netstat命令
netstat (network statistics) 是一个命令行的网络状况查看分析工具,它可以打印当前网络的连接情况,路由表 ,网络接口统计,伪装连接、multicast memberships。
linux系统上的netstat命令详解
命令语法
netstat命令: 用于输出和网络相关的信息,比如网络连接状况、路由表、接口统计等信息。
通过它,你可以看到有哪些网络网络连接、端口号在使用,以及哪些进程使用他们。
netstat语法格式:
netstat [address_family_options] [--tcp|-t] [--udp|-u] [--udplite|-U]
[--sctp|-S] [--raw|-w] [--l2cap|-2] [--rfcomm|-f] [--listening|-l]
[--all|-a] [--numeric|-n] [--numeric-hosts] [--numeric-ports]
[--numeric-users] [--symbolic|-N] [--extend|-e[--extend|-e]]
[--timers|-o] [--program|-p] [--verbose|-v] [--continuous|-c]
[--wide|-W]
命令选项的说明:
| 选项简称 | 完整选项名 | 含义 |
|---|---|---|
| -a | all | 展示所有的监听和非监听的套接字 |
| -t | tcp | 只展示tcp端口上的套接字 |
| -u | udp | 只展示udp端口上的套接字 |
| -l | listening | 只展示监听的套接字 |
| -n | numeric | 以数字化的形式展示地址、端口号 |
| -c | continuous | 每秒钟连续打印指定的信息 |
| -p | program | 同时展示出每个套接字所属的进程的PID和名称 |
| -e | extend | 展示更多的附加信息 |
命令的输出结果
[root@iZbp10j45698ftelmrcx2Z ~]# netstat -natp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:2181 0.0.0.0:* LISTEN 23372/java
tcp 0 0 0.0.0.0:18342 0.0.0.0:* LISTEN 23372/java
tcp 0 0 127.0.0.1:11883 0.0.0.0:* LISTEN 30368/beam.smp
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 23619/nginx: master
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 23372/java
tcp 0 0 0.0.0.0:8081 0.0.0.0:* LISTEN 30368/beam.smp
tcp 0 0 0.0.0.0:4370 0.0.0.0:* LISTEN 30368/beam.smp
tcp 0 0 0.0.0.0:8883 0.0.0.0:* LISTEN 30368/beam.smp
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 22553/sshd
tcp 0 0 0.0.0.0:5432 0.0.0.0:* LISTEN 19065/postmaster
tcp 0 0 0.0.0.0:5370 0.0.0.0:* LISTEN 30368/beam.smp
tcp 0 0 0.0.0.0:1883 0.0.0.0:* LISTEN 30368/beam.smp
tcp 0 0 0.0.0.0:9600 0.0.0.0:* LISTEN 13648/java
tcp 0 0 0.0.0.0:18083 0.0.0.0:* LISTEN 30368/beam.smp
tcp 0 0 172.16.54.168:1883 39.144.5.203:43314 ESTABLISHED 30368/beam.smp
tcp 0 0 172.16.54.168:64118 100.100.45.186:80 TIME_WAIT -
tcp 0 0 172.16.54.168:1883 117.61.0.28:35013 ESTABLISHED 30368/beam.smp
tcp 0 0 172.16.54.168:1883 117.132.195.157:24087 ESTABLISHED 30368/beam.smp
tcp 0 0 172.16.54.168:1883 39.144.13.7:62568 ESTABLISHED 30368/beam.smp
tcp 0 0 172.16.54.168:1883 218.26.55.74:37440 ESTABLISHED 30368/beam.smp
tcp 0 0 172.16.54.168:1883 39.144.15.90:16553 ESTABLISHED 30368/beam.smp
tcp 0 8 172.16.54.168:1883 117.61.8.52:35387 ESTABLISHED 30368/beam.smp
tcp 0 0 172.16.54.168:1883 39.144.5.188:42274 ESTABLISHED 30368/beam.smp
tcp 0 0 172.16.54.168:1883 117.132.194.247:42289 ESTABLISHED 30368/beam.smp
tcp 0 0 172.16.54.168:1883 117.132.195.153:17158 TIME_WAIT -
tcp 0 0 172.16.54.168:9600 113.89.10.102:6439 ESTABLISHED 13648/java
tcp 0 0 172.16.54.168:1883 117.61.8.52:35380 TIME_WAIT -
tcp 0 0 172.16.54.168:1883 221.178.124.19:8942 ESTABLISHED 30368/beam.smp
tcp 0 4 172.16.54.168:1883 98.116.200.113:38340 ESTABLISHED 30368/beam.smp
[root@iZbp10j45698ftelmrcx2Z ~]#
每一列的含义:
| 列名 | 含义 |
|---|---|
| Proto | 此套接字所使用的协议 |
| Recv-Q | Established连接:接收队列.此连接的接收队列中的字节数 |
| Send-Q | Established连接:发送队列.此连接的发送队列中的字节数 |
| Local Address | 此套接字在本地端的地址和端口号 |
| Foreign Address | 此套接字在远端的地址和端口号 |
| State | 此套接字的状态(只对TCP协议有意义) |
State的值:
| 值 | 含义 |
|---|---|
| ESTABLISHED | 此套接字已建立连接 |
| SYN_SENT | 此套接字正在积极地试图建立连接 |
| SYN_RECV | 已经收到了连接请求 |
| FIN_WAIT1 | 此套接字被关闭,并且正在结束此连接 |
| FIN_WAIT2 | 连接被关闭,并且此套接字正在等待远端的结束 |
| TIME_WAIT | 关闭之后,此套接字正等待处理仍在网络上的数据包 |
| CLOSED | 当前已不再使用此套接字 |
| CLOSE_WAIT | 远端已经结束,现在正等待此套接字关闭 |
| LAST_ACK | 远端已经结束,此套接字已被关闭,并正等待确认 |
| LISTEN | 此套接字正在监听入站连接 |
| CLOSING | 俩端的套接字都结束了,但是我们仍有数据没被发送出去 |
| UNKNOWN | 未知 |
linux系统上常用的netstat命令选项
查看服务器当前监听的所有TCP端口号
netstat -lt
示例
# netstat -lt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:dctp *:* LISTEN
tcp 0 0 *:mysql *:* LISTEN
tcp 0 0 *:sunrpc *:* LISTEN
tcp 0 0 *:munin *:* LISTEN
tcp 0 0 *:ftp *:* LISTEN
tcp 0 0 localhost.localdomain:ipp *:* LISTEN
tcp 0 0 localhost.localdomain:smtp *:* LISTEN
tcp 0 0 *:http *:* LISTEN
tcp 0 0 *:ssh *:* LISTEN
tcp 0 0 *:https *:* LISTEN
查看某个端口号的服务所有tcp连接
netstat -nat|grep -i "1883"
[root@iZbp10j45698ftelmrcx2Z ~]# netstat -nat|grep -i "1883"
tcp 0 0 127.0.0.1:11883 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:1883 0.0.0.0:* LISTEN
tcp 0 0 172.16.54.168:1883 117.61.8.52:35389 SYN_RECV
tcp 0 0 172.16.54.168:1883 39.144.5.203:43314 ESTABLISHED
tcp 0 0 172.16.54.168:1883 117.132.195.153:34235 TIME_WAIT
tcp 0 0 172.16.54.168:1883 39.144.15.73:13872 ESTABLISHED
tcp 0 0 172.16.54.168:1883 39.144.18.95:40516 ESTABLISHED
tcp 0 0 172.16.54.168:1883 117.61.9.115:29264 ESTABLISHED
tcp 0 0 172.16.54.168:1883 117.132.193.142:35312 ESTABLISHED
tcp 0 0 172.16.54.168:1883 203.168.9.165:26093 ESTABLISHED
tcp 0 0 172.16.54.168:1883 117.132.198.60:56892 ESTABLISHED
tcp 0 0 172.16.54.168:1883 117.132.195.153:34243 TIME_WAIT
tcp 0 0 172.16.54.168:1883 39.144.18.241:29091 ESTABLISHED
tcp 0 0 172.16.54.168:1883 117.132.191.192:41933 ESTABLISHED
tcp 0 0 172.16.54.168:1883 117.132.191.181:2142 ESTABLISHED
tcp 0 0 172.16.54.168:1883 117.61.8.41:21068 ESTABLISHED
tcp 0 0 172.16.54.168:1883 117.61.8.52:35373 TIME_WAIT
tcp 0 0 172.16.54.168:1883 117.61.8.52:35388 TIME_WAIT
tcp 0 0 172.16.54.168:1883 1.80.80.156:12861 ESTABLISHED
tcp 0 0 172.16.54.168:1883 39.144.10.154:44862 ESTABLISHED
tcp 0 0 172.16.54.168:1883 117.132.192.41:63551 ESTABLISHED
tcp 0 0 172.16.54.168:1883 39.144.1.91:60008 ESTABLISHED
查看某个端口上处于ESTABLISHED状态的连接个数
netstat -na | grep -i 1883|grep ESTABLISHED|wc -l
[root@iZbp10j40viotftelmrcx2Z ~]# netstat -na | grep -i 1883|grep ESTABLISHED|wc -l
185
[root@iZbp10j40viotftelmrcx2Z ~]#
网友评论