netstat 是Linux系统管理常用的一个命令,尤其是在进行网络相关问题排查的时候更是堪称‘瑞士***’。本人一直以来也只是对常用的几个选项如(a 、n、 p、 t、 u)等几个选项较为熟悉,但是对于netstat显示出来的连接的 状态信息,如下图
多数还了解的不够透彻,今天有时间,特此照着man文档加深一下理解。
netstat - Print network connections, routing tables, interface statistics, masquerade connections, and multicast memberships
SYNOPSIS(概要)
netstat [address_family_options(地址族选项)] [--tcp|-t] [--udp|-u] [--raw|-w] [--listening|-l] [--all|-a] [--numeric|-n] [--numeric-hosts][--numeric-ports][--numeric-ports] [--sym-bolic|-N] [--extend|-e[--extend|-e]] [--timers|-o] [--program|-p] [--verbose|-v] [--continuous|-c] [delay]
netstat {--route|-r} [address_family_options] [--extend|-e[--extend|-e]] [--verbose|-v] [--numeric|-n] [--numeric-hosts][--numeric-ports][--numeric-ports] [--continu-ous|-c] [delay]
netstat {--interfaces|-I|-i} [iface] [--all|-a] [--extend|-e] [--verbose|-v] [--program|-p] [--numeric|-n] [--numeric-hosts][--numeric-ports][--numeric-ports] [--continu-ous|-c] [delay]
netstat {--groups|-g} [--numeric|-n] [--numeric-hosts][--numeric-ports][--numeric-ports] [--continuous|-c] [delay]
netstat {--masquerade|-M} [--extend|-e] [--numeric|-n] [--numeric-hosts][--numeric-ports][--numeric-ports] [--continuous|-c] [delay]
netstat {--statistics|-s} [--tcp|-t] [--udp|-u] [--raw|-w] [delay]
netstat {--version|-V}
netstat {--help|-h}
address_family_options:
[--protocol={inet,unix,ipx,ax25,netrom,ddp}[,...]] [--unix|-x] [--inet|--ip] [--ax25] [--ipx] [--netrom] [--ddp]
NOTE
This program is obsolete. Replacement for netstat is ss. Replacement for netstat -r is ip route. Replacement for netstat -i is ip -s link. Replacement for netstat -g
is ip maddr.
注:这个程序已经是是老旧的/废弃的了(但是依然很常用)。新版本的系统以ss命令来替代netstat,以ip route来替代netstat -r,以ip maddr来替代netstat -g。
DESCRIPTION(摘要)
Netstat prints information about the Linux networking subsystem. The type of information printed is controlled by the first argument, as follows:
netstat 打印Linux网络子系统的信息,输出的信息样式由第一个参数来控制,如下:
(none)
By default, netstat displays a list of open sockets. If you don’t specify any address families, then the active sockets of all configured address families will be
printed.
(无参数)默认的,netstat显示所有系统套接字的列表。如果你不指定任何的地址族,所有的被配置的地址族的活动套接字将会被显示。
--route , -r
Display the kernel routing tables.
显示内核路由表
--groups , -g
Display multicast group membership information for IPv4 and IPv6.
显示IPv4和IPv6的多播组成员信息。
--interfaces=iface , -I=iface , -i
Display a table of all network interfaces, or the specified iface.
显示所有网络接口的信息表,或者显示指定的接口
--masquerade , -M
Display a list of masqueraded connections.
显示伪装的连接
--statistics , -s
Display summary statistics for each protocol.
按照协议类型显示各协议的汇总信息
OPTIONS(选项)
--verbose , -v
Tell the user what is going on by being verbose. Especially print some useful information about unconfigured address families.
--numeric , -n Show numerical addresses instead of trying to determine symbolic host, port or user names.
--numeric-hosts
shows numerical host addresses but does not affect the resolution of port or user names.
--numeric-ports
shows numerical port numbers but does not affect the resolution of host or user names.
--numeric-users
shows numerical user IDs but does not affect the resolution of host or port names.
--protocol=family , -A (协议族类型)
Specifies the address families (perhaps better described as low level protocols) for which connections are to be shown. family is a comma (’,’) separated list of address
family keywords like inet, unix, ipx, ax25, netrom, and ddp. This has the same effect as using the --inet, --unix (-x), --ipx, --ax25, --netrom, and --ddp options.
The address family inet includes raw, udp and tcp protocol sockets.
-c, --continuous
This will cause netstat to print the selected information every second continuously(连续不断的).
-e, --extend
Display additional information. Use this option twice for maximum detail.
显示更多的信息,用-ee 显示最多的信息
-o, --timers
Include information related to networking timers.
显示和网络计时器相关的信息
-p, --program
Show the PID and name of the program to which each socket belongs.
显示连接所属的PID和程序名称
-l, --listening
Show only listening sockets. (These are omitted by default.)
只显示监听的套接字(端口)默认是忽略这个选项的
-a, --all
Show both listening and non-listening (for TCP this means established connections) sockets. With the --interfaces option, show interfaces that are not marked
-F
Print routing information from the FIB. (This is the default.)
-C
Print routing information from the route cache.
-Z --context
If SELinux enabled print SELinux context.
-T --notrim
Stop trimming long addresses.
delay
Netstat will cycle printing through statistics every delay seconds
接下来是重头戏了,深入理解netstat的输出,这里才是实际能帮助我们、给我们提示的地方。
- 本文来自:Linux学习网