linux netstat 命令讲解
Command: netstat
Common Used:
netstat -tnlp # 输出处于监听状态的TCP链接端口信息,包含关联的进程信息,并且用数字代替主机名等信息。
Command Description:
用于显示网络信息,如网络链接,监听的端口号对应的服务,路由表,多播成员(Muticast Memberships)等。
Command Options:
-a (all)显示所有选项,默认不显示LISTEN相关
-t (tcp)仅显示tcp相关选项
-u (udp)仅显示udp相关选项
-n 拒绝显示别名,能显示数字的全部转化成数字。
-l 仅列出有在 Listen (监听) 的服務状态
-p 显示建立相关链接的程序名
-r 显示路由信息,路由表
-e 显示扩展信息,例如uid等
-s 按各个协议进行统计
-c 每隔一个固定时间,执行该netstat命令。
提示:LISTEN和LISTENING的状态只有用-a或者-l才能看到
Command Examples:
直接在shell中输入netstat命令,输出主要分为两块
|
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags Type State I-Node Path
unix 16 [ ] DGRAM 8455 /dev/log
unix 3 [ ] STREAM CONNECTED 20599 @/tmp/.ICE-unix/3262
unix 3 [ ] STREAM CONNECTED 19325
unix 3 [ ] STREAM CONNECTED 20598 @/tmp/.X11-unix/X0
|
Active Internet connection (w/o servers): 有源TCP连接,其中"Secv-Q"和"Send-Q"是指接受和发送队列,这些数字一般为0。
Active UNIX domain sockets (w/o servers): 有源Unix域套接字(和网络套接字一样,但只能用于本地通信,不错定能可以提高一倍)。
除了两类输出外,主要输出内容也有格式,如下
| Proto | 连接使用的协议 |
| RefCnt | 连接到本地套接字上的进程号 |
| Types | 显示套接字的类型 |
| Stat | 显示套接字当前的状态 |
| Path | 表示链接到套接字的其它进程使用的路径 |
1) 列出所有端口(包括监听与未监听的) netstat -a
|
wanran@wanran-virtual-machine:~/Documents$ netstat -a | more
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:http *:* LISTEN
tcp 0 0 wanran-virtual-m:domain *:* LISTEN
tcp 0 0 localhost:ipp *:* LISTEN
tcp6 0 0 ip6-localhost:ipp [::]:* LISTEN
udp 0 0 wanran-virtual-m:domain *:*
udp 0 0 *:bootpc *:*
udp 0 0 *:6270 *:*
udp 0 0 *:41786 *:*
udp 0 0 *:mdns *:*
udp6 0 0 [::]:48930 [::]:*
udp6 0 0 [::]:31298 [::]:*
udp6 0 0 [::]:mdns [::]:*
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 8916 /tmp/.X11-unix/X0
unix 16 [ ] DGRAM 8455 /dev/log
unix 2 [ ACC ] STREAM LISTENING 18042 /tmp/ssh-GcGMQ9fwII3u/agent.3135
unix 2 [ ACC ] STREAM LISTENING 18113 /tmp/ksocket-wanran/kdeinit4__0
unix 2 [ ACC ] STREAM LISTENING 18117 /tmp/ksocket-wanran/klauncherhX3243.slave-socket
unix 2 [ ACC ] STREAM LISTENING 17164 /tmp/.ICE-unix/3262
unix 2 [ ACC ] STREAM LISTENING 17024 @/tmp/dbus-SDnjEMzAxY
|
2) 列出所有TCP端口(包括监听与未监听的) netstat -at
|
wanran@wanran-virtual-machine:~/Documents$ netstat -at
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:http *:* LISTEN
tcp 0 0 wanran-virtual-m:domain *:* LISTEN
tcp 0 0 localhost:ipp *:* LISTEN
tcp6 0 0 ip6-localhost:ipp [::]:* LISTEN
|
3) 列出所有UDP端口(包括监听与未监听的) netstat -au
4) 只显示监听端口 netstat -l
|
wanran@wanran-virtual-machine:~/Documents$ netstat -l
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:http *:* LISTEN
tcp 0 0 wanran-virtual-m:domain *:* LISTEN
tcp 0 0 localhost:ipp *:* LISTEN
tcp6 0 0 ip6-localhost:ipp [::]:* LISTEN
udp 0 0 wanran-virtual-m:domain *:*
udp 0 0 *:bootpc *:*
udp 0 0 *:6270 *:*
udp 0 0 *:41786 *:*
udp 0 0 *:mdns *:*
udp6 0 0 [::]:48930 [::]:*
udp6 0 0 [::]:31298 [::]:*
udp6 0 0 [::]:mdns [::]:*
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 8916 /tmp/.X11-unix/X0
unix 2 [ ACC ] STREAM LISTENING 18042 /tmp/ssh-GcGMQ9fwII3u/agent.3135
unix 2 [ ACC ] STREAM LISTENING 18113 /tmp/ksocket-wanran/kdeinit4__0
unix 2 [ ACC ] STREAM LISTENING 18117 /tmp/ksocket-wanran/klauncherhX3243.slave-socket
unix 2 [ ACC ] STREAM LISTENING 17164 /tmp/.ICE-unix/3262
unix 2 [ ACC ] STREAM LISTENING 17024 @/tmp/dbus-SDnjEMzAxY
unix 2 [ ACC ] STREAM LISTENING 8741 /var/run/avahi-daemon/socket
unix 2 [ ACC ] STREAM LISTENING 17311 /home/wanran/.local/share/akonadi/socket-wanran-virtual-machine/mysql.socket
unix 2 [ ACC ] STREAM LISTENING 17326 /home/wanran/.local/share/akonadi/socket-wanran-virtual-machine/akonadiserver.socket
unix 2 [ ACC ] STREAM LISTENING 18562 /tmp/pulse-p6GGWXyOB8UC/native
unix 2 [ ACC ] STREAM LISTENING 19844 /tmp/virt_1111
unix 2 [ ACC ] STREAM LISTENING 18815 /tmp/ksocket-wanran/nepomuk-socket
unix 2 [ ACC ] STREAM LISTENING 8042 @/com/ubuntu/upstart
unix 2 [ ACC ] STREAM LISTENING 13114 /var/run/cups/cups.sock
unix 2 [ ACC ] STREAM LISTENING 8713 @/org/bluez/audio
unix 2 [ ACC ] STREAM LISTENING 8915 @/tmp/.X11-unix/X0
unix 2 [ ACC ] STREAM LISTENING 2923 /var/run/dbus/system_bus_socket
unix 2 [ ACC ] STREAM LISTENING 17163 @/tmp/.ICE-unix/3262
unix 2 [ ACC ] STREAM LISTENING 9630 /var/run/acpid.socket
unix 2 [ ACC ] SEQPACKET LISTENING 8141 /run/udev/control
unix 2 [ ACC ] STREAM LISTENING 17032 @/tmp/dbus-bw8F8jJ8Rq
unix 2 [ ACC ] STREAM LISTENING 9461 /var/run/sdp
|
5) 列出所有监听的TCP端口 netstat -lt
6) 列出所有监听的UDP端口 netstat -lu
7) 列出所有监听的UNIX端口 netstat -lx
8) 显示所有端口的统计信息(默认显示所有端口按照各种协议的统计) netstat -s
|
wanran@wanran-virtual-machine:~/Documents$ netstat -s
Ip:
2995 total packets received
4 with invalid addresses
0 forwarded
0 incoming packets discarded
2991 incoming packets delivered
932 requests sent out
Icmp:
22 ICMP messages received
0 input ICMP message failed.
ICMP input histogram:
destination unreachable: 16
echo requests: 1
echo replies: 5
22 ICMP messages sent
0 ICMP messages failed
ICMP output histogram:
destination unreachable: 16
echo request: 5
echo replies: 1
IcmpMsg:
InType0: 5
InType3: 16
InType8: 1
OutType0: 1
OutType3: 16
OutType8: 5
Tcp:
11 active connections openings
0 passive connection openings
6 failed connection attempts
1 connection resets received
0 connections established
1284 segments received
746 segments send out
33 segments retransmited
0 bad segments received.
1 resets sent
Udp:
99 packets received
16 packets to unknown port received.
0 packet receive errors
129 packets sent
UdpLite:
TcpExt:
43 delayed acks sent
908 packet headers predicted
2 acknowledgments not containing data payload received
148 predicted acknowledgments
9 other TCP timeouts
1 connections reset due to early user close
TCPRcvCoalesce: 480
IpExt:
InMcastPkts: 26
OutMcastPkts: 28
InBcastPkts: 1570
OutBcastPkts: 8
InOctets: 2029252
OutOctets: 82245
InMcastOctets: 4685
OutMcastOctets: 4765
InBcastOctets: 501371
OutBcastOctets: 399
|
9) 显示TCP统计信息 netstat -st
10) 显示UDP统计信息 netstat -su
11) 在输出中包含进程ID和进程名称 netstat -p
## netstat -p 可以与其它开关一起使用,就可以添加 “PID/进程名称” 到 netstat 输出中,这样 debugging 的时候可以很方便的发现特定端口运行的程序。 # netstat -pt Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 1 0 ramesh-laptop.loc:47212 192.168.185.75:www CLOSE_WAIT 2109/firefox tcp 0 0 ramesh-laptop.loc:52750 lax:www ESTABLISHED 2109/firefox |
12) 输出中不显示主机、端口号和用户名
| 当你不想让主机,端口和用户名显示,使用 netstat -n。将会使用数字代替那些名称。 同样可以加速输出,因为不用进行比对查询。 # netstat -an 如果只是不想让这三个名称中的一个被显示,使用以下命令 # netsat -a --numeric-ports # netsat -a --numeric-hosts # netsat -a --numeric-users |
13) 持续输出信息
| netstat 将每隔一秒输出网络信息。 # netstat -c Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 ramesh-laptop.loc:36130 101-101-181-225.ama:www ESTABLISHED tcp 1 1 ramesh-laptop.loc:52564 101.11.169.230:www CLOSING tcp 0 0 ramesh-laptop.loc:43758 server-101-101-43-2:www ESTABLISHED tcp 1 1 ramesh-laptop.loc:42367 101.101.34.101:www CLOSING ^C |
14) 显示核心路由信息 netstat -r
# netstat -r Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 192.168.1.0 * 255.255.255.0 U 0 0 0 eth2 link-local * 255.255.0.0 U 0 0 0 eth2 default 192.168.1.1 0.0.0.0 UG 0 0 0 eth2 注意: 使用 netstat -rn 显示数字格式,不查询主机名称。 |
15) 显示网络接口列表 netstat -i
# netstat -i Kernel Interface table Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg eth0 1500 0 0 0 0 0 0 0 0 0 BMU eth2 1500 0 26196 0 0 0 26883 6 0 0 BMRU lo 16436 0 4 0 0 0 4 0 0 0 LRU |
1)
Command Snapshots:
有道笔记连接: http://note.youdao.com/share/?id=0eca6458daea663749ade5a78007ac5a&type=note