美文网首页
linux命令之netstat

linux命令之netstat

作者: mr_franklin | 来源:发表于2017-01-21 17:41 被阅读122次

    netstat是linux下用于显示网络状态的命令。通过它能统计端口情况,网络连接状态,路由表等信息。在网络开发或运维中,经常会使用netstat来查看网络状态。

    参数含义

    -a,--all

    显示所有套接字的连接状态,默认只显示已建立连接的套接字,加上此参数后,也会显示Listen状态的套接字。
    默认:

    [root ~]# netstat
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 iZ135ux6u63Z:42584      121.58.13.94:mysql     ESTABLISHED
tcp        0      0 iZ135ux6u63Z:6379       62.48.69.16:54744      ESTABLISHED
tcp        0      0 localhost:40940         localhost:metasys       ESTABLISHED
tcp        0      0 iZ235ux6u63Z:ssh        128.56.16.10:34353     ESTABLISHED

    加-a后, State下会显示“LISTEN”状态的套接字

    [root ~]# netstat -a
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 0.0.0.0:6379            0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:http            0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:tproxy          0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:ssh             0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:https           0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:40400           0.0.0.0:*               LISTEN     
......
tcp        0      0 iZ135ux8u13Z:42584      121.58.13.94:mysql     ESTABLISHED
tcp        0      0 iZ135ux8u13Z:6379       62.48.69.16:54744      ESTABLISHED
tcp        0      0 localhost:40940         localhost:metasys       ESTABLISHED
tcp        0      0 iZ135ux8u13Z:ssh        128.56.16.10:34353     ESTABLISHED

    -n,--numeric

    以数字形式显示ip地址。默认会显示解析过的host,prot,或用户名。
    默认:

    [root ~]# netstat
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 iZ135ux8u13Z:42584      121.58.13.94:mysql     ESTABLISHED
tcp        0      0 iZ135ux8u13Z:6379       62.48.69.16:54744      ESTABLISHED
tcp        0      0 localhost:40940         localhost:metasys       ESTABLISHED
tcp        0      0 iZ135ux8u13Z:ssh        128.56.16.10:34353     ESTABLISHED

    加-n后,mysql,ssh,localhost等都以ip或者端口形式显示

    [root ~]# netstat -n
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 123.40.125.228:42584      121.58.13.94:3306     ESTABLISHED
tcp        0      0 123.40.125.228:6379       62.48.69.16:54744      ESTABLISHED
tcp        0      0 127.0.0.1:40940         127.0.0.1:11001         ESTABLISHED
tcp        0      0 123.40.125.228:ssh        128.56.16.10:34353     ESTABLISHED

    -l,--listening

    只显示LISTEN状态的套接字

    [root ~]# netstat -l
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 0.0.0.0:6379            0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:http            0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:tproxy          0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:ssh             0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:https           0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:40400           0.0.0.0:*               LISTEN

    -t,--tcp 和 -u,--udp

    只显示tcp(udp)连接。

    -p,--program

    显示进程PID和进程名称

    [root ~]# netstat -p
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 iZ135ux8u13Z:42584      121.58.13.94:mysql     ESTABLISHED 4815/java           
tcp        0      0 iZ135ux8u13Z:6379       62.48.69.16:54744      ESTABLISHED 840/redis-server *: 
tcp        0      0 localhost:40940         localhost:metasys       ESTABLISHED 5109/java           
tcp        0      0 iZ135ux8u13Z:6379       128.56.16.10:65097    ESTABLISHED 840/redis-server *:

    -i,--interfaces

    显示网络接口

    [root ~]# netstat -i
Kernel Interface table
Iface      MTU    RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg
docker0   1500  2560782      0      0 0       4151415      0      0      0 BMU
eth0      1500 23379381      0      0 0      34455532      0      0      0 BMRU
eth1      1500 217716581      0      0 0      202343360      0      0      0 BMRU
lo       65536 240937752      0      0 0      240937752      0      0      0 LRU

    -r,--route

    显示路由表

    [root ~]# netstat -r
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
default         gateway         0.0.0.0         UG        0 0          0 eth1
10.0.0.0        10.165.21.247   255.0.0.0       UG        0 0          0 eth0
10.168.64.0     0.0.0.0         255.255.248.0   U         0 0          0 eth0
100.64.0.0      10.165.21.247   255.192.0.0     UG        0 0          0 eth0
121.40.180.0    0.0.0.0         255.255.252.0   U         0 0          0 eth1
link-local      0.0.0.0         255.255.0.0     U         0 0          0 eth0
link-local      0.0.0.0         255.255.0.0     U         0 0          0 eth1
172.16.0.0      10.165.21.247   255.240.0.0     UG        0 0          0 eth0
192.168.0.0     0.0.0.0         255.255.240.0   U         0 0          0 docker0

    -e,--extend

    显示额外信息
    -ie能显示网络接口的详细信息,和ifconfig命令的显示内容一致
    -pe会显示进程名和用户名

    [root ~]# netstat -pe
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       User       Inode      PID/Program name    
tcp        0      0 iZ135ux8u13Z:42584      121.58.13.94:mysql     ESTABLISHED root       70731166   4815/java           
tcp        0      0 iZ135ux8u13Z:6379       62.48.69.16:54744      ESTABLISHED redis      35176559   840/redis-server *: 
tcp        0      0 localhost:40940         localhost:metasys       ESTABLISHED root       74749821   5109/java           
tcp        0      0 iZ135ux8u13Z:6379       128.56.16.10:65097    ESTABLISHED redis      25990225   840/redis-server *:

    -ne,User一列会显示id而非用户名

    -s,--statistics

    显示每个协议的统计信息

    [root ~]# netstat -s
Ip:
    484627137 total packets received
    6705287 forwarded
    501 with unknown protocol
    0 incoming packets discarded
    477921341 incoming packets delivered
    481921712 requests sent out
    72 dropped because of missing route
Icmp:
    25322 ICMP messages received
    7175 input ICMP message failed.
    InCsumErrors: 9
    ICMP input histogram:
        destination unreachable: 9616
        timeout in transit: 427
        redirects: 94
        echo requests: 15165
        echo replies: 10
        timestamp request: 1
    190825 ICMP messages sent
    0 ICMP messages failed
    ICMP output histogram:
        destination unreachable: 175649
        echo request: 10
        echo replies: 15165
        timestamp replies: 1
.......

    用法示例

    打印所有监听端口及对应的进程id和名称

    [root ~]# netstat -nlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:6379            0.0.0.0:*               LISTEN      840/redis-server *: 
tcp        0      0 0.0.0.0:8080            0.0.0.0:*               LISTEN      5109/java           
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      989/nginx: master p 
tcp        0      0 0.0.0.0:14001           0.0.0.0:*               LISTEN      26902/java          
tcp        0      0 0.0.0.0:8081            0.0.0.0:*               LISTEN      28705/java          
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      836/sshd

    查看tcp端口

    [root ~]# netstat -tnp
tcp        0   4080 182.92.221.114:22           123.122.21.121:17350        ESTABLISHED 18909/sshd
tcp        0      0 10.172.248.114:6379         10.171.86.96:56562          ESTABLISHED 18441/redis-server
tcp        0      0 10.172.248.114:6379         10.171.86.96:56496          ESTABLISHED 18441/redis-server
tcp        0      0 10.172.248.114:27017        10.171.86.96:46927          ESTABLISHED 21380/mongod

    查看端口是否正常监听

    查看是否处于监听状态

    [root ~]# netstat -nlp | grep ":80 "
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      989/nginx: master p

    另外可以使用telnet测试远程服务器的端口是否打开:

    telnet reomte-ip 80

    如果本地正常监听,但telent不通,原因可能是防火墙没有屏蔽的端口,需检查防火墙设置。

    各个监听状态的含义

    转自:http://www.cnblogs.com/peida/archive/2013/03/08/2949194.html
    LISTEN:侦听来自远方的TCP端口的连接请求
    SYN-SENT:再发送连接请求后等待匹配的连接请求(如果有大量这样的状态包,检查是否中招了)
    SYN-RECEIVED:再收到和发送一个连接请求后等待对方对连接请求的确认(如有大量此状态,估计被flood攻击了)
    ESTABLISHED:代表一个打开的连接
    FIN-WAIT-1:等待远程TCP连接中断请求,或先前的连接中断请求的确认
    FIN-WAIT-2:从远程TCP等待连接中断请求
    CLOSE-WAIT:等待从本地用户发来的连接中断请求
    CLOSING:等待远程TCP对连接中断的确认
    LAST-ACK:等待原来的发向远程TCP的连接中断请求的确认(不是什么好东西,此项出现,检查是否被攻击)
    TIME-WAIT:等待足够的时间以确保远程TCP接收到连接中断请求的确认
    CLOSED:没有任何连接状态

    参考: linux man:man netstat

    相关文章

      网友评论

          本文标题:linux命令之netstat

          本文链接:https://www.haomeiwen.com/subject/xuqnbttx.html

          延伸阅读

          深度阅读

          • 您也可以注册成为美文阅读网的作者,发表您的原创作品、分享您的心情!

          栏目导航

          热点阅读

          关于我们|服务条款|联系我们|linux命令之netstat|投稿指南|网站地图|RSS订阅|排版工具|手机版

          提供经典美文摘抄,优美散文欣赏,现代诗歌精选,短篇小说,心情随笔,表白情书范文,故事会在线阅读欣赏

          Copyright © 2014-2023 Haomeiwen.com All Rights Reserved. 好美文阅读网 版权所有

          备案信息:桂公网安备 45052102000051号 · 桂ICP备13007215号-3

          本站所收录作品、热点评论等信息部分来源互联网,目的只是为了系统归纳学习和传递资讯

          所有作品版权归原创作者所有,与本站立场无关,如不慎侵犯了你的权益,请联系我们告知,我们将做删除处理!