Netstat 命令用于显示各种网络相关信息,如网络连接,路由表,接口状态 (Interface Statistics),masquerade 连接,多播成员 (Multicast Memberships) 等等。
输出信息含义
执行netstat后,其输出结果为
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 | Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 192.168.107.2:nfs 192.168.107.22:905 ESTABLISHED tcp 0 0 192.168.107.2:ssh 192.168.107.4:57198 ESTABLISHED tcp 0 0 192.168.107.2:nfs 192.168.107.:ideafarm-panic ESTABLISHED tcp 0 0 192.168.107.2:nfs 192.168.199.122:telnets ESTABLISHED tcp 0 0 192.168.107.2:nfs 192.168.199.130:ieee-mms ESTABLISHED tcp 0 0 ::ffff:192.168.107:webcache ::ffff:192.168.99.111:42363 TIME_WAIT tcp 0 0 ::ffff:192.168.107:webcache ::ffff:192.168.107.71:50750 TIME_WAIT tcp 0 0 ::ffff:192.168.107:webcache ::ffff:192.168.107.72:35527 TIME_WAIT Active UNIX domain sockets (w/o servers) Proto RefCnt Flags Type State I-Node Path unix 2 [ ] DGRAM 8842 @/org/kernel/udev/udevd unix 11 [ ] DGRAM 10983 /dev/log unix 2 [ ] DGRAM 11883616 unix 2 [ ] DGRAM 11875965 unix 2 [ ] DGRAM 5714722 unix 2 [ ] DGRAM 2893142 unix 2 [ ] DGRAM 12892 unix 2 [ ] DGRAM 12805 unix 3 [ ] STREAM CONNECTED 12777 unix 3 [ ] STREAM CONNECTED 12776 unix 3 [ ] STREAM CONNECTED 12773 unix 3 [ ] STREAM CONNECTED 12772 unix 3 [ ] STREAM CONNECTED 12769 unix 3 [ ] STREAM CONNECTED 12768 unix 3 [ ] STREAM CONNECTED 12765 unix 3 [ ] STREAM CONNECTED 12764 unix 3 [ ] STREAM CONNECTED 12761 |
从整体上看,netstat的输出结果可以分为两个部分:
一个是Active Internet connections,称为有源TCP连接,其中”Recv-Q”和”Send-Q”指%0A的是接收队列和发送队列。这些数字一般都应该是0。如果不是则表示软件包正在队列中堆积。这种情况只能在非常少的情况见到。
另一个是Active UNIX domain sockets,称为有源Unix域套接口(和网络套接字一样,但是只能用于本机通信,性能可以提高一倍)。
Proto显示连接使用的协议,RefCnt表示连接到本套接口上的进程号,Types显示套接口的类型,State显示套接口当前的状态,Path表示连接到套接口的其它进程使用的路径名。
Proto显示连接使用的协议,RefCnt表示连接到本套接口上的进程号,Types显示套接口的类型,State显示套接口当前的状态,Path表示连接到套接口的其它进程使用的路径名。
常见参数
-a (all)显示所有选项,默认不显示LISTEN相关
-t (tcp)仅显示tcp相关选项
-u (udp)仅显示udp相关选项
-n 拒绝显示别名,能显示数字的全部转化成数字。
-l 仅列出有在 Listen (监听) 的服務状态-p 显示建立相关链接的程序名
-r 显示路由信息,路由表
-e 显示扩展信息,例如uid等
-s 按各个协议进行统计
-c 每隔一个固定时间,执行该netstat命令。
提示:LISTEN和LISTENING的状态只有用-a或者-l才能看到。
实用命令实例
1. 列出所有端口 (包括监听和未监听的)
列出所有端口 netstat -a
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 | Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 *:sunrpc *:* LISTEN tcp 0 0 *:ssh *:* LISTEN tcp 0 0 Machine_Control:smtp *:* LISTEN tcp 0 0 192.168.107.2:nfs 192.168.107.22:905 ESTABLISHED tcp 0 0 192.168.107.2:ssh 192.168.107.4:57198 ESTABLISHED tcp 0 0 192.168.107.2:nfs 192.168.107.:ideafarm-panic ESTABLISHED tcp 0 0 192.168.107.2:nfs 192.168.199.122:telnets ESTABLISHED tcp 0 0 192.168.107.2:nfs 192.168.199.130:ieee-mms ESTABLISHED tcp 0 0 *:55308 *:* LISTEN tcp 0 0 *:sunrpc *:* LISTEN tcp 0 0 *:webcache *:* LISTEN tcp 0 0 *:57855 *:* LISTEN tcp 0 0 *:nfs *:* LISTEN tcp 0 0 *:13289 *:* LISTEN tcp 0 0 *:47914 *:* LISTEN tcp 0 0 ::ffff:192.168.107:webcache ::ffff:192.168.107.72:35617 TIME_WAIT tcp 0 0 ::ffff:192.168.107:webcache ::ffff:192.168.99.112:55684 TIME_WAIT udp 0 0 *:nfs *:* udp 0 0 *:46340 *:* udp 0 0 *:37258 *:* udp 0 0 *:38173 *:* Active UNIX domain sockets (servers and established) Proto RefCnt Flags Type State I-Node Path unix 2 [ ACC ] STREAM LISTENING 8415 @/com/ubuntu/upstart unix 2 [ ACC ] STREAM LISTENING 10915 /var/run/vmware/guestServicePipe unix 2 [ ACC ] STREAM LISTENING 12691 public/cleanup unix 2 [ ACC ] STREAM LISTENING 12698 private/tlsmgr unix 2 [ ACC ] STREAM LISTENING 12702 private/rewrite unix 2 [ ACC ] STREAM LISTENING 12706 private/bounce unix 2 [ ACC ] STREAM LISTENING 12710 private/defer unix 2 [ ACC ] STREAM LISTENING 12714 private/trace unix 2 [ ACC ] STREAM LISTENING 12718 private/verify unix 2 [ ACC ] STREAM LISTENING 12722 public/flush unix 2 [ ACC ] STREAM LISTENING 12726 private/proxymap unix 2 [ ] DGRAM 8842 @/org/kernel/udev/udevd unix 2 [ ACC ] STREAM LISTENING 12730 private/proxywrite unix 2 [ ACC ] STREAM LISTENING 12734 private/smtp |
列出所有 tcp 端口 netstat -at
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 | root@Machine_Control:~#netstat -at Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 *:sunrpc *:* LISTEN tcp 0 0 *:ssh *:* LISTEN tcp 0 0 Machine_Control:smtp *:* LISTEN tcp 0 0 *:33788 *:* LISTEN tcp 0 0 *:35103 *:* LISTEN tcp 0 0 *:nfs *:* LISTEN tcp 0 0 *:46852 *:* LISTEN tcp 0 0 *:45349 *:* LISTEN tcp 0 0 *:35558 *:* LISTEN tcp 0 0 *:13289 *:* LISTEN tcp 0 0 Machine_Control:mysql *:* LISTEN tcp 0 0 192.168.107.2:nfs 192.168.107.22:905 ESTABLISHED tcp 0 0 192.168.107.2:ssh 192.168.107.4:57198 ESTABLISHED tcp 0 0 192.168.107.2:nfs 192.168.107.:ideafarm-panic ESTABLISHED tcp 0 0 192.168.107.2:nfs 192.168.199.122:telnets ESTABLISHED tcp 0 0 192.168.107.2:nfs 192.168.199.130:ieee-mms ESTABLISHED tcp 0 0 *:55308 *:* LISTEN tcp 0 0 *:sunrpc *:* LISTEN tcp 0 0 *:webcache *:* LISTEN tcp 0 0 *:http *:* LISTEN tcp 0 0 *:ssh *:* LISTEN tcp 0 0 *:36247 *:* LISTEN tcp 0 0 Machine_Control:smtp *:* LISTEN tcp 0 0 *:https *:* LISTEN tcp 0 0 *:55579 *:* LISTEN tcp 0 0 *:57855 *:* LISTEN tcp 0 0 *:nfs *:* LISTEN tcp 0 0 *:13289 *:* LISTEN tcp 0 0 *:47914 *:* LISTEN tcp 0 0 ::ffff:192.168.107:webcache ::ffff:192.168.107.72:35662 TIME_WAIT tcp 0 0 ::ffff:192.168.107:webcache ::ffff:192.168.99.111:42474 TIME_WAIT tcp 0 0 ::ffff:192.168.107:webcache ::ffff:192.168.107.71:50862 TIME_WAIT tcp 0 0 ::ffff:192.168.107:webcache ::ffff:192.168.99.112:55721 TIME_WAIT |
列出所有 udp 端口 netstat -au
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 | Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State udp 0 0 *:sunrpc *:* udp 0 0 Machine_Control:1017 *:* udp 0 0 *:nfs *:* udp 0 0 *:46340 *:* udp 0 0 *:37258 *:* udp 0 0 *:38173 *:* udp 0 0 *:35430 *:* udp 0 0 *:puparp *:* udp 0 0 *:57448 *:* udp 0 0 *:sunrpc *:* udp 0 0 *:55933 *:* udp 0 0 *:nfs *:* udp 0 0 *:41609 *:* udp 0 0 *:36149 *:* udp 0 0 *:39893 *:* udp 0 0 *:puparp *:* udp 0 0 *:39274 *:* |
2. 列出所有处于监听状态的 Sockets
只显示监听端口 netstat -l
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 | root@Machine_Control:~#netstat -l Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 *:sunrpc *:* LISTEN tcp 0 0 *:ssh *:* LISTEN tcp 0 0 Machine_Control:smtp *:* LISTEN tcp 0 0 *:33788 *:* LISTEN tcp 0 0 *:35103 *:* LISTEN tcp 0 0 *:nfs *:* LISTEN tcp 0 0 *:46852 *:* LISTEN tcp 0 0 *:45349 *:* LISTEN tcp 0 0 *:35558 *:* LISTEN tcp 0 0 *:13289 *:* LISTEN tcp 0 0 Machine_Control:mysql *:* LISTEN tcp 0 0 *:55308 *:* LISTEN tcp 0 0 *:sunrpc *:* LISTEN tcp 0 0 *:webcache *:* LISTEN tcp 0 0 *:http *:* LISTEN tcp 0 0 *:ssh *:* LISTEN tcp 0 0 *:36247 *:* LISTEN tcp 0 0 Machine_Control:smtp *:* LISTEN tcp 0 0 *:https *:* LISTEN tcp 0 0 *:55579 *:* LISTEN tcp 0 0 *:57855 *:* LISTEN tcp 0 0 *:nfs *:* LISTEN tcp 0 0 *:13289 *:* LISTEN tcp 0 0 *:47914 *:* LISTEN udp 0 0 *:sunrpc *:* udp 0 0 Machine_Control:1017 *:* udp 0 0 *:nfs *:* udp 0 0 *:46340 *:* udp 0 0 *:37258 *:* udp 0 0 *:38173 *:* udp 0 0 *:35430 *:* udp 0 0 *:puparp *:* udp 0 0 *:57448 *:* udp 0 0 *:sunrpc *:* udp 0 0 *:55933 *:* udp 0 0 *:nfs *:* udp 0 0 *:41609 *:* udp 0 0 *:36149 *:* udp 0 0 *:39893 *:* udp 0 0 *:puparp *:* udp 0 0 *:39274 *:* Active UNIX domain sockets (only servers) Proto RefCnt Flags Type State I-Node Path unix 2 [ ACC ] STREAM LISTENING 8415 @/com/ubuntu/upstart unix 2 [ ACC ] STREAM LISTENING 10915 /var/run/vmware/guestServicePipe unix 2 [ ACC ] STREAM LISTENING 12691 public/cleanup unix 2 [ ACC ] STREAM LISTENING 12698 private/tlsmgr unix 2 [ ACC ] STREAM LISTENING 12702 private/rewrite unix 2 [ ACC ] STREAM LISTENING 12706 private/bounce unix 2 [ ACC ] STREAM LISTENING 12710 private/defer unix 2 [ ACC ] STREAM LISTENING 12714 private/trace unix 2 [ ACC ] STREAM LISTENING 12718 private/verify unix 2 [ ACC ] STREAM LISTENING 12722 public/flush unix 2 [ ACC ] STREAM LISTENING 12726 private/proxymap unix 2 [ ACC ] STREAM LISTENING 12730 private/proxywrite unix 2 [ ACC ] STREAM LISTENING 12734 private/smtp unix 2 [ ACC ] STREAM LISTENING 12738 private/relay unix 2 [ ACC ] STREAM LISTENING 12742 public/showq unix 2 [ ACC ] STREAM LISTENING 12746 private/error unix 2 [ ACC ] STREAM LISTENING 12750 private/retry unix 2 [ ACC ] STREAM LISTENING 12754 private/discard unix 2 [ ACC ] STREAM LISTENING 12758 private/local unix 2 [ ACC ] STREAM LISTENING 12762 private/virtual unix 2 [ ACC ] STREAM LISTENING 12766 private/lmtp unix 2 [ ACC ] STREAM LISTENING 12770 private/anvil unix 2 [ ACC ] STREAM LISTENING 12774 private/scache unix 2 [ ACC ] STREAM LISTENING 11096 /var/run/rpcbind.sock unix 2 [ ACC ] STREAM LISTENING 12471 /var/lib/mysql/mysql.sock |
只列出所有监听 tcp 端口 netstat -lt
只列出所有监听 udp 端口 netstat -lu
只列出所有监听 UNIX 端口 netstat -lx
3. 显示每个协议的统计信息
显示所有端口的统计信息 netstat -s
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 | root@Machine_Control:~#netstat -s Ip: 46789154 total packets received 1713 with invalid addresses 0 forwarded 0 incoming packets discarded 46787441 incoming packets delivered 41610316 requests sent out Icmp: 116285 ICMP messages received 0 input ICMP message failed. ICMP input histogram: destination unreachable: 2369 timeout in transit: 57053 redirects: 19 echo requests: 56840 echo replies: 4 58102 ICMP messages sent 0 ICMP messages failed ICMP output histogram: destination unreachable: 1258 echo request: 4 echo replies: 56840 IcmpMsg: InType0: 4 InType3: 2369 InType5: 19 InType8: 56840 InType11: 57053 OutType0: 56840 OutType3: 1258 OutType8: 4 Tcp: 3514 active connections openings 410868 passive connection openings 302 failed connection attempts 772 connection resets received 5 connections established 46351002 segments received 41452976 segments send out 97923 segments retransmited 2 bad segments received. 1104 resets sent Udp: 179 packets received 1260 packets to unknown port received. 0 packet receive errors 1340 packets sent UdpLite: TcpExt: 35 invalid SYN cookies received 302 resets received for embryonic SYN_RECV sockets 3 ICMP packets dropped because they were out-of-window 229301 TCP sockets finished time wait in fast timer 65 packets rejects in established connections because of timestamp 4476 delayed acks sent 76 delayed acks further delayed because of locked socket Quick ack mode was activated 4218 times 121 packets directly queued to recvmsg prequeue. 116 packets directly received from prequeue 10920901 packets header predicted 2855707 acknowledgments not containing data received 26433489 predicted acknowledgments 39942 times recovered from packet loss due to SACK data Detected reordering 2 times using FACK Detected reordering 24 times using SACK Detected reordering 12 times using time stamp 10 congestion windows fully recovered 280 congestion windows partially recovered using Hoe heuristic TCPDSACKUndo: 52 1122 congestion windows recovered after partial ack 243359 TCP data loss events TCPLostRetransmit: 886 27 timeouts after SACK recovery 3 timeouts in loss state 86766 fast retransmits 3375 forward retransmits 1653 retransmits in slow start 3196 other TCP timeouts 64 sack retransmits failed 4299 DSACKs sent for old packets 1955 DSACKs received 1 DSACKs for out of order packets received 2 connections reset due to unexpected data 3 connections reset due to early user close 117 connections aborted due to timeout TCPDSACKIgnoredOld: 25 TCPDSACKIgnoredNoUndo: 732 TCPSpuriousRTOs: 227 TCPSackShifted: 525423 TCPSackMerged: 856527 TCPSackShiftFallback: 82553 TCPChallengeACK: 27 TCPSYNChallenge: 2 IpExt: InMcastPkts: 51 InBcastPkts: 318689 InOctets: 18543065748 OutOctets: 83521719341 InMcastOctets: 1728 InBcastOctets: 46189414 |
显示 TCP 或 UDP 端口的统计信息 netstat -st 或 –su
4. 在 netstat 输出中显示 PID 和进程名称 netstat -p
netstat -p 可以与其它开关一起使用,就可以添加 “PID/进程名称” 到 netstat 输出中,这样 debugging 的时候可以很方便的发现特定端口运行的程序。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 | root@Machine_Control:~#netstat -p Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 192.168.107.2:nfs 192.168.107.22:905 ESTABLISHED - tcp 0 0 192.168.107.2:ssh 192.168.107.4:57198 ESTABLISHED 25872/sshd tcp 0 0 192.168.107.2:nfs 192.168.107.:ideafarm-panic ESTABLISHED - tcp 0 0 192.168.107.2:nfs 192.168.199.122:telnets ESTABLISHED - tcp 0 0 192.168.107.2:nfs 192.168.199.130:ieee-mms ESTABLISHED - tcp 0 0 ::ffff:192.168.107:webcache ::ffff:192.168.107.71:51009 TIME_WAIT - tcp 0 0 ::ffff:192.168.107:webcache ::ffff:192.168.99.112:55870 TIME_WAIT - tcp 0 0 ::ffff:192.168.107:webcache ::ffff:192.168.107.72:35843 TIME_WAIT - tcp 0 0 ::ffff:192.168.107:webcache ::ffff:192.168.99.111:42622 TIME_WAIT - Active UNIX domain sockets (w/o servers) Proto RefCnt Flags Type State I-Node PID/Program name Path unix 2 [ ] DGRAM 8842 400/udevd @/org/kernel/udev/udevd unix 11 [ ] DGRAM 10983 1229/rsyslogd /dev/log unix 2 [ ] DGRAM 11883783 25891/pickup unix 2 [ ] DGRAM 11883616 25872/sshd unix 2 [ ] DGRAM 5714722 1/init unix 2 [ ] DGRAM 2893142 1213/auditd unix 2 [ ] DGRAM 12892 1651/crond unix 2 [ ] DGRAM 12805 1640/qmgr unix 3 [ ] STREAM CONNECTED 12777 1633/master unix 3 [ ] STREAM CONNECTED 12776 1633/master unix 3 [ ] STREAM CONNECTED 12773 1633/master unix 3 [ ] STREAM CONNECTED 12772 1633/master unix 3 [ ] STREAM CONNECTED 12769 1633/master unix 3 [ ] STREAM CONNECTED 12768 1633/master unix 3 [ ] STREAM CONNECTED 12765 1633/master unix 3 [ ] STREAM CONNECTED 12764 1633/master unix 3 [ ] STREAM CONNECTED 12761 1633/master unix 3 [ ] STREAM CONNECTED 12760 1633/master unix 3 [ ] STREAM CONNECTED 12757 1633/master unix 3 [ ] STREAM CONNECTED 12756 1633/master unix 3 [ ] STREAM CONNECTED 12753 1633/master unix 3 [ ] STREAM CONNECTED 12752 1633/master unix 3 [ ] STREAM CONNECTED 12749 1633/master unix 3 [ ] STREAM CONNECTED 12748 1633/master unix 3 [ ] STREAM CONNECTED 12745 1633/master unix 3 [ ] STREAM CONNECTED 12744 1633/master unix 3 [ ] STREAM CONNECTED 12741 1633/master unix 3 [ ] STREAM CONNECTED 12740 1633/master unix 3 [ ] STREAM CONNECTED 12737 1633/master unix 3 [ ] STREAM CONNECTED 12736 1633/master unix 3 [ ] STREAM CONNECTED 12733 1633/master unix 3 [ ] STREAM CONNECTED 12732 1633/master unix 3 [ ] STREAM CONNECTED 12729 1633/master unix 3 [ ] STREAM CONNECTED 12728 1633/master unix 3 [ ] STREAM CONNECTED 12725 1633/master unix 3 [ ] STREAM CONNECTED 12724 1633/master unix 3 [ ] STREAM CONNECTED 12721 1633/master unix 3 [ ] STREAM CONNECTED 12720 1633/master unix 3 [ ] STREAM CONNECTED 12717 1633/master unix 3 [ ] STREAM CONNECTED 12716 1633/master unix 3 [ ] STREAM CONNECTED 12713 1633/master unix 3 [ ] STREAM CONNECTED 12712 1633/master unix 3 [ ] STREAM CONNECTED 12709 1633/master unix 3 [ ] STREAM CONNECTED 12708 1633/master unix 3 [ ] STREAM CONNECTED 12705 1633/master unix 3 [ ] STREAM CONNECTED 12704 1633/master unix 3 [ ] STREAM CONNECTED 12701 1633/master unix 3 [ ] STREAM CONNECTED 12700 1633/master unix 3 [ ] STREAM CONNECTED 12697 1633/master unix 3 [ ] STREAM CONNECTED 12696 1633/master unix 3 [ ] STREAM CONNECTED 12694 1633/master unix 3 [ ] STREAM CONNECTED 12693 1633/master unix 3 [ ] STREAM CONNECTED 12690 1633/master unix 3 [ ] STREAM CONNECTED 12689 1633/master unix 3 [ ] STREAM CONNECTED 12687 1633/master unix 3 [ ] STREAM CONNECTED 12686 1633/master unix 2 [ ] DGRAM 12650 1633/master unix 3 [ ] STREAM CONNECTED 11731 1373/rpc.idmapd unix 3 [ ] STREAM CONNECTED 11730 1373/rpc.idmapd unix 2 [ ] DGRAM 11569 1337/rpc.mountd unix 2 [ ] DGRAM 11185 1265/rpc.statd unix 3 [ ] DGRAM 8863 400/udevd unix 3 [ ] DGRAM 8862 400/udevd |
5. 在 netstat 输出中不显示主机,端口和用户名 (host, port or user)
当你不想让主机,端口和用户名显示,使用 netstat -n。将会使用数字代替那些名称。
同样可以加速输出,因为不用进行比对查询。
# netstat -an
如果只是不想让这三个名称中的一个被显示,使用以下命令
# netsat -a –numeric-ports
# netsat -a –numeric-hosts
# netsat -a –numeric-users
6. 持续输出 netstat 信息
netstat 将每隔一秒输出网络信息。
# netstat -c
7. 显示系统不支持的地址族 (Address Families)
netstat –verbose
在输出的末尾,会有如下的信息
netstat: no support for `AF IPX’ on this system.
netstat: no support for `AF AX25′ on this system.
netstat: no support for `AF X25′ on this system.
netstat: no support for `AF NETROM’ on this system.
netstat: no support for `AF AX25′ on this system.
netstat: no support for `AF X25′ on this system.
netstat: no support for `AF NETROM’ on this system.
8. 显示核心路由信息 netstat -r
1 2 3 4 5 6 | root@Machine_Control:~#netstat -r Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 192.168.107.0 * 255.255.255.0 U 0 0 0 eth0 link-local * 255.255.0.0 U 0 0 0 eth0 default 192.168.107.254 0.0.0.0 UG 0 0 0 eth0 |
注意: 使用 netstat -rn 显示数字格式,不查询主机名称。
9. 找出程序运行的端口
并不是所有的进程都能找到,没有权限的会不显示,使用 root 权限查看所有的信息。
1 2 3 4 5 6 7 | root@Machine_Control:~#netstat -ap | grep ssh tcp 0 0 *:ssh *:* LISTEN 9699/sshd tcp 0 0 *:13289 *:* LISTEN 9699/sshd tcp 0 0 192.168.107.2:ssh 192.168.107.4:57198 ESTABLISHED 25872/sshd tcp 0 0 *:ssh *:* LISTEN 9699/sshd tcp 0 0 *:13289 *:* LISTEN 9699/sshd unix 2 [ ] DGRAM 11883616 25872/sshd |
找出运行在指定端口的进程
# netstat -an | grep ‘:80’
10. 显示网络接口列表 netstat -i
1 2 3 4 5 | root@Machine_Control:~#netstat -i Kernel Interface table Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg eth0 1500 0 46889863 0 0 0 39862513 0 0 0 BMRU lo 16436 0 1802268 0 0 0 1802268 0 0 0 LRU |
显示详细信息,像是 ifconfig 使用 netstat -ie
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 | root@Machine_Control:~#netstat -ie Kernel Interface table eth0 Link encap:Ethernet HWaddr 00:50:56:85:22:7D inet addr:192.168.107.2 Bcast:192.168.107.255 Mask:255.255.255.0 inet6 addr: fe80::250:56ff:fe85:227d/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:46889929 errors:0 dropped:0 overruns:0 frame:0 TX packets:39862564 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:9431721598 (8.7 GiB) TX bytes:74226107208 (69.1 GiB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:1802268 errors:0 dropped:0 overruns:0 frame:0 TX packets:1802268 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:9855453672 (9.1 GiB) TX bytes:9855453672 (9.1 GiB) |
11. IP和TCP分析
查看连接某服务端口最多的的IP地址
1 2 3 4 | root@Machine_Control:~#netstat -nat | grep ":22" |awk '{print $5}'|awk -F: '{print $1}'|sort|uniq -c|sort -nr|head -20 1 192.168.107.4 1 0.0.0.0 1 |
TCP各种状态列表
1 2 3 4 5 6 | root@Machine_Control:~#netstat -nat |awk '{print $6}'|sort|uniq -c|sort -rn 24 LISTEN 5 ESTABLISHED 4 TIME_WAIT 1 Foreign 1 established) |
root@gcv:~# netstat -tpln|grep 3128
tcp6 0 0 :::3128 :::* LISTEN 871/squid3
root@gcv:~# lsof -i:3128
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
squid3 871 proxy 9u IPv6 8882 0t0 TCP *:3128 (LISTEN)
root@gcv:~#
No comments:
Post a Comment