netstat命令
netstat命令
netstat命令用于显示与IP、TCP、UDP和ICMP协议相关的统计数据,一般用于检验本机各端口的网络连接情况。netstat是在内核中访问网络及相关信息的程序,它能提供TCP连接,TCP和UDP监听,进程内存管理的相关报告。
如果计算机有时候接收到的数据报导致出错数据或故障,不必感到奇怪,TCP/IP可以容许这些类型的错误,并能够自动重发数据报。但如果累计的出错情况数目占到所接收的IP数据报相当大的百分比,或者它的数目正迅速增加,那么就应该使用netstat查一查为什么会出现这些情况了。
1.命令格式
netstat [-acCeFghilMnNoprstuvVwx][-A<网络类型>][--ip]
2.命令功能
netstat用于显示与IP、TCP、UDP和ICMP协议相关的统计数据,一般用于检验本机各端口的网络连接情况。
3.命令参数
-a或–all显示所有连线中的Socket。-A<网络类型>或–<网络类型> 列出该网络类型连线中的相关地址。-c或–continuous持续列出网络状态。-C或–cache显示路由器配置的快取信息。-e或–extend显示网络其他相关信息。-F或–fib显示FIB。-g或–groups显示多重广播功能群组组员名单。-h或–help在线帮助。-i或–interfaces显示网络界面信息表单。-l或–listening显示监控中的服务器的Socket。-M或–masquerade显示伪装的网络连线。-n或–numeric直接使用IP地址,而不通过域名服务器。-N或–netlink或–symbolic显示网络硬件外围设备的符号连接名称。-o或–timers显示计时器。-p或–programs显示正在使用Socket的程序识别码和程序名称。-r或–route显示Routing Table。-s或–statistice显示网络工作信息统计表。-t或–tcp显示TCP传输协议的连线状况。-u或–udp显示UDP传输协议的连线状况。-v或–verbose显示指令执行过程。-V或–version显示版本信息。-w或–raw显示RAW传输协议的连线状况。-x或–unix此参数的效果和指定”-A unix”参数相同。–ip或–inet此参数的效果和指定”-A inet”参数相同。
4.使用实例
实例1:无参数使用
命令:
netstat
输出:
[zyiz@localhost ~]$ netstat Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 localhost.localdoma:ssh 192.168.0.5:54835 ESTABLISHED Active UNIX domain sockets (w/o servers) Proto RefCnt Flags Type State I-Node Path unix 2 [ ] DGRAM 13100 /run/systemd/shutdownd unix 2 [ ] DGRAM 8385 /run/systemd/notify unix 2 [ ] DGRAM 8387 /run/systemd/cgroups-agent unix 5 [ ] DGRAM 8398 /run/systemd/journal/socket unix 13 [ ] DGRAM 8400 /dev/log unix 3 [ ] STREAM CONNECTED 19870 unix 3 [ ] STREAM CONNECTED 19850 unix 3 [ ] STREAM CONNECTED 19871 unix 3 [ ] STREAM CONNECTED 19830 unix 3 [ ] STREAM CONNECTED 16422 unix 3 [ ] STREAM CONNECTED 19852 unix 3 [ ] STREAM CONNECTED 16423 /var/run/dbus/system_bus_socket unix 3 [ ] STREAM CONNECTED 19873 unix 3 [ ] STREAM CONNECTED 19874 unix 3 [ ] STREAM CONNECTED 15501 unix 3 [ ] STREAM CONNECTED 19847 unix 3 [ ] STREAM CONNECTED 19821 unix 3 [ ] STREAM CONNECTED 19849 unix 3 [ ] STREAM CONNECTED 19844 unix 3 [ ] STREAM CONNECTED 19820 unix 3 [ ] STREAM CONNECTED 19876 unix 3 [ ] STREAM CONNECTED 19833 unix 3 [ ] STREAM CONNECTED 19877 unix 2 [ ] DGRAM 16501 unix 3 [ ] STREAM CONNECTED 16576 unix 3 [ ] STREAM CONNECTED 19879 unix 3 [ ] STREAM CONNECTED 19829 unix 2 [ ] DGRAM 80277 unix 3 [ ] STREAM CONNECTED 19880 unix 3 [ ] STREAM CONNECTED 15803 /run/systemd/journal/stdout unix 3 [ ] STREAM CONNECTED 19882 unix 3 [ ] STREAM CONNECTED 19263 unix 3 [ ] STREAM CONNECTED 19883 unix 3 [ ] STREAM CONNECTED 19853 unix 2 [ ] DGRAM 16412 unix 3 [ ] STREAM CONNECTED 19855 unix 3 [ ] STREAM CONNECTED 15802 unix 3 [ ] STREAM CONNECTED 19856 unix 3 [ ] STREAM CONNECTED 15502 /run/systemd/journal/stdout unix 3 [ ] STREAM CONNECTED 80280 unix 3 [ ] STREAM CONNECTED 19858 unix 3 [ ] STREAM CONNECTED 19859 unix 3 [ ] STREAM CONNECTED 80281 unix 3 [ ] STREAM CONNECTED 19861 unix 3 [ ] STREAM CONNECTED 19843 unix 3 [ ] STREAM CONNECTED 19862 unix 3 [ ] STREAM CONNECTED 15457 unix 3 [ ] STREAM CONNECTED 19864 unix 3 [ ] STREAM CONNECTED 15613 /var/run/dbus/system_bus_socket unix 3 [ ] STREAM CONNECTED 19865 unix 3 [ ] STREAM CONNECTED 19846 unix 2 [ ] DGRAM 80112 unix 3 [ ] STREAM CONNECTED 19867 unix 3 [ ] STREAM CONNECTED 16577 /var/run/dbus/system_bus_socket unix 3 [ ] STREAM CONNECTED 19868 unix 2 [ ] DGRAM 15509 unix 3 [ ] STREAM CONNECTED 19264 /var/run/dbus/system_bus_socket unix 3 [ ] STREAM CONNECTED 16129 /var/run/dbus/system_bus_socket unix 3 [ ] STREAM CONNECTED 13393 unix 3 [ ] STREAM CONNECTED 19837 unix 2 [ ] DGRAM 13285 unix 3 [ ] STREAM CONNECTED 13530 /run/systemd/journal/stdout unix 2 [ ] DGRAM 19784 unix 3 [ ] STREAM CONNECTED 16379 /run/systemd/journal/stdout unix 3 [ ] STREAM CONNECTED 16160 unix 3 [ ] STREAM CONNECTED 13796 /run/systemd/journal/stdout unix 3 [ ] STREAM CONNECTED 15732 /run/systemd/journal/stdout unix 3 [ ] STREAM CONNECTED 15611 unix 3 [ ] STREAM CONNECTED 13777 unix 2 [ ] DGRAM 20011 unix 3 [ ] STREAM CONNECTED 16106 /run/systemd/journal/stdout unix 3 [ ] STREAM CONNECTED 19840 ......
说明:
从整体上看,netstat的输出结果可以分为两个部分:
一个是Active Internet connections,称为有源TCP连接,其中”Recv-Q”和”Send-Q”指的是接收队列和发送队列。这些数字一般都应该是0。如果不是则表示软件包正在队列中堆积。这种情况只能在非常少的情况见到。
另一个是Active UNIX domain sockets,称为有源Unix域套接口(和网络套接字一样,但是只能用于本机通信,性能可以提高一倍)。
Proto显示连接使用的协议,RefCnt表示连接到本套接口上的进程号,Types显示套接口的类型,State显示套接口当前的状态,Path表示连接到套接口的其它进程使用的路径名。
套接口类型:
-t:TCP-u:UDP-raw:RAW类型--unix:UNIX域类型--ax25:AX25类型--ipx:ipx类型--netrom:netrom类型
状态说明:
LISTEN:侦听来自远方的TCP端口的连接请求SYN-SENT:再发送连接请求后等待匹配的连接请求(如果有大量这样的状态包,检查是否中招了)SYN-RECEIVED:再收到和发送一个连接请求后等待对方对连接请求的确认(如有大量此状态,估计被flood攻击了)ESTABLISHED:代表一个打开的连接FIN-WAIT-1:等待远程TCP连接中断请求,或先前的连接中断请求的确认FIN-WAIT-2:从远程TCP等待连接中断请求CLOSE-WAIT:等待从本地用户发来的连接中断请求CLOSING:等待远程TCP对连接中断的确认LAST-ACK:等待原来的发向远程TCP的连接中断请求的确认(不是什么好东西,此项出现,检查是否被攻击)TIME-WAIT:等待足够的时间以确保远程TCP接收到连接中断请求的确认CLOSED:没有任何连接状态
实例2:列出所有端口
命令:
netstat -a
输出:
[zyiz@localhost ~]$ netstat -a Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN tcp 0 0 localhost:smtp 0.0.0.0:* LISTEN tcp 0 52 localhost.localdoma:ssh 192.168.0.5:54835 ESTABLISHED tcp6 0 0 [::]:ssh [::]:* LISTEN tcp6 0 0 localhost:smtp [::]:* LISTEN udp 0 0 0.0.0.0:trnsprntproxy 0.0.0.0:* udp 0 0 localhost:323 0.0.0.0:* udp 0 0 0.0.0.0:bootpc 0.0.0.0:* udp6 0 0 [::]:rnm [::]:* udp6 0 0 localhost:323 [::]:* raw6 0 0 [::]:ipv6-icmp [::]:* 7 Active UNIX domain sockets (servers and established) Proto RefCnt Flags Type State I-Node Path unix 2 [ ACC ] STREAM LISTENING 12805 /run/lvm/lvmpolld.socket unix 2 [ ACC ] SEQPACKET LISTENING 12811 /run/udev/control unix 2 [ ACC ] STREAM LISTENING 12827 /run/lvm/lvmetad.socket unix 2 [ ] DGRAM 13100 /run/systemd/shutdownd unix 2 [ ACC ] STREAM LISTENING 19872 public/showq unix 2 [ ACC ] STREAM LISTENING 19842 private/rewrite unix 2 [ ACC ] STREAM LISTENING 15231 /var/run/dbus/system_bus_socket unix 2 [ ACC ] STREAM LISTENING 19845 private/bounce unix 2 [ ACC ] STREAM LISTENING 19848 private/defer unix 2 [ ACC ] STREAM LISTENING 19851 private/trace unix 2 [ ACC ] STREAM LISTENING 19854 private/verify unix 2 [ ACC ] STREAM LISTENING 19860 private/proxymap unix 2 [ ACC ] STREAM LISTENING 19863 private/proxywrite unix 2 [ ACC ] STREAM LISTENING 19866 private/smtp unix 2 [ ACC ] STREAM LISTENING 19869 private/relay unix 2 [ ACC ] STREAM LISTENING 19875 private/error unix 2 [ ACC ] STREAM LISTENING 19878 private/retry unix 2 [ ACC ] STREAM LISTENING 19881 private/discard unix 2 [ ACC ] STREAM LISTENING 19884 private/local unix 2 [ ACC ] STREAM LISTENING 19887 private/virtual unix 2 [ ACC ] STREAM LISTENING 19890 private/lmtp unix 2 [ ACC ] STREAM LISTENING 19893 private/anvil unix 2 [ ACC ] STREAM LISTENING 19896 private/scache unix 2 [ ACC ] STREAM LISTENING 19822 public/pickup unix 2 [ ACC ] STREAM LISTENING 19832 public/cleanup unix 2 [ ACC ] STREAM LISTENING 19835 public/qmgr unix 2 [ ACC ] STREAM LISTENING 19857 public/flush unix 2 [ ACC ] STREAM LISTENING 17836 /var/run/NetworkManager/private-dhcp unix 2 [ ] DGRAM 8385 /run/systemd/notify unix 2 [ ] DGRAM 8387 /run/systemd/cgroups-agent unix 2 [ ACC ] STREAM LISTENING 19839 private/tlsmgr ......
说明:显示一个所有的有效连接信息列表,包括已建立的连接(ESTABLISHED),也包括监听连接请(LISTENING)的那些连接。
实例3:显示当前UDP连接状况
命令:
netstat -nu
输出:
[zyiz@localhost ~]$ netstat -nu Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State [zyiz@localhost ~]$
实例4:显示UDP端口号的使用情况
命令:
netstat -apu
输出:
[zyiz@localhost ~]$ netstat -apu (No info could be read for "-p": geteuid()=1000 but you should be root.) Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name udp 0 0 0.0.0.0:trnsprntproxy 0.0.0.0:* - udp 0 0 localhost:323 0.0.0.0:* - udp 0 0 0.0.0.0:bootpc 0.0.0.0:* - udp6 0 0 [::]:rnm [::]:* - udp6 0 0 localhost:323 [::]:* - [zyiz@localhost ~]$
实例5:显示网卡列表
命令:
netstat -i
输出:
[zyiz@localhost ~]$ netstat -i Kernel Interface table Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg ens33 1500 63831 0 0 0 6313 0 0 0 BMRU lo 65536 19 0 0 0 19 0 0 0 LRU [zyiz@localhost ~]$
实例6:显示组播组的关系
命令:
netstat -g
输出:
[zyiz@localhost ~]$ netstat -g IPv6/IPv4 Group Memberships Interface RefCnt Group --------------- ------ --------------------- lo 1 all-systems.mcast.net ens33 1 all-systems.mcast.net lo 1 ff02::1 lo 1 ff01::1 ens33 1 ff02::1:ff35:dd8c ens33 1 ff02::1 ens33 1 ff01::1 [zyiz@localhost ~]$
实例7:显示网络统计信息
命令:
netstat -s
输出:
[zyiz@localhost ~]$ netstat -s
Ip:
total packets received
forwarded
incoming packets discarded
incoming packets delivered
requests sent out
dropped because of missing route
Icmp:
ICMP messages received
input ICMP message failed.
ICMP input histogram:
destination unreachable: 152
timeout in transit: 164
echo requests: 402
echo replies: 49
ICMP messages sent
ICMP messages failed
ICMP output histogram:
destination unreachable: 9
echo request: 458
IcmpMsg:
InType0: 49
InType3: 152
InType8: 402
InType11: 164
OutType3: 9
OutType8: 458
Tcp:
active connections openings
passive connection openings
failed connection attempts
connection resets received
connections established
segments received
segments send out
segments retransmited
bad segments received.
resets sent
Udp:
packets received
packets to unknown port received.
packet receive errors
packets sent
receive buffer errors
send buffer errors
UdpLite:
TcpExt:
TCP sockets finished time wait in fast timer
delayed acks sent
delayed acks further delayed because of locked socket
packets directly queued to recvmsg prequeue.
packet headers predicted
acknowledgments not containing data payload received
predicted acknowledgments
IPReversePathFilter: 1
TCPRcvCoalesce: 69
TCPOrigDataSent: 2427
IpExt:
InNoRoutes: 5
InMcastPkts: 435
InBcastPkts: 24444
OutBcastPkts: 402
InOctets: 2452235
OutOctets: 539407
InMcastOctets: 13920
InBcastOctets: 2027384
OutBcastOctets: 33768
InNoECTPkts: 28642
[zyiz@localhost ~]$
说明:
按照各个协议分别显示其统计数据。如果我们的应用程序(如Web浏览器)运行速度比较慢,或者不能显示Web页之类的数据,那么我们就可以用本选项来查看一下所显示的信息。我们需要仔细查看统计数据的各行,找到出错的关键字,进而确定问题所在。
实例8:显示监听的套接口
命令:
netstat -l
输出:
[zyiz@localhost ~]$ netstat -l Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN tcp 0 0 localhost:smtp 0.0.0.0:* LISTEN tcp6 0 0 [::]:ssh [::]:* LISTEN tcp6 0 0 localhost:smtp [::]:* LISTEN udp 0 0 0.0.0.0:trnsprntproxy 0.0.0.0:* udp 0 0 localhost:323 0.0.0.0:* udp 0 0 0.0.0.0:bootpc 0.0.0.0:* udp6 0 0 [::]:rnm [::]:* udp6 0 0 localhost:323 [::]:* raw6 0 0 [::]:ipv6-icmp [::]:* 7 Active UNIX domain sockets (only servers) Proto RefCnt Flags Type State I-Node Path unix 2 [ ACC ] STREAM LISTENING 12805 /run/lvm/lvmpolld.socket unix 2 [ ACC ] SEQPACKET LISTENING 12811 /run/udev/control unix 2 [ ACC ] STREAM LISTENING 12827 /run/lvm/lvmetad.socket unix 2 [ ACC ] STREAM LISTENING 19872 public/showq unix 2 [ ACC ] STREAM LISTENING 19842 private/rewrite unix 2 [ ACC ] STREAM LISTENING 15231 /var/run/dbus/system_bus_socket unix 2 [ ACC ] STREAM LISTENING 19845 private/bounce unix 2 [ ACC ] STREAM LISTENING 19848 private/defer unix 2 [ ACC ] STREAM LISTENING 19851 private/trace unix 2 [ ACC ] STREAM LISTENING 19854 private/verify unix 2 [ ACC ] STREAM LISTENING 19860 private/proxymap unix 2 [ ACC ] STREAM LISTENING 19863 private/proxywrite unix 2 [ ACC ] STREAM LISTENING 19866 private/smtp unix 2 [ ACC ] STREAM LISTENING 19869 private/relay unix 2 [ ACC ] STREAM LISTENING 19875 private/error unix 2 [ ACC ] STREAM LISTENING 19878 private/retry unix 2 [ ACC ] STREAM LISTENING 19881 private/discard unix 2 [ ACC ] STREAM LISTENING 19884 private/local unix 2 [ ACC ] STREAM LISTENING 19887 private/virtual unix 2 [ ACC ] STREAM LISTENING 19890 private/lmtp unix 2 [ ACC ] STREAM LISTENING 19893 private/anvil unix 2 [ ACC ] STREAM LISTENING 19896 private/scache unix 2 [ ACC ] STREAM LISTENING 19822 public/pickup unix 2 [ ACC ] STREAM LISTENING 19832 public/cleanup unix 2 [ ACC ] STREAM LISTENING 19835 public/qmgr unix 2 [ ACC ] STREAM LISTENING 19857 public/flush unix 2 [ ACC ] STREAM LISTENING 17836 /var/run/NetworkManager/private-dhcp unix 2 [ ACC ] STREAM LISTENING 19839 private/tlsmgr unix 2 [ ACC ] STREAM LISTENING 8395 /run/systemd/journal/stdout unix 2 [ ACC ] STREAM LISTENING 12794 /run/systemd/private [zyiz@localhost ~]$
实例9:显示所有已建立的有效连接
命令:
netstat -n
输出:
[zyiz@localhost ~]$ netstat -n Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 52 192.168.0.197:22 192.168.0.5:54835 ESTABLISHED Active UNIX domain sockets (w/o servers) Proto RefCnt Flags Type State I-Node Path unix 2 [ ] DGRAM 13100 /run/systemd/shutdownd unix 2 [ ] DGRAM 8385 /run/systemd/notify unix 2 [ ] DGRAM 8387 /run/systemd/cgroups-agent unix 5 [ ] DGRAM 8398 /run/systemd/journal/socket unix 13 [ ] DGRAM 8400 /dev/log unix 3 [ ] STREAM CONNECTED 19870 unix 3 [ ] STREAM CONNECTED 19850 unix 3 [ ] STREAM CONNECTED 19871 unix 3 [ ] STREAM CONNECTED 19830 unix 3 [ ] STREAM CONNECTED 16422 unix 3 [ ] STREAM CONNECTED 19852 unix 3 [ ] STREAM CONNECTED 16423 /var/run/dbus/system_bus_socket unix 3 [ ] STREAM CONNECTED 19873 unix 3 [ ] STREAM CONNECTED 19874 unix 3 [ ] STREAM CONNECTED 15501 unix 3 [ ] STREAM CONNECTED 19847 unix 3 [ ] STREAM CONNECTED 19821 unix 3 [ ] STREAM CONNECTED 19849 unix 3 [ ] STREAM CONNECTED 19844 unix 3 [ ] STREAM CONNECTED 19820 unix 3 [ ] STREAM CONNECTED 19876 unix 3 [ ] STREAM CONNECTED 19833 unix 3 [ ] STREAM CONNECTED 19877 unix 2 [ ] DGRAM 16501 unix 3 [ ] STREAM CONNECTED 16576 unix 3 [ ] STREAM CONNECTED 19879 unix 3 [ ] STREAM CONNECTED 19829 unix 2 [ ] DGRAM 80277 unix 3 [ ] STREAM CONNECTED 19880 unix 3 [ ] STREAM CONNECTED 15803 /run/systemd/journal/stdout unix 3 [ ] STREAM CONNECTED 19882 unix 3 [ ] STREAM CONNECTED 19263 unix 3 [ ] STREAM CONNECTED 19883 unix 3 [ ] STREAM CONNECTED 19853 unix 2 [ ] DGRAM 16412 unix 3 [ ] STREAM CONNECTED 19855 unix 3 [ ] STREAM CONNECTED 15802 unix 3 [ ] STREAM CONNECTED 19856 unix 3 [ ] STREAM CONNECTED 15502 /run/systemd/journal/stdout unix 3 [ ] STREAM CONNECTED 80280 unix 3 [ ] STREAM CONNECTED 19858 unix 3 [ ] STREAM CONNECTED 19859 unix 3 [ ] STREAM CONNECTED 80281 unix 3 [ ] STREAM CONNECTED 19861 unix 3 [ ] STREAM CONNECTED 19843 unix 3 [ ] STREAM CONNECTED 19862 unix 3 [ ] STREAM CONNECTED 15457 unix 3 [ ] STREAM CONNECTED 19864 unix 3 [ ] STREAM CONNECTED 15613 /var/run/dbus/system_bus_socket unix 3 [ ] STREAM CONNECTED 19865 unix 3 [ ] STREAM CONNECTED 19846 unix 2 [ ] DGRAM 80112 unix 3 [ ] STREAM CONNECTED 19867 unix 3 [ ] STREAM CONNECTED 16577 /var/run/dbus/system_bus_socket unix 3 [ ] STREAM CONNECTED 19868 unix 2 [ ] DGRAM 15509 unix 3 [ ] STREAM CONNECTED 19264 /var/run/dbus/system_bus_socket unix 3 [ ] STREAM CONNECTED 16129 /var/run/dbus/system_bus_socket unix 3 [ ] STREAM CONNECTED 13393 unix 3 [ ] STREAM CONNECTED 19837 unix 2 [ ] DGRAM 13285 unix 3 [ ] STREAM CONNECTED 13530 /run/systemd/journal/stdout unix 2 [ ] DGRAM 19784 unix 3 [ ] STREAM CONNECTED 16379 /run/systemd/journal/stdout unix 3 [ ] STREAM CONNECTED 16160 unix 3 [ ] STREAM CONNECTED 13796 /run/systemd/journal/stdout unix 3 [ ] STREAM CONNECTED 15732 /run/systemd/journal/stdout unix 3 [ ] STREAM CONNECTED 15611 unix 3 [ ] STREAM CONNECTED 13777 unix 2 [ ] DGRAM 20011 unix 3 [ ] STREAM CONNECTED 16106 /run/systemd/journal/stdout unix 3 [ ] STREAM CONNECTED 19840 unix 2 [ ] DGRAM 16231 unix 3 [ ] STREAM CONNECTED 16105 unix 3 [ ] STREAM CONNECTED 16320 unix 3 [ ] STREAM CONNECTED 19885 unix 3 [ ] DGRAM 13816 unix 3 [ ] STREAM CONNECTED 18433 /run/systemd/journal/stdout unix 3 [ ] STREAM CONNECTED 16321 /var/run/dbus/system_bus_socket unix 3 [ ] STREAM CONNECTED 19886 unix 3 [ ] STREAM CONNECTED 16161 /var/run/dbus/system_bus_socket unix 3 [ ] STREAM CONNECTED 16378 unix 3 [ ] STREAM CONNECTED 19888 unix 3 [ ] STREAM CONNECTED 15612 unix 3 [ ] STREAM CONNECTED 18432 unix 3 [ ] STREAM CONNECTED 19889 unix 2 [ ] DGRAM 16204 unix 3 [ ] STREAM CONNECTED 15731 unix 3 [ ] STREAM CONNECTED 19834 unix 3 [ ] STREAM CONNECTED 19891 unix 3 [ ] STREAM CONNECTED 19841 unix 3 [ ] STREAM CONNECTED 19836 unix 2 [ ] DGRAM 79889 unix 3 [ ] STREAM CONNECTED 19892 unix 2 [ ] DGRAM 16133 unix 3 [ ] STREAM CONNECTED 15152 unix 3 [ ] STREAM CONNECTED 16128 unix 3 [ ] STREAM CONNECTED 19894 unix 3 [ ] STREAM CONNECTED 19895 unix 3 [ ] STREAM CONNECTED 15153 unix 3 [ ] STREAM CONNECTED 19897 unix 3 [ ] STREAM CONNECTED 19898 unix 3 [ ] DGRAM 13817 unix 2 [ ] DGRAM 13797 unix 2 [ ] DGRAM 15143 [zyiz@localhost ~]$
实例10:显示关于以太网的统计数据
命令:
netstat -e
输出:
[zyiz@localhost ~]$ netstat -e Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State User Inode tcp 0 52 localhost.localdoma:ssh 192.168.0.5:54835 ESTABLISHED root 80161 Active UNIX domain sockets (w/o servers) Proto RefCnt Flags Type State I-Node Path unix 2 [ ] DGRAM 13100 /run/systemd/shutdownd unix 2 [ ] DGRAM 8385 /run/systemd/notify unix 2 [ ] DGRAM 8387 /run/systemd/cgroups-agent unix 5 [ ] DGRAM 8398 /run/systemd/journal/socket unix 13 [ ] DGRAM 8400 /dev/log unix 3 [ ] STREAM CONNECTED 19870 unix 3 [ ] STREAM CONNECTED 19850 unix 3 [ ] STREAM CONNECTED 19871 unix 3 [ ] STREAM CONNECTED 19830 unix 3 [ ] STREAM CONNECTED 16422 unix 3 [ ] STREAM CONNECTED 19852 unix 3 [ ] STREAM CONNECTED 16423 /var/run/dbus/system_bus_socket unix 3 [ ] STREAM CONNECTED 19873 unix 3 [ ] STREAM CONNECTED 19874 unix 3 [ ] STREAM CONNECTED 15501 unix 3 [ ] STREAM CONNECTED 19847 unix 3 [ ] STREAM CONNECTED 19821 unix 3 [ ] STREAM CONNECTED 19849 unix 3 [ ] STREAM CONNECTED 19844 unix 3 [ ] STREAM CONNECTED 19820 unix 3 [ ] STREAM CONNECTED 19876 unix 3 [ ] STREAM CONNECTED 19833 unix 3 [ ] STREAM CONNECTED 19877 unix 2 [ ] DGRAM 16501 unix 3 [ ] STREAM CONNECTED 16576 unix 3 [ ] STREAM CONNECTED 19879 unix 3 [ ] STREAM CONNECTED 19829 unix 2 [ ] DGRAM 80277 unix 3 [ ] STREAM CONNECTED 19880 unix 3 [ ] STREAM CONNECTED 15803 /run/systemd/journal/stdout unix 3 [ ] STREAM CONNECTED 19882 unix 3 [ ] STREAM CONNECTED 19263 unix 3 [ ] STREAM CONNECTED 19883 unix 3 [ ] STREAM CONNECTED 19853 unix 2 [ ] DGRAM 16412 unix 3 [ ] STREAM CONNECTED 19855 unix 3 [ ] STREAM CONNECTED 15802 unix 3 [ ] STREAM CONNECTED 19856 unix 3 [ ] STREAM CONNECTED 15502 /run/systemd/journal/stdout unix 3 [ ] STREAM CONNECTED 80280 unix 3 [ ] STREAM CONNECTED 19858 unix 3 [ ] STREAM CONNECTED 19859 unix 3 [ ] STREAM CONNECTED 80281 unix 3 [ ] STREAM CONNECTED 19861 unix 3 [ ] STREAM CONNECTED 19843 unix 3 [ ] STREAM CONNECTED 19862 unix 3 [ ] STREAM CONNECTED 15457 unix 3 [ ] STREAM CONNECTED 19864 unix 3 [ ] STREAM CONNECTED 15613 /var/run/dbus/system_bus_socket unix 3 [ ] STREAM CONNECTED 19865 unix 3 [ ] STREAM CONNECTED 19846 unix 2 [ ] DGRAM 80112 unix 3 [ ] STREAM CONNECTED 19867 unix 3 [ ] STREAM CONNECTED 16577 /var/run/dbus/system_bus_socket unix 3 [ ] STREAM CONNECTED 19868 unix 2 [ ] DGRAM 15509 unix 3 [ ] STREAM CONNECTED 19264 /var/run/dbus/system_bus_socket unix 3 [ ] STREAM CONNECTED 16129 /var/run/dbus/system_bus_socket unix 3 [ ] STREAM CONNECTED 13393 unix 3 [ ] STREAM CONNECTED 19837 unix 2 [ ] DGRAM 13285 unix 3 [ ] STREAM CONNECTED 13530 /run/systemd/journal/stdout unix 2 [ ] DGRAM 19784 unix 3 [ ] STREAM CONNECTED 16379 /run/systemd/journal/stdout unix 3 [ ] STREAM CONNECTED 16160 unix 3 [ ] STREAM CONNECTED 13796 /run/systemd/journal/stdout unix 3 [ ] STREAM CONNECTED 15732 /run/systemd/journal/stdout unix 3 [ ] STREAM CONNECTED 15611 unix 3 [ ] STREAM CONNECTED 13777 unix 2 [ ] DGRAM 20011 unix 3 [ ] STREAM CONNECTED 16106 /run/systemd/journal/stdout unix 3 [ ] STREAM CONNECTED 19840 unix 2 [ ] DGRAM 16231 unix 3 [ ] STREAM CONNECTED 16105 unix 3 [ ] STREAM CONNECTED 16320 unix 3 [ ] STREAM CONNECTED 19885 unix 3 [ ] DGRAM 13816 unix 3 [ ] STREAM CONNECTED 18433 /run/systemd/journal/stdout unix 3 [ ] STREAM CONNECTED 16321 /var/run/dbus/system_bus_socket unix 3 [ ] STREAM CONNECTED 19886 unix 3 [ ] STREAM CONNECTED 16161 /var/run/dbus/system_bus_socket unix 3 [ ] STREAM CONNECTED 16378 unix 3 [ ] STREAM CONNECTED 19888 unix 3 [ ] STREAM CONNECTED 15612 unix 3 [ ] STREAM CONNECTED 18432 unix 3 [ ] STREAM CONNECTED 19889 unix 2 [ ] DGRAM 16204 unix 3 [ ] STREAM CONNECTED 15731 unix 3 [ ] STREAM CONNECTED 19834 unix 3 [ ] STREAM CONNECTED 19891 unix 3 [ ] STREAM CONNECTED 19841 unix 3 [ ] STREAM CONNECTED 19836 unix 2 [ ] DGRAM 79889 unix 3 [ ] STREAM CONNECTED 19892 unix 2 [ ] DGRAM 16133 unix 3 [ ] STREAM CONNECTED 15152 unix 3 [ ] STREAM CONNECTED 16128 unix 3 [ ] STREAM CONNECTED 19894 unix 3 [ ] STREAM CONNECTED 19895 unix 3 [ ] STREAM CONNECTED 15153 unix 3 [ ] STREAM CONNECTED 19897 unix 3 [ ] STREAM CONNECTED 19898 unix 3 [ ] DGRAM 13817 unix 2 [ ] DGRAM 13797 unix 2 [ ] DGRAM 15143 [zyiz@localhost ~]$
说明:
用于显示关于以太网的统计数据。它列出的项目包括传送的数据报的总字节数、错误数、删除数、数据报的数量和广播的数量。这些统计数据既有发送的数据报数量,也有接收的数据报数量。这个选项可以用来统计一些基本的网络流量)
实例11:显示关于路由表的信息
命令:
netstat -r
输出:
[zyiz@localhost ~]$ netstat -r Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface default gateway 0.0.0.0 UG 0 0 0 ens33 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 ens33 [zyiz@localhost ~]$
实例12:列出所有 tcp 端口
命令:
netstat -at
输出:
[zyiz@localhost ~]$ netstat -at Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN tcp 0 0 localhost:smtp 0.0.0.0:* LISTEN tcp 0 52 localhost.localdoma:ssh 192.168.0.5:54835 ESTABLISHED tcp6 0 0 [::]:ssh [::]:* LISTEN tcp6 0 0 localhost:smtp [::]:* LISTEN [zyiz@localhost ~]$
实例13:统计机器中网络连接各个状态个数
命令:
netstat -a | awk '/^tcp/ {++S[$NF]} END {for(a in S) print a, S[a]}'
输出:
[zyiz@localhost ~]$ netstat -a | awk '/^tcp/ {++S[$NF]} END {for(a in S) print a, S[a]}'
LISTEN 4
ESTABLISHED 1
[zyiz@localhost ~]$
实例14:把状态全都取出来后使用uniq -c统计后再进行排序
命令:
netstat -nat |awk '{print $6}'|sort|uniq -c
输出:
实例15:查看连接某服务端口最多的的IP地址
命令:
netstat -nat | grep "192.168.120.20:16067" |awk '{print $5}'|awk -F: '{print $4}'|sort|uniq -c|sort -nr|head -20
输出:
[zyiz@localhost ~]$ netstat -nat |awk '{print $6}'|sort|uniq -c
established)
ESTABLISHED
Foreign
LISTEN
[zyiz@localhost ~]$
实例16:找出程序运行的端口
命令:
netstat -ap | grep ssh
输出:
[zyiz@localhost ~]$ netstat -ap | grep ssh (No info could be read for "-p": geteuid()=1000 but you should be root.) tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN - tcp 0 52 localhost.localdoma:ssh 192.168.0.5:54835 ESTABLISHED - tcp6 0 0 [::]:ssh [::]:* LISTEN - [zyiz@localhost ~]$
实例17:在 netstat 输出中显示 PID 和进程名称
命令:
netstat -pt
输出:
[zyiz@localhost ~]$ netstat -pt (No info could be read for "-p": geteuid()=1000 but you should be root.) Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 52 localhost.localdoma:ssh 192.168.0.5:54835 ESTABLISHED - [zyiz@localhost ~]$
说明:netstat -p可以与其它开关一起使用,就可以添加 “PID/进程名称” 到 netstat 输出中,这样 debugging 的时候可以很方便的发现特定端口运行的程序。
实例18:找出运行在指定端口的进程
命令:
netstat -anpt | grep ':16160'
输出:
[root@localhost zyiz]# netstat -anpt | grep ':16160' [root@localhost zyiz]# netstat -anpt | grep ':22' tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1032/sshd tcp 0 52 192.168.0.197:22 192.168.0.5:54835 ESTABLISHED 4039/sshd: zyiz [ tcp6 0 0 :::22 :::* LISTEN 1032/sshd [root@localhost zyiz]#
说明:
运行在端口22的进程id为1032,再通过ps命令就可以找到具体的应用程序了。
目录
文件目录操作命令
文件打包上传和下载
