[Linux] netstat命令和ss命令

1. netstat输出结果

netstat的输出结果可以分为两个部分
Part1 => Active Internet connections 有源TCP连接,其中"Recv-Q"和"Send-Q"指接收队列和发送队列;这些数字如果不为0则表示软件包正在队列中堆积。
Part2 => Active UNIX domain sockets 有源Unix域套接口,只能用于本机通信,性能可以提高一倍。

注:netstat默认不显示udp协议、不显示状态为LISTEN

[root@xxserver bin]# netstat
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp       32      0 HA-node1-cluster-he:35762 HA-node1-cluster-h:efi-mg CLOSE_WAIT
tcp       32      0 HA-node1-cluster-he:48560 HA-node2-cluster-h:efi-mg CLOSE_WAIT
tcp        0      0 xxserver:ssh             169.177.166.247:53827   ESTABLISHED
……
tcp6       0      0 localhost:44208         localhost:mysql         ESTABLISHED
tcp6       0      0 localhost:61613         localhost:34190         ESTABLISHED
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags       Type       State         I-Node   Path
unix  3      [ ]         DGRAM                    11527    /run/systemd/notify
unix  2      [ ]         DGRAM 
……
unix  3      [ ]         STREAM     CONNECTED     32670    /run/dbus/system_bus_socket

 

2.常用参数

-a 显示所有选项,默认不显示LISTEN相关
-t 仅显示tcp相关选项
-u 仅显示udp相关选项
-w 仅显示RAW相关选项
-x 仅显示unix相关选项
-n 拒绝显示别名,能显示数字的全部转化成数字
-l 仅列出有在 Listen (监听) 的服务状态
-p 显示正在使用Socket的程序名和PID
-r 显示路由表
-i 显示网络接口列表
-s 按各个协议进行统计
-c 每隔一个固定时间执行该netstat命令

举例:

(1) -a 列出所有端口(包括监听和未监听的)
netstat -a  列出所有端口
netstat -at 列出所有 tcp 端口 
netstat -au 列出所有 udp 端口

(2) -l 只显示监听端口
只显示监听端口 netstat -l
只列出所有监听 tcp 端口 netstat -lt
只列出所有监听 udp 端口 netstat -lu
只列出所有监听 UNIX 端口 netstat -lx

说明:为什么udp和raw的State不打印LISTEN? 查看 man netstat解释如下

Since there are no states in raw mode and usually no states used in UDP and UDPLite, this column may be left blank.

[root@xxserver bin]# netstat -l
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 0.0.0.0:rsync           0.0.0.0:*               LISTEN
tcp6       0      0 [::]:42242              [::]:*                  LISTEN
……
udp        0      0 HA-node1-ne:45334         0.0.0.0:*
udp6       0      0 192.169.4.202:snmptrap  [::]:*
raw6       0      0 [::]:ipv6-icmp          [::]:*                  7
Active UNIX domain sockets (only servers)
Proto RefCnt Flags       Type       State         I-Node   Path
unix  2      [ ACC ]     STREAM     LISTENING     42703    private/relay
unix  2      [ ACC ]     STREAM     LISTENING     42712    private/retry
……

(3) netstat -s 显示每个协议的统计信息

(4) netstat -p 输出中显示PID和进程名称 

[root@xxserver ~]# netstat -ap
tcp        0      0 0.0.0.0:ssh             0.0.0.0:*               LISTEN      22533/sshd
udp6       0      0 192.169.4.202:snmptrap  [::]:*                              26680/java
……

(5) netstat -n 输出中不显示主机、端口和用户名 (host, port or user)

[root@xxserver ~]# netstat -anp | grep ssh
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      22533/sshd
udp6       0      0 192.169.4.202:162       :::*                                26680/java
……

说明:如果仅不想让其中一个被显示,使用以下命令
# netsat -a --numeric-ports
# netsat -a --numeric-hosts
# netsat -a --numeric-users

(6) netstat -c 持续输出netstat信息
默认1秒打印一次 netstat -auc | grep snmp
设置5秒打印一次 netstat -auc 5 | grep snmp

[root@xxxserver ~]# netstat -auc | grep snmp
Tue Mar 30 17:08:23 CST 2021
udp6       0      0 192.169.4.202:snmptrap  [::]:*
udp6       0      0 192.169.4.202:snmptrap  [::]:*
udp6       0      0 192.169.4.202:snmptrap  [::]:*
udp6       0      0 192.169.4.202:snmptrap  [::]:*
^C
[root@xxxserver ~]# 

(7) 显示路由信息 netstat -r 输出结果同route

(8) 显示网络接口列表 netstat -i,netstat -ie输出结果同ifconfig

[root@xxxserver ~]# netstat -i
Kernel Interface table
Iface             MTU    RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg
ens164           1500  4649150      0     30 0       6231154      0      0      0 BMRU
ens192           1500  4596573      0     29 0       2720436      0      0      0 BMRU
lo              65536 16194199      0      0 0      16194199      0      0      0 LRU
virbr0           1500        0      0      0 0             0      0      0      0 BMU
[root@xxxserver ~]#

 

3.套接口的State

Active Internet connections
   State
       The  state  of the socket. Since there are no states in raw mode and usually no states used in UDP and
       UDPLite, this column may be left blank
. Normally this can be one of several values:

       ESTABLISHED
              The socket has an established connection.
       SYN_SENT
              The socket is actively attempting to establish a connection.
       SYN_RECV
              A connection request has been received from the network.
       FIN_WAIT1
              The socket is closed, and the connection is shutting down.
       FIN_WAIT2
              Connection is closed, and the socket is waiting for a shutdown from the remote end.
       TIME_WAIT
              The socket is waiting after close to handle packets still in the network.
       CLOSE  The socket is not being used.
       CLOSE_WAIT
              The remote end has shut down, waiting for the socket to close.
       LAST_ACK
              The remote end has shut down, and the socket is closed. Waiting for acknowledgement.
       LISTEN The socket is listening for incoming connections.  Such sockets are not included in the  output
              unless you specify the --listening (-l) or --all (-a) option.
       CLOSING
              Both sockets are shut down but we still don't have all our data sent.
       UNKNOWN
              The state of the socket is unknown.

各个状态解释可参考另一篇博文,TCP的连接建立和释放 https://blog.csdn.net/wy_hhxx/article/details/103980331

Active UNIX domain Sockets
   State
       This field will contain one of the following Keywords:

       FREE   The socket is not allocated
       LISTENING
              The socket is listening for a connection request.  Such sockets are only included in the output
              if you specify the --listening (-l) or --all (-a) option.
       CONNECTING
              The socket is about to establish a connection.
       CONNECTED
              The socket is connected.
       DISCONNECTING
              The socket is disconnecting.
       (empty)
              The socket is not connected to another one.
       UNKNOWN
              This state should never happen.

 

参考资料:

Linux netstat命令详解及state的含义 https://blog.csdn.net/libaineu2004/article/details/82465215

========================================================================  

ss命令,偷个懒 囧

ss比netstat快的主要原因是,netstat是遍历/proc下面每个PID目录,ss直接读/proc/net下面的统计信息。所以ss执行的时候消耗资源以及消耗的时间都比netstat少很多。

ss命令和netstat命令比较   https://cloud.tencent.com/developer/article/1026969
Linux网络状态工具ss命令使用详解   http://www.ttlsa.com/linux-command/ss-replace-netstat/

你可能感兴趣的:(Linux,计算机网络)