• netstat命令详解


    netstat命令详解

    简介

    Netstat 命令用于显示各种网络相关信息,如网络连接,路由表,接口状态 (Interface Statistics),masquerade 连接,多播成员 (Multicast Memberships) 等等。

    输出信息含义

    执行netstat后,其输出结果为

    [root@netstat ~]# netstat
    Active Internet connections (w/o servers)
    Proto Recv-Q Send-Q Local Address           Foreign Address         State      
    tcp        0     52 ssh01:ssh               192.168.200.1:58307     ESTABLISHED
    Active UNIX domain sockets (w/o servers)
    Proto RefCnt Flags       Type       State         I-Node   Path
    unix  5      [ ]         DGRAM                    8960     /run/systemd/journal/socket
    unix  11     [ ]         DGRAM                    8962     /dev/log
    unix  2      [ ]         DGRAM                    13609    /run/systemd/shutdownd
    unix  2      [ ]         DGRAM                    17004    /var/run/chrony/chronyd.sock
    unix  3      [ ]         DGRAM                    8937     /run/systemd/notify
    unix  2      [ ]         DGRAM                    8939     /run/systemd/cgroups-agent
    #以下省略若干。。。
    

    从整体上看,netstat的输出结果可以分为两个部分:

    一个是Active Internet connections,称为有源TCP连接,其中"Recv-Q"和"Send-Q"指%0A的是接收队列和发送队列。这些数字一般都应该是0。如果不是则表示软件包正在队列中堆积。这种情况只能在非常少的情况见到。

    另一个是Active UNIX domain sockets,称为有源Unix域套接口(和网络套接字一样,但是只能用于本机通信,性能可以提高一倍)。
    Proto显示连接使用的协议,RefCnt表示连接到本套接口上的进程号,Types显示套接口的类型,State显示套接口当前的状态,Path表示连接到套接口的其它进程使用的路径名。

    常见参数

    • -a (all)显示所有选项,默认不显示LISTEN相关
    • -t (tcp)仅显示tcp相关选项
    • -u (udp)仅显示udp相关选项
    • -n 拒绝显示别名,能显示数字的全部转化成数字。
    • -l 仅列出有在 Listen (监听) 的服務状态
    • -p 显示建立相关链接的程序名
    • -r 显示路由信息,路由表
    • -e 显示扩展信息,例如uid等
    • -s 按各个协议进行统计
    • -c 每隔一个固定时间,执行该netstat命令。

    提示:LISTEN和LISTENING的状态只有用-a或者-l才能看到

    实用命令实例

    1. 列出所有端口 (包括监听和未监听的)

    1.1 列出所有端口 netstat -a

    [root@netstat ~]# netstat -a
    Active Internet connections (servers and established)
    Proto Recv-Q Send-Q Local Address           Foreign Address         State      
    tcp        0      0 localhost:smtp          0.0.0.0:*               LISTEN     
    tcp        0      0 0.0.0.0:ssh             0.0.0.0:*               LISTEN     
    tcp        0     52 netstat:ssh             192.168.200.1:58307     ESTABLISHED
    tcp6       0      0 localhost:smtp          [::]:*                  LISTEN     
    tcp6       0      0 [::]:ssh                [::]:*                  LISTEN     
    udp        0      0 localhost:323           0.0.0.0:*                          
    udp6       0      0 localhost:323           [::]:*                             
    Active UNIX domain sockets (servers and established)
    Proto RefCnt Flags       Type       State         I-Node   Path
    unix  5      [ ]         DGRAM                    8960     /run/systemd/journal/socket
    unix  11     [ ]         DGRAM                    8962     /dev/log
    unix  2      [ ACC ]     STREAM     LISTENING     13588    /run/lvm/lvmetad.socket
    unix  2      [ ACC ]     STREAM     LISTENING     18959    private/tlsmgr
    unix  2      [ ACC ]     STREAM     LISTENING     18962    private/rewrite
    unix  2      [ ACC ]     SEQPACKET  LISTENING     13605    /run/udev/control
    #以下省略若干。。。
    

    1.2 列出所有 tcp 端口 netstat -at

    [root@netstat ~]# netstat -at
    Active Internet connections (servers and established)
    Proto Recv-Q Send-Q Local Address           Foreign Address         State      
    tcp        0      0 localhost:smtp          0.0.0.0:*               LISTEN     
    tcp        0      0 0.0.0.0:ssh             0.0.0.0:*               LISTEN     
    tcp        0     52 netstat:ssh             192.168.200.1:58307     ESTABLISHED
    tcp6       0      0 localhost:smtp          [::]:*                  LISTEN     
    tcp6       0      0 [::]:ssh                [::]:*                  LISTEN  
    

    1.3 列出所有 udp 端口 netstat -au

    [root@netstat ~]# netstat -au
    Active Internet connections (servers and established)
    Proto Recv-Q Send-Q Local Address           Foreign Address         State      
    udp        0      0 localhost:323           0.0.0.0:*                          
    udp6       0      0 localhost:323           [::]:*     
    

    2. 列出所有处于监听状态的 Sockets

    2.1 只显示监听端口 netstat -l

    [root@netstat ~]# netstat -l
    Active Internet connections (only servers)
    Proto Recv-Q Send-Q Local Address           Foreign Address         State      
    tcp        0      0 localhost:smtp          0.0.0.0:*               LISTEN     
    tcp        0      0 0.0.0.0:ssh             0.0.0.0:*               LISTEN     
    tcp6       0      0 localhost:smtp          [::]:*                  LISTEN     
    tcp6       0      0 [::]:ssh                [::]:*                  LISTEN     
    udp        0      0 localhost:323           0.0.0.0:*                          
    udp6       0      0 localhost:323           [::]:*                             
    Active UNIX domain sockets (only servers)
    Proto RefCnt Flags       Type       State         I-Node   Path
    unix  2      [ ACC ]     STREAM     LISTENING     13588    /run/lvm/lvmetad.socket
    unix  2      [ ACC ]     STREAM     LISTENING     18959    private/tlsmgr
    unix  2      [ ACC ]     STREAM     LISTENING     18962    private/rewrite
    unix  2      [ ACC ]     SEQPACKET  LISTENING     13605    /run/udev/control
    unix  2      [ ACC ]     STREAM     LISTENING     18965    private/bounce
    unix  2      [ ACC ]     STREAM     LISTENING     18968    private/defer
    unix  2      [ ACC ]     STREAM     LISTENING     13607    /run/lvm/lvmpolld.socket
    #以下省略。。。
    

    2.2 只列出所有监听 tcp 端口 netstat -lt

    [root@netstat ~]# netstat -lt
    Active Internet connections (only servers)
    Proto Recv-Q Send-Q Local Address           Foreign Address         State      
    tcp        0      0 localhost:smtp          0.0.0.0:*               LISTEN     
    tcp        0      0 0.0.0.0:ssh             0.0.0.0:*               LISTEN     
    tcp6       0      0 localhost:smtp          [::]:*                  LISTEN     
    tcp6       0      0 [::]:ssh                [::]:*                  LISTEN 
    

    2.3 只列出所有监听 udp 端口 netstat -lu

    [root@netstat ~]# netstat -lu
    Active Internet connections (only servers)
    Proto Recv-Q Send-Q Local Address           Foreign Address         State      
    udp        0      0 localhost:323           0.0.0.0:*                          
    udp6       0      0 localhost:323           [::]:*  
    

    2.4 只列出所有监听 UNIX 端口 netstat -lx

    [root@netstat ~]# netstat -lx
    Active UNIX domain sockets (only servers)
    Proto RefCnt Flags       Type       State         I-Node   Path
    unix  2      [ ACC ]     STREAM     LISTENING     13588    /run/lvm/lvmetad.socket
    unix  2      [ ACC ]     STREAM     LISTENING     18959    private/tlsmgr
    unix  2      [ ACC ]     STREAM     LISTENING     18962    private/rewrite
    unix  2      [ ACC ]     SEQPACKET  LISTENING     13605    /run/udev/control
    unix  2      [ ACC ]     STREAM     LISTENING     18965    private/bounce
    unix  2      [ ACC ]     STREAM     LISTENING     18968    private/defer
    unix  2      [ ACC ]     STREAM     LISTENING     13607    /run/lvm/lvmpolld.socket
    unix  2      [ ACC ]     STREAM     LISTENING     18971    private/trace
    unix  2      [ ACC ]     STREAM     LISTENING     18974    private/verify
    #以下省略。。。
    

    3. 显示每个协议的统计信息

    3.1 显示所有端口的统计信息 netstat -s

    [root@netstat ~]# netstat -s
    Ip:
        363 total packets received
        0 forwarded
        0 incoming packets discarded
        363 incoming packets delivered
        309 requests sent out
        16 dropped because of missing route
    Icmp:
        0 ICMP messages received
        0 input ICMP message failed.
        ICMP input histogram:
        0 ICMP messages sent
        0 ICMP messages failed
        ICMP output histogram:
    Tcp:
        0 active connections openings
        1 passive connection openings
        0 failed connection attempts
        0 connection resets received
        1 connections established
        263 segments received
        195 segments send out
        0 segments retransmited
        0 bad segments received.
        0 resets sent
    Udp:
        99 packets received
        0 packets to unknown port received.
        0 packet receive errors
        121 packets sent
        0 receive buffer errors
        0 send buffer erros
    UdpLite:
    TcpExt:
        11 delayed acks sent
        1 packets directly queued to recvmsg prequeue.
        64 packet headers predicted
        48 acknowledgments not containing data payload received
        77 predicted acknowledgments
        TCPRcvCoalesce: 2
        TCPOrigDataSent: 151
    IpExt:
        InOctets: 28156
        OutOctets: 51542
        InNoECTPkts: 363
    

    3.2 显示 TCP端口的统计信息 netstat -st

    [root@netstat ~]# netstat -st
    Tcp:
        0 active connections openings
        1 passive connection openings
        0 failed connection attempts
        0 connection resets received
        1 connections established
        338 segments received
        262 segments send out
        0 segments retransmited
        0 bad segments received.
        0 resets sent
    UdpLite:
    TcpExt:
        14 delayed acks sent
        1 packets directly queued to recvmsg prequeue.
        92 packet headers predicted
        55 acknowledgments not containing data payload received
        107 predicted acknowledgments
        TCPRcvCoalesce: 2
        TCPOrigDataSent: 211
    IpExt:
        InOctets: 34932
        OutOctets: 62342
        InNoECTPkts: 444
    

    3.3 显示 UDP 端口的统计信息 netstat -su

    [root@netstat ~]# netstat -su
    Udp:
        105 packets received
        0 packets to unknown port received.
        0 packet receive errors
        127 packets sent
        0 receive buffer errors
        0 send buffer errors
    UdpLite:
    IpExt:
        InOctets: 35516
        OutOctets: 63554
        InNoECTPkts: 452
    

    4. 在 netstat 输出中显示 PID 和进程名称 netstat -p

    netstat -p 可以与其它开关一起使用,就可以添加 “PID/进程名称” 到 netstat 输出中,这样 debugging 的时候可以很方便的发现特定端口运行的程序。

    [root@netstat ~]# netstat -p
    Active Internet connections (w/o servers)
    Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
    tcp        0     52 netstat:ssh             192.168.200.1:58307     ESTABLISHED 1185/sshd: root@pts 
    Active UNIX domain sockets (w/o servers)
    Proto RefCnt Flags       Type       State         I-Node   PID/Program name     Path
    unix  5      [ ]         DGRAM                    8960     1/systemd            /run/systemd/journal/socket
    unix  11     [ ]         DGRAM                    8962     1/systemd            /dev/log
    unix  2      [ ]         DGRAM                    13609    1/systemd            /run/systemd/shutdownd
    unix  2      [ ]         DGRAM                    17004    663/chronyd          /var/run/chrony/chronyd.sock
    #以下省略若干。。。
    
    [root@netstat ~]# netstat -pt
    Active Internet connections (w/o servers)
    Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
    tcp        0     52 netstat:ssh             192.168.200.1:58307     ESTABLISHED 1185/sshd: root@pts 
    

    5. 在 netstat 输出中不显示主机,端口和用户名 (host, port or user)

    当你不想让主机,端口和用户名显示,使用 netstat -n。将会使用数字代替那些名称。
    同样可以加速输出,因为不用进行比对查询。

    [root@netstat ~]# netstat -an
    Active Internet connections (servers and established)
    Proto Recv-Q Send-Q Local Address           Foreign Address         State      
    tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN     
    tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN     
    tcp        0     52 192.168.200.30:22       192.168.200.1:58307     ESTABLISHED
    tcp6       0      0 ::1:25                  :::*                    LISTEN     
    tcp6       0      0 :::22                   :::*                    LISTEN     
    udp        0      0 127.0.0.1:323           0.0.0.0:*                          
    udp6       0      0 ::1:323                 :::*                               
    Active UNIX domain sockets (servers and established)
    Proto RefCnt Flags       Type       State         I-Node   Path
    unix  5      [ ]         DGRAM                    8960     /run/systemd/journal/socket
    unix  11     [ ]         DGRAM                    8962     /dev/log
    #以下省略若干。。。
    
    #如果只是不想让这三个名称中的一个被显示,使用以下命令
    netsat -a --numeric-ports
    netsat -a --numeric-hosts
    netsat -a --numeric-users
    

    6. 持续输出 netstat 信息

    netstat -c 将每隔一秒输出网络信息

    [root@netstat ~]# netstat -c
    Active Internet connections (w/o servers)
    Proto Recv-Q Send-Q Local Address           Foreign Address         State      
    tcp        0     52 netstat:ssh             192.168.200.1:58307     ESTABLISHED
    Active UNIX domain sockets (w/o servers)
    Proto RefCnt Flags       Type       State         I-Node   Path
    unix  5      [ ]         DGRAM                    8960     /run/systemd/journal/socket
    unix  11     [ ]         DGRAM                    8962     /dev/log
    unix  2      [ ]         DGRAM                    13609    /run/systemd/shutdownd
    unix  2      [ ]         DGRAM                    17004    /var/run/chrony/chronyd.sock
    unix  3      [ ]         DGRAM                    8937     /run/systemd/notify
    unix  2      [ ]         DGRAM                    8939     /run/systemd/cgroups-agent
    #以下省略若干。。。
    

    7. 显示系统不支持的地址族 (Address Families)

    netstat --verbose在输出的末尾,会有如下的信息

    #以上省略若干。。。
    netstat: no support for `AF IPX' on this system.
    netstat: no support for `AF AX25' on this system.
    netstat: no support for `AF X25' on this system.
    netstat: no support for `AF NETROM' on this system.
    

    8. 显示核心路由信息 netstat -r

    [root@netstat ~]# netstat -r
    Kernel IP routing table
    Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
    default         gateway         0.0.0.0         UG        0 0          0 ens32
    link-local      0.0.0.0         255.255.0.0     U         0 0          0 ens32
    192.168.200.0   0.0.0.0         255.255.255.0   U         0 0          0 ens32
    

    注意:使用 netstat -rn 显示数字格式,不查询主机名称。

    9. 找出程序运行的端口

    并不是所有的进程都能找到,没有权限的会不显示,使用 root 权限查看所有的信息。

    [root@netstat ~]# netstat -ap | grep ssh
    tcp        0      0 0.0.0.0:ssh             0.0.0.0:*               LISTEN      921/sshd            
    tcp        0     52 netstat:ssh             192.168.200.1:58307     ESTABLISHED 1185/sshd: root@pts 
    tcp6       0      0 [::]:ssh                [::]:*                  LISTEN      921/sshd            
    unix  3      [ ]         STREAM     CONNECTED     18279    921/sshd             
    unix  2      [ ]         DGRAM                    19409    1185/sshd: root@pts 
    

    找出运行在指定端口的进程

    [root@netstat ~]# netstat -an | grep ':8080'
    tcp        0      0 0.0.0.0:8080            0.0.0.0:*               LISTEN 
    

    10. 显示网络接口列表

    [root@netstat ~]# netstat -i
    Kernel Interface table
    Iface             MTU    RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg
    ens32            1500     1753      0      0 0          1603      0      0      0 BMRU
    lo              65536        0      0      0 0             0      0      0      0 LRU
    
    #显示详细信息,像是 ifconfig 使用 netstat -ie
    [root@netstat ~]# netstat -ie
    Kernel Interface table
    ens32: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
            inet 192.168.200.30  netmask 255.255.255.0  broadcast 192.168.200.255
            inet6 fe80::20c:29ff:fef9:d01f  prefixlen 64  scopeid 0x20<link>
            ether 00:0c:29:f9:d0:1f  txqueuelen 1000  (Ethernet)
            RX packets 1778  bytes 155872 (152.2 KiB)
            RX errors 0  dropped 0  overruns 0  frame 0
            TX packets 1622  bytes 916017 (894.5 KiB)
            TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
    
    lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
            inet 127.0.0.1  netmask 255.0.0.0
            inet6 ::1  prefixlen 128  scopeid 0x10<host>
            loop  txqueuelen 1000  (Local Loopback)
            RX packets 0  bytes 0 (0.0 B)
            RX errors 0  dropped 0  overruns 0  frame 0
            TX packets 0  bytes 0 (0.0 B)
            TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
    

    11. IP和TCP分析

    #查看连接某服务端口最多的的IP地址
    [root@netstat ~]# netstat -nat | grep "192.168.200.30:22" |awk '{print $5}'|awk -F: '{print $1}'|sort|uniq -c|sort -nr|head -20
    18 221.136.168.36
    3 154.74.45.242
    2 78.173.31.236
    2 62.183.207.98
    2 192.168.1.14
    2 182.48.111.215
    2 124.193.219.34
    
    
    #TCP各种状态列表
    [root@netstat ~]# netstat -nat |awk '{print $6}'
    established)
    Foreign
    LISTEN
    LISTEN
    LISTEN
    ESTABLISHED
    ESTABLISHED
    LISTEN
    LISTEN
    
    
    #先把状态全都取出来,然后使用uniq -c统计,之后再进行排序
    [root@netstat ~]# netstat -nat |awk '{print $6}'|sort|uniq -c|sort -rn
          5 LISTEN
          2 ESTABLISHED
          1 Foreign
          1 established)
    
    
  • 相关阅读:
    阿里云ECS 网站访问变卡
    MySql导入导出sql脚本(转)
    Mysql数据库备份的问题:mysqldump: Got error: 1049: Unknown database 'blog;' when selecting the database(转)
    Mysql in 优化(转)
    根据查询更新JTable显示(转)
    MyEclipse部署项目到Tomcat上,但是classes文件夹下没有编译项目(转)
    POI Workbook workbook = WorkbookFactory.create(fis); 报NoSuchMethodError
    07-常用内置对象
    06-流程控制
    05-数据类型转换
  • 原文地址:https://www.cnblogs.com/ywb123/p/13018916.html
Copyright © 2020-2023  润新知