本文最初發(fā)表于我的個(gè)人站點(diǎn)
1. netstat (show network status) 顯示網(wǎng)絡(luò)狀態(tài)
使用: netstat [OPTION]
netstat
不帶任何參數(shù)的情況下,默認(rèn)輸出如下
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 10.135.140.109:http ec2-52-221-254-177.ap:15672 SYN_RECV
tcp 0 40 10.135.140.109:opsec-uaa 171.212.208.223:51167 ESTABLISHED
tcp 0 0 10.135.140.109:43963 101.226.68.166:nsesrvr ESTABLISHED
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags Type State I-Node Path
unix 6 [ ] DGRAM 60962 /dev/log
unix 2 [ ] DGRAM 49689 @/org/kernel/udev/udevd
unix 2 [ ] DGRAM 18148696
unix 2 [ ] DGRAM 18143862
unix 3 [ ] STREAM CONNECTED 17474862 /usr/local/sa/agent/secubase/secu-tcs-agent-v5.unix
Active Internet connections (w/o servers)
正如字面的意思就是:正在活躍的英特網(wǎng)網(wǎng)絡(luò)連接。也就是當(dāng)前所有連接到本機(jī)器的所有連接狀態(tài) 。
| Proto | Recv-Q | Send-Q | Local Address | Foreign Address | State |
|---|---|---|---|---|---|
| 協(xié)議類型 | 接收隊(duì)列 | 發(fā)送隊(duì)列 | 本地地址 | 外部地址 | 狀態(tài) |
協(xié)議類型: 這里會(huì)出現(xiàn) UDP、TCP、SCTP、ICMP 和 IP 協(xié)議 , 最常見的應(yīng)該就是TCP和UDP
接收隊(duì)列: 一般都是0,表示沒有堆積的數(shù)據(jù)包
發(fā)送隊(duì)列: 一般都是0,表示沒有堆積的數(shù)據(jù)包
本地地址: 一般是在內(nèi)網(wǎng)的地址,也有可能看到localhost或者127.0.0.1
-
外部地址: 與外部建立連接的外部ip以及端口。
這里可以看到171.212.208.223這個(gè)地址的用戶通過端口51167,與服務(wù)器的 http(80端口),opsec-uaa建立了連接
狀態(tài)
CLOSED -- 初始(無連接)狀態(tài)。
LISTEN -- 偵聽狀態(tài),等待遠(yuǎn)程機(jī)器的連接請(qǐng)求。
SYN_SEND -- 在TCP三次握手期間,主動(dòng)連接端發(fā)送了SYN包后,進(jìn)入SYN_SEND狀態(tài),等待對(duì)方的ACK包。
SYN_RECV -- 在TCP三次握手期間,主動(dòng)連接端收到SYN包后,進(jìn)入SYN_RECV狀態(tài)。
ESTABLISHED -- 完成TCP三次握手后,主動(dòng)連接端進(jìn)入。
ESTABLISHED -- 狀態(tài)。此時(shí),TCP連接已經(jīng)建立,可以進(jìn)行通信。
FIN_WAIT_1 -- 在TCP四次揮手時(shí),主動(dòng)關(guān)閉端發(fā)送FIN包后,進(jìn)入FIN_WAIT_1狀態(tài)。
FIN_WAIT_2 -- 在TCP四次揮手時(shí),主動(dòng)關(guān)閉端收到ACK包后,進(jìn)入FIN_WAIT_2狀態(tài)。
TIME_WAIT -- 在TCP四次揮手時(shí),主動(dòng)關(guān)閉端發(fā)送了ACK包之后,進(jìn)入TIME_WAIT狀態(tài),等待最多MSL時(shí)間,讓被動(dòng)關(guān)閉端收到ACK包。
CLOSING -- 在TCP四次揮手期間,主動(dòng)關(guān)閉端發(fā)送了FIN包后,沒有收到對(duì)應(yīng)的ACK包,卻收到對(duì)方的FIN包,此時(shí),進(jìn)入CLOSING狀態(tài)。
CLOSE_WAIT -- 在TCP四次揮手期間,被動(dòng)關(guān)閉端收到FIN包后,進(jìn)入CLOSE_WAIT狀態(tài)。
LAST_ACK -- 在TCP四次揮手時(shí),被動(dòng)關(guān)閉端發(fā)送FIN包后,進(jìn)入LAST_ACK狀態(tài),等待對(duì)方的ACK包。
Active UNIX domain sockets (w/o servers)
Unix系統(tǒng)上的一個(gè)IPC機(jī)制(InterProcess Communication -進(jìn)程間通信),這里可以簡(jiǎn)單理解為進(jìn)程間通信需要的數(shù)據(jù)管道,由于不用經(jīng)過網(wǎng)絡(luò),所以程序之間通過這個(gè)數(shù)據(jù)管道交互時(shí),不需要打包拆包、計(jì)算校驗(yàn)和、維護(hù)序號(hào)和應(yīng)答等,關(guān)于IPC機(jī)制的簡(jiǎn)介,可以看這篇博客:《IPC 機(jī)制簡(jiǎn)介》,如果了解一點(diǎn)C的話,還可以看看這篇 《Linux下的IPC-UNIX Domain Socket》
| Proto | RefCnt | Flags | Type | State | I-Node | Path
| --- | --- | --- | --- | --- | ---
| 協(xié)議類型| 引用次數(shù) | TODO |數(shù)據(jù)傳輸類型 | 連接的狀態(tài) | Linux中的文件標(biāo)識(shí)號(hào) | 使用的路徑
協(xié)議類型: 這里可以看見只有unix,表示這是一個(gè)unix socket
引用次數(shù): 被程序引用的次數(shù),不同的程序或者同一個(gè)程序中可以使用同一個(gè)管道來交換數(shù)據(jù)。
Flags : 未查到,TODO
-
數(shù)據(jù)傳輸類型:
byte streams 字節(jié)流
datagram 數(shù)據(jù)包 連接的狀態(tài): 與上面網(wǎng)絡(luò)Socket的狀態(tài)相同
Linux中的文件標(biāo)識(shí)號(hào): Linux的Inode,可以看這篇博客了解 《Linux的inode的理解》
使用的路徑: 顧名思義,就是這個(gè)管道使用的文件路徑
netstat -a (all) 顯示所有網(wǎng)絡(luò)連接狀態(tài)
[root@VM_140_109_centos ~]# netstat -a | more
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:http *:* LISTEN
tcp 0 0 *:opsec-uaa *:* LISTEN
tcp 0 0 localhost:smtp *:* LISTEN
tcp 0 0 *:terabase *:* LISTEN
tcp 0 0 10.135.140.109:http li1598-70.members.lin:39184 TIME_WAIT
tcp 0 0 10.135.140.109:43963 101.226.68.166:nsesrvr ESTABLISHED
tcp 0 40 10.135.140.109:opsec-uaa 251.78.70.125.broad.cd.:bcs ESTABLISHED
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 60862 public/showq
unix 2 [ ACC ] STREAM LISTENING 60866 private/error
unix 2 [ ACC ] STREAM LISTENING 60870 private/retry
netstat -n 以數(shù)字形式代替符號(hào)形式的地址
[root@VM_140_109_centos ~]# netstat -n | more
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 10.135.140.109:43963 101.226.68.166:9988 ESTABLISHED
tcp 0 40 10.135.140.109:19191 125.70.78.251:4677 ESTABLISHED
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags Type State I-Node Path
unix 6 [ ] DGRAM 60962 /dev/log
unix 2 [ ] DGRAM 49689 @/org/kernel/udev/udevd
unix 2 [ ] DGRAM 18426269
[root@VM_140_109_centos ~]# netstat -na | more
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:19191 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:4000 0.0.0.0:* LISTEN
tcp 0 0 10.135.140.109:43963 101.226.68.166:9988 ESTABLISHED
tcp 0 40 10.135.140.109:19191 125.70.78.251:4677 ESTABLISHED
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 60862 public/showq
unix 2 [ ACC ] STREAM LISTENING 60866 private/error
unix 2 [ ACC ] STREAM LISTENING 60870 private/retry
unix 2 [ ACC ] STREAM LISTENING 60874 private/discard
unix 2 [ ACC ] STREAM LISTENING 60878 private/local
unix 2 [ ACC ] STREAM LISTENING 60882 private/virtual
netstat -p 程序的名字打印出來
[root@VM_140_109_centos ~]# netstat -p | more
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 10.135.140.109:41434 10.190.93.159:nsesrvr ESTABLISHED 4919/secu-tcs-agent
tcp 0 40 10.135.140.109:opsec-uaa 182.148.57.124:27584 ESTABLISHED 10865/sshd
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags Type State I-Node PID/Program name Path
unix 6 [ ] DGRAM 60962 4674/rsyslogd /dev/log
unix 2 [ ] DGRAM 49689 3680/udevd @/org/kernel/udev/udevd
unix 2 [ ] DGRAM 23386059 10865/sshd
unix 2 [ ] DGRAM 23382189 10037/pickup
unix 3 [ ] STREAM CONNECTED 20534979 4919/secu-tcs-agent /usr/local/sa/agent/secubase/secu-tcs-agent-v5.unix
unix 3 [ ] STREAM CONNECTED 20534978 1930/sap1005
unix 3 [ ] STREAM CONNECTED 20534977 4919/secu-tcs-agent /usr/local/sa/agent/secubase/secu-tcs-agent.unix
unix 3 [ ] STREAM CONNECTED 20534976 1930/sap1005
unix 3 [ ] STREAM CONNECTED 20489154 4919/secu-tcs-agent /usr/local/sa/agent/secubase/secu-tcs-agent.unix
unix 3 [ ] STREAM CONNECTED 20489153 24376/sap1004
unix 3 [ ] STREAM CONNECTED 17474862 4919/secu-tcs-agent /usr/local/sa/agent/secubase/secu-tcs-agent-v5.unix
unix 3 [ ] STREAM CONNECTED 17474861 30420/sap1009
netstat -l 只列出 Listening 狀態(tài)的網(wǎng)絡(luò)連接
[root@VM_140_109_centos ~]# netstat -l | more
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:http *:* LISTEN
tcp 0 0 *:opsec-uaa *:* LISTEN
tcp 0 0 localhost:smtp *:* LISTEN
tcp 0 0 *:terabase *:* LISTEN
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 60862 public/showq
unix 2 [ ACC ] STREAM LISTENING 60866 private/error
unix 2 [ ACC ] STREAM LISTENING 60870 private/retry
unix 2 [ ACC ] STREAM LISTENING 60874 private/discard
unix 2 [ ACC ] STREAM LISTENING 60878 private/local
unix 2 [ ACC ] STREAM LISTENING 60882 private/virtual
unix 2 [ ACC ] STREAM LISTENING 60886 private/lmtp
unix 2 [ ACC ] STREAM LISTENING 60890 private/anvil
unix 2 [ ACC ] STREAM LISTENING 60894 private/scache
netstat [--tcp|-t] 只列出tcp端口 [--udp|-u] 只列出udp端口
- TCP
[root@VM_140_109_centos ~]# netstat -t
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 10.135.140.109:41434 10.190.93.159:nsesrvr ESTABLISHED
tcp 0 40 10.135.140.109:opsec-uaa 182.148.57.124:27584 ESTABLISHED
- UDP
[root@VM_140_109_centos ~]# netstat -u
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
可以看到這里沒有udp的連接
netstat -s 顯示每個(gè)協(xié)議的統(tǒng)計(jì)信息
[root@VM_140_109_centos ~]# netstat -s
Ip:
14150245 total packets received
2 with invalid addresses
0 forwarded
8 with unknown protocol
0 incoming packets discarded
11105122 incoming packets delivered
11088052 requests sent out
12 reassemblies required
5 packets reassembled ok
Icmp:
2012695 ICMP messages received
3621 input ICMP message failed.
ICMP input histogram:
destination unreachable: 4071
timeout in transit: 135
redirects: 6
echo requests: 2008442
echo replies: 39
timestamp request: 2
2212368 ICMP messages sent
0 ICMP messages failed
ICMP output histogram:
destination unreachable: 203924
echo replies: 2008442
timestamp replies: 2
IcmpMsg:
InType0: 39
InType3: 4071
InType5: 6
InType8: 2008442
InType11: 135
InType13: 2
OutType0: 2008442
OutType3: 203924
OutType14: 2
Tcp:
1852 active connections openings
20442 passive connection openings
5494 failed connection attempts
661 connection resets received
2 connections established
8820870 segments received
8805804 segments send out
15430 segments retransmited
63 bad segments received.
7878728 resets sent
Udp:
44596 packets received
226787 packets to unknown port received.
45 packet receive errors
54450 packets sent
UdpLite:
TcpExt:
359 invalid SYN cookies received
5486 resets received for embryonic SYN_RECV sockets
89 ICMP packets dropped because they were out-of-window
6570 TCP sockets finished time wait in fast timer
12 packets rejects in established connections because of timestamp
24366 delayed acks sent
29 delayed acks further delayed because of locked socket
Quick ack mode was activated 1867 times
590 packets directly queued to recvmsg prequeue.
14240 packets directly received from backlog
372729 packets directly received from prequeue
521641 packets header predicted
208 packets header predicted and directly queued to user
118812 acknowledgments not containing data received
255005 predicted acknowledgments
846 times recovered from packet loss due to SACK data
Detected reordering 2 times using FACK
Detected reordering 1 times using SACK
Detected reordering 22 times using time stamp
28 congestion windows fully recovered
86 congestion windows partially recovered using Hoe heuristic
TCPDSACKUndo: 37
253 congestion windows recovered after partial ack
2913 TCP data loss events
TCPLostRetransmit: 685
2 timeouts after reno fast retransmit
163 timeouts after SACK recovery
537 timeouts in loss state
4780 fast retransmits
460 forward retransmits
6083 retransmits in slow start
1742 other TCP timeouts
298 sack retransmits failed
1690 DSACKs sent for old packets
455 DSACKs received
2 DSACKs for out of order packets received
13 connections reset due to unexpected data
36 connections reset due to early user close
134 connections aborted due to timeout
TCPDSACKIgnoredOld: 1
TCPDSACKIgnoredNoUndo: 152
TCPSpuriousRTOs: 8
TCPSackShifted: 450
TCPSackMerged: 4580
TCPSackShiftFallback: 3187
TCPChallengeACK: 62
TCPSYNChallenge: 10
IpExt:
InMcastPkts: 3
InOctets: 1246493421
OutOctets: 759134784
InMcastOctets: 108
2. netstat 常用組合命令
2.1 找出指定程序正在使用的網(wǎng)絡(luò)端口
netstat -anp | grep ssh (找到ssh使用的網(wǎng)路端口)
非root的賬戶,提示如下,需要root權(quán)限
wzy@wzt-dev2-PC:~$ netstat -anp | grep ssh
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
切換root之后
root@wzt-dev2-PC:/home/wzy# netstat -anp | grep ssh
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 861/sshd
tcp 0 26556 192.168.0.187:22 192.168.0.174:59863 ESTABLISHED 10766/sshd: wzy [pr
tcp 0 0 192.168.0.187:22 192.168.0.115:57336 ESTABLISHED 12838/sshd: wzy [pr
tcp6 0 0 :::22 :::* LISTEN 861/sshd
unix 2 [ ] DGRAM 1137722 10766/sshd: wzy [pr
unix 3 [ ] STREAM CONNECTED 16016 861/sshd
unix 3 [ ] STREAM CONNECTED 1162258 12838/sshd: wzy [pr
unix 2 [ ] DGRAM 1162250 12838/sshd: wzy [pr
unix 3 [ ] STREAM CONNECTED 1137737 10766/sshd: wzy [pr
netstat -anp | grep mysqld (找到mysqld使用的網(wǎng)路端口)
root@wzt-dev2-PC:/home/wzy# netstat -anp | grep mysqld
tcp6 0 0 :::3306 :::* LISTEN 2311/mysqld
tcp6 0 0 192.168.0.187:3306 192.168.0.187:25408 ESTABLISHED 2311/mysqld
tcp6 0 0 192.168.0.187:3306 192.168.0.187:25406 ESTABLISHED 2311/mysqld
tcp6 0 0 192.168.0.187:3306 192.168.0.187:26278 ESTABLISHED 2311/mysqld
tcp6 0 0 192.168.0.187:3306 192.168.0.187:25554 ESTABLISHED 2311/mysqld
tcp6 0 0 192.168.0.187:3306 192.168.0.187:25832 ESTABLISHED 2311/mysqld
tcp6 0 0 192.168.0.187:3306 192.168.0.187:21390 ESTABLISHED 2311/mysqld
tcp6 0 0 192.168.0.187:3306 192.168.0.187:26336 ESTABLISHED 2311/mysqld
tcp6 0 0 192.168.0.187:3306 192.168.0.187:25864 ESTABLISHED 2311/mysqld
tcp6 0 0 192.168.0.187:3306 192.168.0.187:22198 ESTABLISHED 2311/mysqld
tcp6 0 0 192.168.0.187:3306 192.168.0.187:26342 ESTABLISHED 2311/mysqld
tcp6 0 0 192.168.0.187:3306 192.168.0.187:21350 ESTABLISHED 2311/mysqld
tcp6 0 0 192.168.0.187:3306 192.168.0.187:25958 ESTABLISHED 2311/mysqld
tcp6 0 0 192.168.0.187:3306 192.168.0.187:26024 ESTABLISHED 2311/mysqld
tcp6 0 0 192.168.0.187:3306 192.168.0.187:19907 ESTABLISHED 2311/mysqld
tcp6 0 0 192.168.0.187:3306 192.168.0.174:59848 ESTABLISHED 2311/mysqld
tcp6 0 0 192.168.0.187:3306 192.168.0.187:26280 ESTABLISHED 2311/mysqld
tcp6 0 0 192.168.0.187:3306 192.168.0.187:21352 ESTABLISHED 2311/mysqld
tcp6 0 0 192.168.0.187:3306 192.168.0.187:20518 ESTABLISHED 2311/mysqld
tcp6 0 0 192.168.0.187:3306 192.168.0.187:19904 ESTABLISHED 2311/mysqld
tcp6 0 0 192.168.0.187:3306 192.168.0.174:59847 ESTABLISHED 2311/mysqld
tcp6 0 0 192.168.0.187:3306 192.168.0.187:19906 ESTABLISHED 2311/mysqld
unix 2 [ ACC ] STREAM LISTENING 23752 2311/mysqld /tmp/mysql.sock
2.1 找出指定端口的網(wǎng)絡(luò)狀態(tài),打印出使用程序
netstat -anpl | grep :8088 (找到使用8088端口的程序)
root@wzt-dev2-PC:/home/wzy# netstat -anpl | grep :8088
tcp 0 0 0.0.0.0:8088 0.0.0.0:* LISTEN 928/nginx.conf
這里可以看到nginx正在監(jiān)聽8088端口
