel module.
Edit Routing Table
Add Route
특정 인터페이스의 IP 주소 확인 방법
"nebula1" 인터페이스의 IPv4 주소 확인하는 스크립트:
서로 다른 대역의 IP끼리 통신하도록 설정하는 방법
Internet Protocol#서로 다른 대역의 IP끼리 통신하도록 설정하는 방법 항목 참조.
Examples
다음과 같은 예제 추가:
- List all network interfaces details
- Assign an IP address
- Delete the IP address
- Flush the IP address
- Mark interface as UP or DOWN
- Set the txqueuelen
- Set the MTU
- Show ARP cache
- Add a new ARP entry
- Delete a ARP entry
- Flush ARP cache
- Show routing table
- Add a new route
- Delete a route
- Change MAC address
- Configure color output
- Displaying all IP address
- Old vs. new tool