Linux netstat命令详解2
Netstat命令用于显示与IP、TCP、UDP和ICMP协议相关的统计数据,一般用于检验本机各端口的网络连接情况。
在Internet RFC标准中,Netstat的定义是: Netstat是在内核中访问网络及相关信息的程序,它能提供TCP连接,TCP和UDP监听,进程内存管理的相关报告。
检查2222 端口的相关信息:
[root@singledb ~]# netstat -an |grep 2222 tcp 0 0 :::2222 :::* LISTEN tcp 0 0 ::ffff:192.168.3.200:2222 ::ffff:192.168.3.115:53516 ESTABLISHED
该命令的帮助文档如下:
[root@singledb ~]# netstat -h usage: netstat [-veenNcCF] [<Af>] -r netstat {-V|--version|-h|--help} netstat [-vnNcaeol] [<Socket> ...] netstat { [-veenNac] -I[<Iface>] | [-veenNac] -i | [-cnNe] -M | -s } [delay] -r, --route display routing table -I, --interfaces=[<Iface>] display interface table for <Iface> -i, --interfaces display interface table -g, --groups display multicast group memberships -s, --statistics display networking statistics (like SNMP) -M, --masquerade display masqueraded connections -v, --verbose be verbose -n, --numeric don't resolve names --numeric-hosts don't resolve host names --numeric-ports don't resolve port names --numeric-users don't resolve user names -N, --symbolic resolve hardware names -e, --extend display other/more information -p, --programs display PID/Program name for sockets -c, --continuous continuous listing -l, --listening display listening server sockets -a, --all, --listening display all sockets (default: connected) -o, --timers display timers -F, --fib display Forwarding Information Base (default) -C, --cache display routing cache instead of FIB -T, --notrim stop trimming long addresses -Z, --context display SELinux security context for sockets <Iface>: Name of interface to monitor/list. <Socket>={-t|--tcp} {-u|--udp} {-S|--sctp} {-w|--raw} {-x|--unix} --ax25 --ipx --netrom <AF>=Use '-A <af>' or '--<af>'; default: inet List of possible address families (which support routing): inet (DARPA Internet) inet6 (IPv6) ax25 (AMPR AX.25) netrom (AMPR NET/ROM) ipx (Novell IPX) ddp (Appletalk DDP) x25 (CCITT X.25)
在上面的命令里讲了一个参数的意思。 如果想查看更详细的内容,可以使用man命令。 这个可以显示的更详细。
Netstat的一些常用选项 :
netstat -s: 按照各个协议分别显示其统计数据。
netstat -r: 显示关于路由表的信息。
netstat -a: 显示一个所有的有效连接信息列表.
netstat -n: 显示所有已建立的有效连接。
[root@singledb ~]# netstat -a Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 localhost.localdomain:2208 *:* LISTEN tcp 0 0 192.168.122.1:domain *:* LISTEN tcp 0 0 ::ffff:192.168.3.200:ssh ::ffff:192.168.3.115:51710 ESTABLISHED tcp 0 0 ::ffff:192.16:rockwell-csp2 ::ffff:192.168.3.115:53516 ESTABLISHED udp 0 0 *:48902 *:* udp 0 0 192.168.122.1:domain *:* udp 0 0 *:mdns *:* Active UNIX domain sockets (servers and established) Proto RefCnt Flags Type State I-Node Path unix 2 [ ACC ] STREAM LISTENING 6166 @ISCSIADM_ABSTRACT_NAMESPACE unix 28 [ ] DGRAM 6709 /dev/log unix 2 [ ACC ] STREAM LISTENING 9022 /dev/gpmctl unix 2 [ ACC ] STREAM LISTENING 6702 /var/run/audispd_events
以其中一条做说明:
tcp 0 0 ::ffff:192.168.3.200:ssh ::ffff:192.168.3.115:51710 ESTABLISHED
协议(Proto):TCP,指是传输层通讯协议。
有关TCP, 可以参考Blog:
网络七层协议 说明
http://blog.csdn.net/tianlesoftware/archive/2010/11/16/6012976.aspx
Local Address:::ffff:192.168.3.200:ssh,本地的IP地址,和用于连接的端口, 这里写成ssh了。 指的是SSH 端口。
Foreign Address: ffff:192.168.3.115:51710, 远程机器的的IP地址和连接的端口。
State:ESTABLISHED。 连接状态。可有一下几种状态:
LISTEN :在监听状态中。
ESTABLISHED:已建立联机的联机情况。
TIME_WAIT:该联机在目前已经是等待的状态。
[root@singledb ~]# netstat -n Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 132 ::ffff:192.168.3.200:22 ::ffff:192.168.3.115:51710 ESTABLISHED tcp 0 0 ::ffff:192.168.3.200:2222 ::ffff:192.168.3.115:53516 ESTABLISHED
--刚才这里显示的SSH。 现在显示成对应的端口了。
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags Type State I-Node Path
unix 28 [ ] DGRAM 6709 /dev/log
unix 2 [ ] DGRAM 1413 @/org/kernel/udev/udevd
unix 2 [ ] DGRAM 7379 @/org/freedesktop/hal/udev_event
unix 2 [ ] DGRAM 15309
unix 2 [ ] DGRAM 13877
unix 2 [ ] DGRAM 13005
unix 3 [ ] STREAM CONNECTED 12935
unix 3 [ ] STREAM CONNECTED 12934
unix 2 [ ] DGRAM 12930
Netstat -n基本上是-a参数的数字形式,-a 和 -n 是最常用的两个,其中
(1)-n 显示用数字化主机名,即IP地址
(2)-n 只显示TCP连接
[root@singledb ~]# netstat -r Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 192.168.3.0 * 255.255.255.0 U 0 0 0 bond0 192.168.122.0 * 255.255.255.0 U 0 0 0 virbr0 169.254.0.0 * 255.255.0.0 U 0 0 0 bond0 default 192.168.3.1 0.0.0.0 UG 0 0 0 bond0
[root@singledb ~]# netstat -s Ip: 63105 total packets received 0 forwarded 0 incoming packets discarded 41834 incoming packets delivered 33322 requests sent out Icmp: 1377 ICMP messages received 0 input ICMP message failed. ICMP input histogram: destination unreachable: 1377 1377 ICMP messages sent 0 ICMP messages failed ICMP output histogram: destination unreachable: 1377 IcmpMsg: InType3: 1377 OutType3: 1377 Tcp: 147 active connections openings 33 passive connection openings 0 failed connection attempts 0 connection resets received 2 connections established 31684 segments received 31347 segments send out 393 segments retransmited 0 bad segments received. 0 resets sent Udp: 132 packets received 1 packets to unknown port received. 0 packet receive errors 201 packets sent TcpExt: 23 TCP sockets finished time wait in fast timer 7032 delayed acks sent 10 delayed acks further delayed because of locked socket Quick ack mode was activated 8137 times 2 packets directly queued to recvmsg prequeue. 2 packets directly received from prequeue 3496 packets header predicted 2325 acknowledgments not containing data received 7805 predicted acknowledgments 6 times recovered from packet loss due to SACK data TCPDSACKUndo: 3 12 congestion windows recovered after partial ack 3 TCP data loss events 5 fast retransmits 3 retransmits in slow start 137 other TCP timeouts 2 sack retransmits failed 8137 DSACKs sent for old packets 24 DSACKs received IpExt: InMcastPkts: 36 OutMcastPkts: 40 InBcastPkts: 8617 [root@singledb ~]#