Netstat命令

Netstat命令用于显示与IPTCPUDPICMP协议相关的统计数据,一般用于检验本机各端口的网络连接情况。

       Internet RFC标准中,Netstat的定义是: Netstat是在内核中访问网络及相关信息的程序,它能提供TCP连接,TCPUDP监听,进程内存管理的相关报告。

 

检查2222 端口的相关信息:

[root@singledb ~]# netstat -an |grep 2222

tcp        0      0 :::2222                     :::*                        LISTEN     

tcp        0      0 ::ffff:192.168.3.200:2222   ::ffff:192.168.3.115:53516  ESTABLISHED

      

 

该命令的帮助文档如下:

[root@singledb ~]# netstat -h

usage: netstat [-veenNcCF] [<Af>] -r         netstat {-V|--version|-h|--help}

       netstat [-vnNcaeol] [<Socket> ...]

       netstat { [-veenNac] -I[<Iface>] | [-veenNac] -i | [-cnNe] -M | -s } [delay]

 

        -r, --route                display routing table

        -I, --interfaces=[<Iface>] display interface table for <Iface>

        -i, --interfaces           display interface table

        -g, --groups               display multicast group memberships

        -s, --statistics           display networking statistics (like SNMP)

        -M, --masquerade           display masqueraded connections

        -v, --verbose              be verbose

        -n, --numeric              don't resolve names

        --numeric-hosts            don't resolve host names

        --numeric-ports            don't resolve port names

        --numeric-users            don't resolve user names

        -N, --symbolic             resolve hardware names

        -e, --extend               display other/more information

        -p, --programs             display PID/Program name for sockets

        -c, --continuous           continuous listing

        -l, --listening            display listening server sockets

        -a, --all, --listening     display all sockets (default: connected)

        -o, --timers               display timers

        -F, --fib            display Forwarding Information Base (default)

        -C, --cache                display routing cache instead of FIB

        -T, --notrim               stop trimming long addresses

        -Z, --context              display SELinux security context for sockets

 

  <Iface>: Name of interface to monitor/list.

  <Socket>={-t|--tcp} {-u|--udp} {-S|--sctp} {-w|--raw} {-x|--unix} --ax25 --ipx --netrom

  <AF>=Use '-A <af>' or '--<af>'; default: inet

  List of possible address families (which support routing):

    inet (DARPA Internet) inet6 (IPv6) ax25 (AMPR AX.25)

    netrom (AMPR NET/ROM) ipx (Novell IPX) ddp (Appletalk DDP)

    x25 (CCITT X.25)

      

       在上面的命令里讲了一个参数的意思。 如果想查看更详细的内容,可以使用man命令。 这个可以显示的更详细。

 

 

Netstat的一些常用选项 

       netstat -s: 按照各个协议分别显示其统计数据。

       netstat -r: 显示关于路由表的信息。

netstat -a: 显示一个所有的有效连接信息列表.

       netstat -n 显示所有已建立的有效连接。

 

 

[root@singledb ~]# netstat -a

Active Internet connections (servers and established)

Proto Recv-Q Send-Q Local Address               Foreign Address             State     

tcp        0      0 localhost.localdomain:2208  *:*                         LISTEN        

tcp        0      0 192.168.122.1:domain        *:*                         LISTEN      

tcp        0      0 ::ffff:192.168.3.200:ssh    ::ffff:192.168.3.115:51710  ESTABLISHED

tcp        0      0 ::ffff:192.16:rockwell-csp2 ::ffff:192.168.3.115:53516  ESTABLISHED

udp        0      0 *:48902                     *:*                                    

udp        0      0 192.168.122.1:domain        *:*                                                                      

udp        0      0 *:mdns                      *:*                                    

Active UNIX domain sockets (servers and established)

Proto RefCnt Flags       Type       State         I-Node Path

unix  2      [ ACC ]     STREAM     LISTENING     6166   @ISCSIADM_ABSTRACT_NAMESPACE

unix  28     [ ]         DGRAM                    6709   /dev/log

unix  2      [ ACC ]     STREAM     LISTENING     9022   /dev/gpmctl

unix  2      [ ACC ]     STREAM     LISTENING     6702   /var/run/audispd_events

 

以其中一条做说明:

tcp        0      0 ::ffff:192.168.3.200:ssh    ::ffff:192.168.3.115:51710  ESTABLISHED

 

协议(Proto):TCP,指是传输层通讯协议。

有关TCP, 可以参考Blog

       网络七层协议 说明

       http://blog.csdn.net/tianlesoftware/archive/2010/11/16/6012976.aspx

 

Local  Address::ffff:192.168.3.200:ssh,本地的IP地址,和用于连接的端口, 这里写成ssh了。 指的是SSH端口。  

Foreign Address ffff:192.168.3.115:51710 远程机器的的IP地址和连接的端口。

StateESTABLISHED 连接状态。可有一下几种状态:

                     LISTEN  :在监听状态中。  

                     ESTABLISHED:已建立联机的联机情况。

                     TIME_WAIT:该联机在目前已经是等待的状态。 

 

 

 [root@singledb ~]# netstat -n

Active Internet connections (w/o servers)

Proto Recv-Q Send-Q Local Address               Foreign Address             State     

tcp        0    132 ::ffff:192.168.3.200:22     ::ffff:192.168.3.115:51710  ESTABLISHED

tcp        0      0 ::ffff:192.168.3.200:2222   ::ffff:192.168.3.115:53516  ESTABLISHED

--刚才这里显示的SSH 现在显示成对应的端口了。

Active UNIX domain sockets (w/o servers)

Proto RefCnt Flags       Type       State         I-Node Path

unix  28     [ ]         DGRAM                    6709   /dev/log

unix  2      [ ]         DGRAM                    1413   @/org/kernel/udev/udevd

unix  2      [ ]         DGRAM                    7379   @/org/freedesktop/hal/udev_event

unix  2      [ ]         DGRAM                    15309 

unix  2      [ ]         DGRAM                    13877 

unix  2      [ ]         DGRAM                    13005 

unix  3      [ ]         STREAM     CONNECTED     12935 

unix  3      [ ]         STREAM     CONNECTED     12934 

unix  2      [ ]         DGRAM                    12930 

 

 

 Netstat -n基本上是-a参数的数字形式,-a  是最常用的两个,其中

       1-n 显示用数字化主机名,即IP地址

       2-n 只显示TCP连接

 

  

[root@singledb ~]# netstat -r

Kernel IP routing table

Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface

192.168.3.0     *               255.255.255.0   U         0 0          0 bond0

192.168.122.0   *               255.255.255.0   U         0 0          0 virbr0

169.254.0.0     *               255.255.0.0     U         0 0          0 bond0

default         192.168.3.1     0.0.0.0         UG        0 0          0 bond0   

 

 

[root@singledb ~]# netstat -s

Ip:

    63105 total packets received

    0 forwarded

    0 incoming packets discarded

    41834 incoming packets delivered

    33322 requests sent out

Icmp:

    1377 ICMP messages received

    0 input ICMP message failed.

    ICMP input histogram:

        destination unreachable: 1377

    1377 ICMP messages sent

    0 ICMP messages failed

    ICMP output histogram:

        destination unreachable: 1377

IcmpMsg:

        InType3: 1377

        OutType3: 1377

Tcp:

    147 active connections openings

    33 passive connection openings

    0 failed connection attempts

    0 connection resets received

    2 connections established

    31684 segments received

    31347 segments send out

    393 segments retransmited

    0 bad segments received.

    0 resets sent

Udp:

    132 packets received

    1 packets to unknown port received.

    0 packet receive errors

    201 packets sent

TcpExt:

    23 TCP sockets finished time wait in fast timer

    7032 delayed acks sent

    10 delayed acks further delayed because of locked socket

    Quick ack mode was activated 8137 times

    2 packets directly queued to recvmsg prequeue.

    2 packets directly received from prequeue

    3496 packets header predicted

    2325 acknowledgments not containing data received

    7805 predicted acknowledgments

    6 times recovered from packet loss due to SACK data

    TCPDSACKUndo: 3

    12 congestion windows recovered after partial ack

    3 TCP data loss events

    5 fast retransmits

    3 retransmits in slow start

    137 other TCP timeouts

    2 sack retransmits failed

    8137 DSACKs sent for old packets

    24 DSACKs received

IpExt:

    InMcastPkts: 36

    OutMcastPkts: 40

    InBcastPkts: 8617

[root@singledb ~]#

你可能感兴趣的:(Netstat命令)