在Internet RFC标准中,Netstat的定义是: Netstat是在内核中访问网络及相关信息的程序,它能提供TCP连接,TCP和UDP监听,进程内存管理的相关报告。
检查2222 端口的相关信息:
[root@singledb ~]# netstat -an |grep 2222
tcp 0 0 :::2222 :::* LISTEN
tcp 0 0 ::ffff:192.168.3.200:2222 ::ffff:192.168.3.115:53516 ESTABLISHED
该命令的帮助文档如下:
[root@singledb ~]# netstat -h
usage: netstat [-veenNcCF] [<Af>] -r netstat {-V|--version|-h|--help}
netstat [-vnNcaeol] [<Socket> ...]
netstat { [-veenNac] -I[<Iface>] | [-veenNac] -i | [-cnNe] -M | -s } [delay]
-r, --route display routing table
-I, --interfaces=[<Iface>] display interface table for <Iface>
-i, --interfaces display interface table
-g, --groups display multicast group memberships
-s, --statistics display networking statistics (like SNMP)
-M, --masquerade display masqueraded connections
-v, --verbose be verbose
-n, --numeric don't resolve names
--numeric-hosts don't resolve host names
--numeric-ports don't resolve port names
--numeric-users don't resolve user names
-N, --symbolic resolve hardware names
-e, --extend display other/more information
-p, --programs display PID/Program name for sockets
-c, --continuous continuous listing
-l, --listening display listening server sockets
-a, --all, --listening display all sockets (default: connected)
-o, --timers display timers
-F, --fib display Forwarding Information Base (default)
-C, --cache display routing cache instead of FIB
-T, --notrim stop trimming long addresses
-Z, --context display SELinux security context for sockets
<Iface>: Name of interface to monitor/list.
<Socket>={-t|--tcp} {-u|--udp} {-S|--sctp} {-w|--raw} {-x|--unix} --ax25 --ipx --netrom
<AF>=Use '-A <af>' or '--<af>'; default: inet
List of possible address families (which support routing):
inet (DARPA Internet) inet6 (IPv6) ax25 (AMPR AX.25)
netrom (AMPR NET/ROM) ipx (Novell IPX) ddp (Appletalk DDP)
x25 (CCITT X.25)
在上面的命令里讲了一个参数的意思。 如果想查看更详细的内容,可以使用man命令。 这个可以显示的更详细。
Netstat的一些常用选项 :
netstat -s: 按照各个协议分别显示其统计数据。
netstat -r: 显示关于路由表的信息。
netstat -a: 显示一个所有的有效连接信息列表.
netstat -n: 显示所有已建立的有效连接。
[root@singledb ~]# netstat -a
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 localhost.localdomain:2208 *:* LISTEN
tcp 0 0 192.168.122.1:domain *:* LISTEN
tcp 0 0 ::ffff:192.168.3.200:ssh ::ffff:192.168.3.115:51710 ESTABLISHED
tcp 0 0 ::ffff:192.16:rockwell-csp2 ::ffff:192.168.3.115:53516 ESTABLISHED
udp 0 0 *:48902 *:*
udp 0 0 192.168.122.1:domain *:*
udp 0 0 *:mdns *:*
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 6166 @ISCSIADM_ABSTRACT_NAMESPACE
unix 28 [ ] DGRAM 6709 /dev/log
unix 2 [ ACC ] STREAM LISTENING 9022 /dev/gpmctl
unix 2 [ ACC ] STREAM LISTENING 6702 /var/run/audispd_events
以其中一条做说明:
tcp 0 0 ::ffff:192.168.3.200:ssh ::ffff:192.168.3.115:51710 ESTABLISHED
协议(Proto):TCP,指是传输层通讯协议。
有关TCP, 可以参考Blog:
网络七层协议 说明
http://blog.csdn.net/tianlesoftware/archive/2010/11/16/6012976.aspx
Local Address:::ffff:192.168.3.200:ssh,本地的IP地址,和用于连接的端口, 这里写成ssh了。 指的是SSH端口。
Foreign Address: ffff:192.168.3.115:51710, 远程机器的的IP地址和连接的端口。
State:ESTABLISHED。 连接状态。可有一下几种状态:
LISTEN :在监听状态中。
ESTABLISHED:已建立联机的联机情况。
TIME_WAIT:该联机在目前已经是等待的状态。
[root@singledb ~]# netstat -n
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 132 ::ffff:192.168.3.200:22 ::ffff:192.168.3.115:51710 ESTABLISHED
tcp 0 0 ::ffff:192.168.3.200:2222 ::ffff:192.168.3.115:53516 ESTABLISHED
--刚才这里显示的SSH。 现在显示成对应的端口了。
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags Type State I-Node Path
unix 28 [ ] DGRAM 6709 /dev/log
unix 2 [ ] DGRAM 1413 @/org/kernel/udev/udevd
unix 2 [ ] DGRAM 7379 @/org/freedesktop/hal/udev_event
unix 2 [ ] DGRAM 15309
unix 2 [ ] DGRAM 13877
unix 2 [ ] DGRAM 13005
unix 3 [ ] STREAM CONNECTED 12935
unix 3 [ ] STREAM CONNECTED 12934
unix 2 [ ] DGRAM 12930
Netstat -n基本上是-a参数的数字形式,-a 和 -n 是最常用的两个,其中
(1)-n 显示用数字化主机名,即IP地址
(2)-n 只显示TCP连接
[root@singledb ~]# netstat -r
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.3.0 * 255.255.255.0 U 0 0 0 bond0
192.168.122.0 * 255.255.255.0 U 0 0 0 virbr0
169.254.0.0 * 255.255.0.0 U 0 0 0 bond0
default 192.168.3.1 0.0.0.0 UG 0 0 0 bond0
[root@singledb ~]# netstat -s
Ip:
63105 total packets received
0 forwarded
0 incoming packets discarded
41834 incoming packets delivered
33322 requests sent out
Icmp:
1377 ICMP messages received
0 input ICMP message failed.
ICMP input histogram:
destination unreachable: 1377
1377 ICMP messages sent
0 ICMP messages failed
ICMP output histogram:
destination unreachable: 1377
IcmpMsg:
InType3: 1377
OutType3: 1377
Tcp:
147 active connections openings
33 passive connection openings
0 failed connection attempts
0 connection resets received
2 connections established
31684 segments received
31347 segments send out
393 segments retransmited
0 bad segments received.
0 resets sent
Udp:
132 packets received
1 packets to unknown port received.
0 packet receive errors
201 packets sent
TcpExt:
23 TCP sockets finished time wait in fast timer
7032 delayed acks sent
10 delayed acks further delayed because of locked socket
Quick ack mode was activated 8137 times
2 packets directly queued to recvmsg prequeue.
2 packets directly received from prequeue
3496 packets header predicted
2325 acknowledgments not containing data received
7805 predicted acknowledgments
6 times recovered from packet loss due to SACK data
TCPDSACKUndo: 3
12 congestion windows recovered after partial ack
3 TCP data loss events
5 fast retransmits
3 retransmits in slow start
137 other TCP timeouts
2 sack retransmits failed
8137 DSACKs sent for old packets
24 DSACKs received
IpExt:
InMcastPkts: 36
OutMcastPkts: 40
InBcastPkts: 8617
[root@singledb ~]#