netstat命令用来打印Linux中网络系统的状态信息,可让你得知整个Linux系统的网络情况。
(1)用法:
用法: netstat [选项参数]
(2)功能:
功能: netstat用于显示与IP、TCP、UDP和ICMP协议相关的统计数据,一般用于检验本机各端口的网络连接情况。
如果你的计算机有时候接收到的数据报导致出错数据或故障,你不必感到奇怪,TCP/IP可以容许这些类型的错误,并能够自动重发数据报。但如果累计的出错情况数目占到所接收的IP数据报相当大的百分比,或者它的数目正迅速增加,那么你就应该使用netstat查一查为什么会出现这些情况了。
(3)选项参数:
1) -a或–all 显示所有连线中的Socket。
2) -n或–numeric 直接使用IP地址,而不通过域名服务器。
3) -t或–tcp 显示TCP传输协议的连线状况。
4) -u或–udp 显示UDP传输协议的连线状况。
5) -v或–verbose 显示指令执行过程。
6) -p或–programs 显示正在使用Socket的程序识别码和程序名称。
7) -s或–statistice 显示网络工作信息统计表。
(4)实例:
1)[root@localhost ~]# netstat 无参数的使用
[root@localhost ~]# netstat Active Internet connections (w/o servers) //有源TCP连接 Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 268 192.168.120.204:ssh 10.2.0.68:62420 ESTABLISHED udp 0 0 192.168.120.204:4371 10.58.119.119:domain ESTABLISHED Active UNIX domain sockets (w/o servers) //有源Unix域套接口(和网络套接字一样,但是只能用于本机通信,性能可以提高一倍) Proto RefCnt Flags Type State I-Node Path unix 2 [ ] DGRAM 1491 @/org/kernel/udev/udevd unix 4 [ ] DGRAM 7337 /dev/log unix 2 [ ] DGRAM 708823 unix 2 [ ] DGRAM 7539 unix 3 [ ] STREAM CONNECTED 7287 unix 3 [ ] STREAM CONNECTED 7286 [root@localhost ~]#
说明:
1."Recv-Q"和"Send-Q"指的是接收队列和发送队列。
2.Proto显示连接使用的协议;RefCnt表示连接到本套接口上的进程号;Types显示套接口的类型;State显示套接口当前的状态;Path表示连接到套接口的其它进程使用的路径名。
3.套接口类型:
-t :TCP
-u :UDP
-raw :RAW类型
--unix :UNIX域类型
--ax25 :AX25类型
--ipx :ipx类型
--netrom :netrom类型
4.状态说明:
LISTEN: 侦听来自远方的TCP端口的连接请求
SYN-SENT: 再发送连接请求后等待匹配的连接请求(如果有大量这样的状态包,检查是否中招了)
SYN-RECEIVED 再收到和发送一个连接请求后等待对方对连接请求的确认(如有大量此状态,估计被flood攻击了)
ESTABLISHED: 代表一个打开的连接
FIN-WAIT-1: 等待远程TCP连接中断请求,或先前的连接中断请求的确认
FIN-WAIT-2: 从远程TCP等待连接中断请求
CLOSE-WAIT: 等待从本地用户发来的连接中断请求
CLOSING: 等待远程TCP对连接中断的确认
LAST-ACK: 等待原来的发向远程TCP的连接中断请求的确认(不是什么好东西,此项出现,检查是否被攻击)
TIME-WAIT: 等待足够的时间以确保远程TCP接收到连接中断请求的确认
CLOSED: 没有任何连接状态
2)[sunjimeng@localhost ~]$ netstat -a 显示所有已监听或者没有监听的端口
[sunjimeng@localhost ~]$ netstat -a Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN tcp 0 0 localhost:ipp 0.0.0.0:* LISTEN tcp 0 0 localhost:smtp 0.0.0.0:* LISTEN tcp 0 0 192.168.142.128:52328 115.28.122.210:http TIME_WAIT tcp 0 0 192.168.142.128:52836 112.124.140.210:http TIME_WAIT tcp 0 0 192.168.142.128:52334 115.28.122.210:http TIME_WAIT tcp 0 0 192.168.142.128:52329 115.28.122.210:http TIME_WAIT tcp 0 0 192.168.142.128:52839 112.124.140.210:http TIME_WAIT tcp 0 0 192.168.142.128:52336 115.28.122.210:http TIME_WAIT tcp 0 0 192.168.142.128:52844 112.124.140.210:http TIME_WAIT tcp 0 0 192.168.142.128:54198 202.204.80.77:http TIME_WAIT tcp 0 0 192.168.142.128:52326 115.28.122.210:http TIME_WAIT tcp 0 0 192.168.142.128:52842 112.124.140.210:http TIME_WAIT tcp 0 0 192.168.142.128:44060 ec2-52-27-123-81.:https ESTABLISHED tcp 0 0 192.168.142.128:52847 112.124.140.210:http TIME_WAIT tcp 0 0 192.168.142.128:54204 202.204.80.77:http TIME_WAIT tcp 0 0 192.168.142.128:52332 115.28.122.210:http TIME_WAIT tcp 0 0 192.168.142.128:54208 202.204.80.77:http TIME_WAIT tcp6 0 0 [::]:ssh [::]:* LISTEN tcp6 0 0 localhost:ipp [::]:* LISTEN tcp6 0 0 localhost:smtp [::]:* LISTEN udp 0 0 0.0.0.0:bootpc 0.0.0.0:* udp 0 0 0.0.0.0:ntp 0.0.0.0:* udp 0 0 localhost:323 0.0.0.0:* udp 768 0 192.168.142.128:39404 192.168.142.2:domain ESTABLISHED udp 0 0 0.0.0.0:27664 0.0.0.0:* udp 0 0 0.0.0.0:mdns 0.0.0.0:* udp 0 0 0.0.0.0:52525 0.0.0.0:* udp 0 0 0.0.0.0:52525 0.0.0.0:* udp6 0 0 [::]:ntp [::]:* udp6 0 0 localhost:323 [::]:* udp6 0 0 [::]:14031 [::]:* raw6 0 0 [::]:ipv6-icmp [::]:* 7 Active UNIX domain sockets (servers and established) Proto RefCnt Flags Type State I-Node Path unix 2 [ ACC ] STREAM LISTENING 26013 @/tmp/.ICE-unix/2850 unix 2 [ ACC ] STREAM LISTENING 23031 @/tmp/dbus-XARCfYJ4 unix 2 [ ACC ] STREAM LISTENING 18194 /var/run/abrt/abrt.socket ...... unix 3 [ ] STREAM CONNECTED 16906
3)[sunjimeng@localhost ~]$ netstat -nu 显示已建立的UDP连接
[sunjimeng@localhost ~]$ netstat -nu Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State udp 768 0 192.168.142.128:39404 192.168.142.2:53 ESTABLISHED [sunjimeng@localhost ~]$ netstat -anu Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State udp 0 0 0.0.0.0:68 0.0.0.0:* udp 0 0 0.0.0.0:123 0.0.0.0:* udp 0 0 127.0.0.1:323 0.0.0.0:* udp 768 0 192.168.142.128:39404 192.168.142.2:53 ESTABLISHED udp 0 0 0.0.0.0:27664 0.0.0.0:* udp 0 0 0.0.0.0:5353 0.0.0.0:* udp 0 0 0.0.0.0:52525 0.0.0.0:* udp6 0 0 :::123 :::* udp6 0 0 ::1:323 :::* udp6 0 0 :::14031 :::*
4)[sunjimeng@localhost ~]$ netstat -nt 显示所有已建立的TCP连接
[sunjimeng@localhost ~]$ netstat -nat Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN tcp 0 0 192.168.142.128:44060 52.27.123.81:443 ESTABLISHED tcp 0 0 192.168.142.128:52438 115.28.122.210:80 ESTABLISHED tcp6 0 0 :::22 :::* LISTEN tcp6 0 0 ::1:631 :::* LISTEN tcp6 0 0 ::1:25 :::* LISTEN [sunjimeng@localhost ~]$ netstat -nt Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 192.168.142.128:44060 52.27.123.81:443 ESTABLISHED tcp 0 0 192.168.142.128:52438 115.28.122.210:80 ESTABLISHED
5)[sunjimeng@localhost ~]$ netstat -nupa 显示UDP端口号的使用情况
[sunjimeng@localhost ~]$ netstat -nupa //没有root权限 (Not all processes could be identified, non-owned process info will not be shown, you would have to be root to see it all.) Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name udp 0 0 0.0.0.0:68 0.0.0.0:* - udp 0 0 0.0.0.0:123 0.0.0.0:* - udp 0 0 127.0.0.1:323 0.0.0.0:* - udp 768 0 192.168.142.128:39404 192.168.142.2:53 ESTABLISHED 18744/netstat udp 0 0 0.0.0.0:27664 0.0.0.0:* - udp 0 0 0.0.0.0:5353 0.0.0.0:* - udp 0 0 0.0.0.0:52525 0.0.0.0:* - udp6 0 0 :::123 :::* - udp6 0 0 ::1:323 :::* - udp6 0 0 :::14031 :::* - [sunjimeng@localhost ~]$ su root 密码: [root@localhost sunjimeng]# netstat -aunp //有root权限 Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name udp 0 0 0.0.0.0:68 0.0.0.0:* 14421/dhclient udp 0 0 0.0.0.0:123 0.0.0.0:* 781/chronyd udp 0 0 127.0.0.1:323 0.0.0.0:* 781/chronyd udp 768 0 192.168.142.128:39404 192.168.142.2:53 ESTABLISHED 18744/netstat udp 0 0 0.0.0.0:27664 0.0.0.0:* 14421/dhclient udp 0 0 0.0.0.0:5353 0.0.0.0:* 797/avahi-daemon: r udp 0 0 0.0.0.0:52525 0.0.0.0:* 797/avahi-daemon: r udp 0 0 192.168.142.128:34639 192.168.142.2:53 ESTABLISHED 20626/python udp6 0 0 :::123 :::* 781/chronyd udp6 0 0 ::1:323 :::* 781/chronyd udp6 0 0 :::14031 :::* 14421/dhclient
6)[root@localhost sunjimeng]# netstat -i 显示网卡列表
[root@localhost sunjimeng]# netstat -i Kernel Interface table Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg eno16777 1500 302197 0 1 0 90150 0 0 0 BMRU lo 65536 2293 0 0 0 2293 0 0 0 LRU
7)[root@localhost sunjimeng]# netstat -s 显示网络统计信息
[root@localhost sunjimeng]# netstat -s Ip: 132373 total packets received 0 forwarded 0 incoming packets discarded 130636 incoming packets delivered 93212 requests sent out 500 outgoing packets dropped 69 dropped because of missing route Icmp: 1149 ICMP messages received 0 input ICMP message failed. ICMP input histogram: destination unreachable: 1044 timeout in transit: 28 echo requests: 26 echo replies: 51 1283 ICMP messages sent 0 ICMP messages failed ICMP output histogram: destination unreachable: 1066 echo request: 191 echo replies: 26 IcmpMsg: InType0: 51 InType3: 1044 InType8: 26 InType11: 28 OutType0: 26 OutType3: 1066 OutType8: 191 Tcp: 1330 active connections openings 0 passive connection openings 75 failed connection attempts 9 connection resets received 2 connections established 125542 segments received 86517 segments send out 421 segments retransmited 3 bad segments received. 99 resets sent Udp: 2894 packets received 1053 packets to unknown port received. 0 packet receive errors 4969 packets sent 0 receive buffer errors 0 send buffer errors UdpLite: TcpExt: 706 TCP sockets finished time wait in fast timer 508 delayed acks sent 9 delayed acks further delayed because of locked socket Quick ack mode was activated 3 times 94581 packet headers predicted 2447 acknowledgments not containing data payload received 2473 predicted acknowledgments 22 congestion windows recovered without slow start after partial ack 174 other TCP timeouts 1 connections reset due to unexpected data 1 connections reset due to early user close IPReversePathFilter: 1 TCPRcvCoalesce: 44130 TCPChallengeACK: 3 TCPSYNChallenge: 3 IpExt: InNoRoutes: 382 InMcastPkts: 661 OutMcastPkts: 255 InBcastPkts: 15 OutBcastPkts: 15 InOctets: 420174480 OutOctets: 5078197 InMcastOctets: 101685 OutMcastOctets: 39453 InBcastOctets: 1170 OutBcastOctets: 1170
8)[root@localhost sunjimeng]# netstat -r 显示路由表的信息
[root@localhost sunjimeng]# netstat -r Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface default 192.168.142.2 0.0.0.0 UG 0 0 0 eno16777736 192.168.142.0 0.0.0.0 255.255.255.0 U 0 0 0 eno16777736 192.168.142.0 0.0.0.0 255.255.255.0 U 0 0 0 eno16777736 [root@localhost sunjimeng]# route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default 192.168.142.2 0.0.0.0 UG 100 0 0 eno16777736 192.168.142.0 0.0.0.0 255.255.255.0 U 0 0 0 eno16777736 192.168.142.0 0.0.0.0 255.255.255.0 U 100 0 0 eno16777736
(5)其他:
Linux网络套接字:
套接字连接的过程如同(客户)打一个电话到一个大公司,接线员(服务器进程)接听电话并把它转接到你要找的部门,然后再从那里转到你要找的人(服务器套接字),然后接线员(服务器进程)再继续转接其它(客户)的电话。