Network

Certificate

Certbot for SSL certificates.

`wget`

下载全站资料
-P 表示下载到哪个目录
-r 表示递归下载
-np 表示不下载旁站连接.
-k 表示将下载的网页里的链接修改为本地链接.
-p 获得所有显示网页所需的元素

wget -r -p -np -k -P ~/tmp/ http://java-er.com

SSH

Key

ssh-keygen -t rsa
ssh-add ~/.ssh/id_rsa

SSHD

config file in /etc/ssh/sshd_config

sudo systemctl reload sshd
sudo service restart sshd

AllowUsers root
AllowUsers sabertaz

Config File

~/.ssh/config:

Host 别名
- HostName 主机名(ip) ssh user@ip
- Port 可忽略
- User 登录用户名 ssh user@ip
- PreferredAuthentications publicKey
- IdentityFile 密钥文件完整路径 ssh -i file

Host github.com
  HostName github.com
  PreferredAuthentications publicKey
  IdentityFile ~/.ssh/id_rsa
Host cs.github.com
  HostName github.com
  PreferredAuthentications publicKey
  IdentityFile ~/.ssh/cs
Host cloud
    HostName xx.org
    User  root
    IdentityFile ~/.ssh/dsl_private_key
Host bwg
    HostName 23.106.150.152
    User root
    Port 29692

git clone git@github.com:user/repo
git clone git@cs.github.com:user/repo

ssh -qTfnN -D 1080 bwg
google-chrome socks5 127.0.0.1 1080

Key File

Set up SSH key:

# Generate SSH key
ssh-keygen -t ed25519 -a 200 -C "your_email@example.com"

# Add SSH public key to remote host
cat ~/.ssh/id_ed25519.pub | ssh b@B 'cat >> ~/.ssh/authorized_keys'

# Add SSH public key to remote host
ssh-copy-id -i ~/.ssh/id_ed25519.pub user@192.168.x.xxx

# Copy SSH private key to clipboard
xclip < ~/.ssh/id_ed25519

# Login to remote host
ssh -i sabertaz root@119.29.140.60

# File transfer
sftp -i sabertaz root@119.29.140.60

# Login to database
mysql -h 10.66.135.125 -P 3306 -u root -p

Remote Sync File

rsync -ax -e 'ssh -c blowfish' /root/start_dir root@x.x.x.x:/root/dest_dir

sshpass -p "$DEPLOY_PASSWORD" \
  scp -o StrictHostKeyChecking=no \
      -P $DEPLOY_PORT \
      -r ./build $DEPLOY_USER@$DEPLOY_ADDR:/var/www/html

IP

用途	net-tool(被淘汰)	iproute2
地址和链路配置	ifconfig	ip addr, ip link
路由表	route	ip route
邻居	arp	ip neigh
VLAN	vconfig	ip link
隧道	iptunnel	ip tunnel
组播	ipmaddr	ip maddr
统计	netstat	ss

ip link show
ip address show
ip route show

# add commands to /etc/init.d/local.sh

rm -fr /etc/udev/rules.d/70-persistent-net.rules

# start up network adapter
ip link set eth0 up

# add/delete static ip
ip address add 192.168.1.1/24 dev eth0
ip address del 192.168.1.1/24 dev eth0

# add/delete static route
ip route add 192.168.1.0/24 dev eth0
ip route del 192.168.1.0/24 dev eth0
ip route add default via 192.168.0.196

# watch packets
watch -n 1 "ifconfig eth0"
watch -n 1 "ifconfig eth1"
watch -n 1 "ifconfig eth2"

Network Manager

nmcli for CLI tool, nmtui for terminal user interface:

nmcli dev wifi connect <name> password <password>

Wi-Fi

lspci -k | grep Network
rfkill list # 查看无线连接是否被禁用 (blocked: yes)
ip link set wlan0 up
rfkill unblock wifi

iwctl # 进入交互式命令行
device list # 列出无线网卡设备名
station wlan0 scan # 扫描网络
station wlan0 get-networks # 列出所有 Wi-Fi 网络
station wlan0 connect wifi-name # 进行连接
exit # 退出交互式命令行

Ufw

ufw status
ufw enable
ufw allow ssh
ufw allow http
ufw allow https

Iptables

Fail2ban

Arp

arp -a显示地址解析协议 (IP 地址—网卡地址):

网际互联层：IP 协议(网际)、IGMP 协议(互联网组管理)、ICMP 协议(互联网控制报文)
传输层：TCP 协议(传输控制)、UDP 协议(用户数据报)

Netstat

netstat -an查看本机启用的端口:

(-a 查看所有连接和监听端口 -n 显示 IP 地址和端口号)
-t tcp 协议端口
-u udp 协议端口
-l 监听状态服务

Nslookup

nslookup domain_name 查看 DNS 解析器: /etc/network/interfaces.

主机名:

/etc/hostname.
/etc/sysconfig/network.
/etc/resolv.conf.

Ping

ping -c ip/domain探测网络状况

Telnet

telnet [ip/domain] [端口]远程管理与端口探测命令

Traceroute

traceroute [-n IP] domain路由跟踪命令
traceroute -n -I -T -p路由扫描

Nftables

nftables 命令行工具 (network filter): nft.

Fping

fping -a -u -g -f [target]批量扫描主机地址

Hping

hping -p -S -a可伪造 IP 地址

Mtr

路由扫描

Nmap

批量主机服务扫描:

-P ICMP
-sS TCP SYN
-sT TCP connect()
-sU UDP

Ncat

批量主机服务扫描:

-w 设置超时时间
-v 显示命令执行过程
-z 一个输入输出模式
-u UDP 协议

Socat

sudo pacman -S socat
# 将本地 8080 端口的流量转发到远程服务器的 80 端口
socat TCP4-LISTEN:8080,fork TCP4:remote-server.com:80
# 读写串口设备
socat - /dev/ttyS0,raw,echo=0,crnl

Sar

Check network interface throughput:

`sar -n DEV 1`

Check key TCP metrics:

`sar -n TCP,ETCP 1`

GFW

Hosts

GitHub520:

curl -L https://raw.hellogithub.com/hosts >> /etc/hosts

Client

Verge: Clash Meta (Mihomo) GUI based on Tauri.
Party: Another Mihomo GUI.
ProxyChains: Proxy any TCP connection.

Server

DuYao: 机场测速.
Nexitally: 奶昔机场.
Tag: Tag 机场.
Flower: 花云机场.
Sublink: 下一代订阅管理中心.
SingBox: Sing-box server scripts.

VPN

GFWList: GFW list.
OpenVPN: Open source VPN daemon.
DockerVPN: Docker image to run an IPsec VPN server.

Certificate​

wget​

SSH​

Key​

SSHD​

Config File​

Key File​

Remote Sync File​

IP​

Network Manager​

Wi-Fi​

Ufw​

Iptables​

Fail2ban​

Arp​

Netstat​

Nslookup​

Ping​

Telnet​

Traceroute​

Nftables​

Fping​

Hping​

Mtr​

Nmap​

Ncat​

Socat​

Sar​

GFW​

Hosts​

Client​

Server​

VPN​