Netstat
Netstat 是一款命令行工具,可用于列出系统上所有的网络套接字连接情况,包括 tcp, udp 以及 unix 套接字,另外它还能列出处于监听状态(即等待接入请求)的套接字。
列出所有连接
列出所有当前的连接。使用 -a 选项即可。
root@ubuntu:~# netstat -an
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:8123 0.0.0.0:* LISTEN
tcp 0 52 192.168.125.128:8123 192.168.125.1:56464 ESTABLISHED
tcp6 0 0 ::1:631 :::* LISTEN
tcp6 0 0 :::8123 :::* LISTEN
udp 0 0 0.0.0.0:5353 0.0.0.0:*
udp 0 0 0.0.0.0:631 0.0.0.0:*
udp 0 0 0.0.0.0:45055 0.0.0.0:*
udp 0 0 0.0.0.0:7217 0.0.0.0:*
udp 0 0 0.0.0.0:68 0.0.0.0:*
udp6 0 0 :::5353 :::*
udp6 0 0 :::53532 :::*
同时使用-n选项禁止反向解析。
选择协议
- 使用 -t 选项列出 TCP 协议的连接
- 使用 -u 选项列出 UDP 协议的连接
打印路由信息
使用-r 选项打印路由信息,该命令同route -n 是一样的。
root@ubuntu:~# netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 192.168.125.2 0.0.0.0 UG 0 0 0 eth0
192.168.125.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
获取进程名、进程号以及用户 ID
root@ubuntu:~# netstat -anp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 676/cupsd
tcp 0 0 0.0.0.0:8123 0.0.0.0:* LISTEN 1183/sshd
tcp 0 52 192.168.125.128:8123 192.168.125.1:56464 ESTABLISHED 5511/sshd: newer [p
tcp6 0 0 ::1:631 :::* LISTEN 676/cupsd
tcp6 0 0 :::8123 :::* LISTEN 1183/sshd
udp 0 0 0.0.0.0:5353 0.0.0.0:* 657/avahi-daemon: r
udp 0 0 0.0.0.0:631 0.0.0.0:* 806/cups-browsed
udp 0 0 0.0.0.0:45055 0.0.0.0:* 657/avahi-daemon: r
udp 0 0 0.0.0.0:7217 0.0.0.0:* 883/dhclient
udp 0 0 0.0.0.0:68 0.0.0.0:* 883/dhclient
udp6 0 0 :::5353 :::* 657/avahi-daemon: r
udp6 0 0 :::53532 :::* 883/dhclient
udp6 0 0 :::41661 :::* 657/avahi-daemon: r
使用-e选项可以看到进程的用户ID
root@ubuntu:~# netstat -anpe
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 0 10729 676/cupsd
tcp 0 0 0.0.0.0:8123 0.0.0.0:* LISTEN 0 12741 1183/sshd
tcp 0 280 192.168.125.128:8123 192.168.125.1:61047 ESTABLISHED 0 90997 5875/sshd: newer [p
tcp6 0 0 ::1:631 :::* LISTEN 0 10728 676/cupsd
tcp6 0 0 :::8123 :::* LISTEN 0 12743 1183/sshd
udp 0 0 0.0.0.0:5353 0.0.0.0:* 111 12440 657/avahi-daemon: r
udp 0 0 0.0.0.0:631 0.0.0.0:* 0 9776 806/cups-browsed
udp 0 0 0.0.0.0:45055 0.0.0.0:* 111 12442 657/avahi-daemon: r
udp 0 0 0.0.0.0:7217 0.0.0.0:* 0 10564 883/dhclient
打印统计数据
netstat -s 选项可以看到当前网络的统计信息。
root@ubuntu:~# netstat -s
Ip:
42879 total packets received
43 with invalid addresses
0 forwarded
0 incoming packets discarded
42836 incoming packets delivered
15985 requests sent out
48 outgoing packets dropped
Icmp:
130 ICMP messages received
0 input ICMP message failed.
ICMP input histogram:
destination unreachable: 128
echo requests: 2
130 ICMP messages sent
0 ICMP messages failed
ICMP output histogram:
destination unreachable: 128
echo replies: 2
IcmpMsg:
InType3: 128
InType8: 2
OutType0: 2
OutType3: 128
Tcp:
15 active connections openings
7 passive connection openings
0 failed connection attempts
4 connection resets received
1 connections established
18434 segments received
16730 segments send out
7 segments retransmited
0 bad segments received.
2 resets sent
Udp:
2706 packets received
128 packets to unknown port received.
0 packet receive errors
487 packets sent
IgnoredMulti: 21427
UdpLite:
TcpExt:
2 TCP sockets finished time wait in fast timer
236 delayed acks sent
1 delayed acks further delayed because of locked socket
Quick ack mode was activated 4 times
7 packets directly queued to recvmsg prequeue.
5 bytes directly received in process context from prequeue
6641 packet headers predicted
6552 acknowledgments not containing data payload received
1964 predicted acknowledgments
2 congestion windows recovered without slow start after partial ack
2 other TCP timeouts
TCPLossProbes: 3
3 DSACKs sent for old packets
3 DSACKs received
2 connections aborted due to timeout
TCPRcvCoalesce: 160
TCPOFOQueue: 4
TCPAutoCorking: 378
TCPSynRetrans: 4
TCPOrigDataSent: 13212
TCPHystartTrainDetect: 5
TCPHystartTrainCwnd: 120
TCPKeepAlive: 18
IpExt:
InMcastPkts: 2544
OutMcastPkts: 205
InBcastPkts: 21427
InOctets: 14195538
OutOctets: 5631604
InMcastOctets: 189562
OutMcastOctets: 29558
InBcastOctets: 1695656
InNoECTPkts: 48264
root@ubuntu:~#
持续查看新建连接
使用-c 选项可以持续查看当前系统新建链接。使用netstat -ct可以查看持续的新建连接。
root@ubuntu:~# netstat -ct
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
^[3^[q^Htcp 0 52 192.168.125.128:8123 192.168.125.1:61047 ESTABLISHED
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 192.168.125.128:8123 192.168.125.1:61047 ESTABLISHED
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 192.168.125.128:8123 192.168.125.1:61047 ESTABLISHED
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 192.168.125.128:8123 192.168.125.1:61047 ESTABLISHED
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 192.168.125.128:8123 192.168.125.1:61047 ESTABLISHED
网友评论