netstat
简介
netstat命令用于显示各种网络相关信息,如网络连接,路由表,接口状态(interface statistice),masquerade连接,多播成员(Multicast Memberships)等等
输出信息含义
执行netstat后,其输出结果为
[root@yubing ~]# netstat
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 132 bogon:ssh bogon:sdproxy ESTABLISHED
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags Type State I-Node Path
unix 6 [ ] DGRAM 9036 /dev/log
unix 2 [ ] DGRAM 1835 @/org/kernel/udev/udevd
unix 2 [ ] DGRAM 10123
unix 2 [ ] DGRAM 9940
unix 2 [ ] DGRAM 9214
unix 2 [ ] DGRAM 9044
从整体上看,netstat的输出结果可以分为两个部分:
一个是Active Internet connections,称为有源TCP连接,其中“Recv-Q”和“Send-Q”指的是接收队列和发送队列。这些数字一般都应该是0.如果不是则表示软件包正在列队中堆积。这种情况只能在非常少的情况见到。
另一个是Active UNIX domain sockets,称为有源Unix域套接口(和网络套接字一样,但是只能用于本机通信,性能可以提高一倍)。
Proto显示连接使用的协议,RefCnt表示连接到本套接口上的进程号,Types显示套接口的类型,State显示套接口当前的状态,Path表示连接到套接口的其它进程使用的路径名。
常见参数:
-a (all)显示所有选项,默认不显示LISTEN相关
-t (tcp)仅显示tcp相关选项
-u (udp)仅显示udp相关选项
-n 拒绝显示别名,能显示数字的全部转化成数字。
-l 仅列出有在 Listen (监听) 的服務状态
-p 显示建立相关链接的程序名
-r 显示路由信息,路由表
-e 显示扩展信息,例如uid等
-s 按各个协议进行统计
-c 每隔一个固定时间,执行该netstat命令。
提示:LISTEN和LISTENING的状态只有用-a或者-l才能看到
[root@yubing ~]# netstat
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 132 bogon:ssh bogon:sdproxy ESTABLISHED
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags Type State I-Node Path
unix 6 [ ] DGRAM 9036 /dev/log
unix 2 [ ] DGRAM 1835 @/org/kernel/udev/udevd
unix 2 [ ] DGRAM 10123
unix 2 [ ] DGRAM 9940
unix 2 [ ] DGRAM 9214
unix 2 [ ] DGRAM 9044
[root@yubing ~]# netstat -a 列出所有端口
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:ssh *:* LISTEN
tcp 0 132 bogon:ssh bogon:sdproxy ESTABLISHED
udp 0 0 *:bootpc *:*
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 10136 /tmp/ssh-DQxsec2667/agent.2667
unix 6 [ ] DGRAM 9036 /dev/log
unix 2 [ ] DGRAM 1835 @/org/kernel/udev/udevd
unix 2 [ ] DGRAM 10123
unix 2 [ ] DGRAM 9940
unix 2 [ ] DGRAM 9214
unix 2 [ ] DGRAM 9044
[root@yubing ~]# netstat -at 列出所有tcp端口
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:ssh *:* LISTEN
tcp 0 132 bogon:ssh bogon:sdproxy ESTABLISHED
[root@yubing ~]# netstat -au 列出所有udp端口
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
udp 0 0 *:bootpc *:*
[root@yubing ~]# netstat -l 只显示监听端口
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:ssh *:* LISTEN
udp 0 0 *:bootpc *:*
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 10136 /tmp/ssh-DQxsec2667/agent.2667
[root@yubing ~]# netstat -s 显示所有端口的统计信息
Ip:
1356 total packets received
1 with invalid addresses
0 forwarded
0 incoming packets discarded
1355 incoming packets delivered
1800 requests sent out
Icmp:
0 ICMP messages received
0 input ICMP message failed.
ICMP input histogram:
0 ICMP messages sent
0 ICMP messages failed
ICMP output histogram:
Tcp:
0 active connections openings
2 passive connection openings
0 failed connection attempts
0 connection resets received
1 connections established
1328 segments received
1778 segments send out
0 segments retransmited
0 bad segments received.
0 resets sent
Udp:
18 packets received
0 packets to unknown port received.
0 packet receive errors
22 packets sent
TcpExt:
7 delayed acks sent
118 packets header predicted
951 acknowledgments not containing data received
0 TCP data loss events
IpExt:
InBcastPkts: 9
[root@yubing ~]# netstat -p 显示建立相关链接的程序名
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 148 bogon:ssh bogon:sdproxy ESTABLISHED 2667/0
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags Type State I-Node PID/Program name Path
unix 6 [ ] DGRAM 9036 2376/syslogd /dev/log
unix 2 [ ] DGRAM 1835 588/udevd @/org/kernel/udev/udevd
unix 2 [ ] DGRAM 10123 2667/0
unix 2 [ ] DGRAM 9940 2325/dhclient
unix 2 [ ] DGRAM 9214 2452/crond
unix 2 [ ] DGRAM 9044 2379/klogd
[root@yubing ~]# netstat -pt
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 148 bogon:ssh bogon:sdproxy ESTABLISHED 2667/0
[root@yubing ~]# netstat -an
当你不想让主机,端口和用户名显示,使用netstat -n。将会使用数字代替那些名称
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 :::22 :::* LISTEN
tcp 0 132 ::ffff:192.168.18.132:22 ::ffff:192.168.18.1:1297 ESTABLISHED
udp 0 0 0.0.0 .0:68 0.0.0 .0:*
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 10136 /tmp/ssh-DQxsec2667/agent.2667
unix 6 [ ] DGRAM 9036 /dev/log
unix 2 [ ] DGRAM 1835 @/org/kernel/udev/udevd
unix 2 [ ] DGRAM 10123
unix 2 [ ] DGRAM 9940
unix 2 [ ] DGRAM 9214
unix 2 [ ] DGRAM 9044
[root@yubing ~]# netstat -ap | grep ssh 找出程序运行的端口
并不是所有的进程都能找到,没有权限的会不显示,使用root权限查看所有的信息
tcp 0 0 *:ssh *:* LISTEN 2439/sshd
tcp 0 52 bogon:ssh bogon:sdproxy ESTABLISHED 2667/0
unix 2 [ ACC ] STREAM LISTENING 10136 2667/0 /tmp/ssh-DQxsec2667/agent.2667
[root@yubing ~]# netstat -an | grep ':80'
[root@yubing ~]# netstat -i 显示网络接口列表
Kernel Interface table
Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX -OK TX-ERR TX-DRP TX -OVR Flg
eth0 1500 0 1572 0 0 0 2011 0 0 0 BMRU
lo 16436 0 0 0 0 0 0 0 0 0 LRU
[root@yubing ~]# netstat -r 显示核心路由信息
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.18.0 * 255.255.255.0 U 0 0 0 eth0
169.254.0.0 * 255.255.0.0 U 0 0 0 eth0
default bogon 0.0.0 .0 UG 0 0 0 eth0
[root@yubing ~]# netstat -ie 显示详细信息,像是ifconfig
Kernel Interface table
eth0 Link encap:Ethernet HWaddr 00:0C:29:D6:54:00
inet addr:192.168.18.132 Bcast:192.168.18.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fed6:5400/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1603 errors:0 dropped:0 overruns:0 frame:0
TX packets:2034 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:125127 (122.1 KiB) TX bytes:261086 (254.9 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)