linux命令之netstat

netstat是linux下用于顯示網(wǎng)絡(luò)狀態(tài)的命令。通過它能統(tǒng)計(jì)端口情況,網(wǎng)絡(luò)連接狀態(tài),路由表等信息。在網(wǎng)絡(luò)開發(fā)或運(yùn)維中,經(jīng)常會(huì)使用netstat來查看網(wǎng)絡(luò)狀態(tài)。

參數(shù)含義

-a,--all

顯示所有套接字的連接狀態(tài),默認(rèn)只顯示已建立連接的套接字,加上此參數(shù)后,也會(huì)顯示Listen狀態(tài)的套接字。
默認(rèn):

[root ~]# netstat
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 iZ135ux6u63Z:42584      121.58.13.94:mysql     ESTABLISHED
tcp        0      0 iZ135ux6u63Z:6379       62.48.69.16:54744      ESTABLISHED
tcp        0      0 localhost:40940         localhost:metasys       ESTABLISHED
tcp        0      0 iZ235ux6u63Z:ssh        128.56.16.10:34353     ESTABLISHED

加-a后, State下會(huì)顯示“LISTEN”狀態(tài)的套接字

[root ~]# netstat -a
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 0.0.0.0:6379            0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:http            0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:tproxy          0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:ssh             0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:https           0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:40400           0.0.0.0:*               LISTEN     
......
tcp        0      0 iZ135ux8u13Z:42584      121.58.13.94:mysql     ESTABLISHED
tcp        0      0 iZ135ux8u13Z:6379       62.48.69.16:54744      ESTABLISHED
tcp        0      0 localhost:40940         localhost:metasys       ESTABLISHED
tcp        0      0 iZ135ux8u13Z:ssh        128.56.16.10:34353     ESTABLISHED

-n,--numeric

以數(shù)字形式顯示ip地址。默認(rèn)會(huì)顯示解析過的host,prot,或用戶名。
默認(rèn):

[root ~]# netstat
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 iZ135ux8u13Z:42584      121.58.13.94:mysql     ESTABLISHED
tcp        0      0 iZ135ux8u13Z:6379       62.48.69.16:54744      ESTABLISHED
tcp        0      0 localhost:40940         localhost:metasys       ESTABLISHED
tcp        0      0 iZ135ux8u13Z:ssh        128.56.16.10:34353     ESTABLISHED

加-n后,mysql,ssh,localhost等都以ip或者端口形式顯示

[root ~]# netstat -n
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 123.40.125.228:42584      121.58.13.94:3306     ESTABLISHED
tcp        0      0 123.40.125.228:6379       62.48.69.16:54744      ESTABLISHED
tcp        0      0 127.0.0.1:40940         127.0.0.1:11001         ESTABLISHED
tcp        0      0 123.40.125.228:ssh        128.56.16.10:34353     ESTABLISHED

-l,--listening

只顯示LISTEN狀態(tài)的套接字

[root ~]# netstat -l
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 0.0.0.0:6379            0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:http            0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:tproxy          0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:ssh             0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:https           0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:40400           0.0.0.0:*               LISTEN

-t,--tcp 和 -u,--udp

只顯示tcp(udp)連接。

-p,--program

顯示進(jìn)程PID和進(jìn)程名稱

[root ~]# netstat -p
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 iZ135ux8u13Z:42584      121.58.13.94:mysql     ESTABLISHED 4815/java           
tcp        0      0 iZ135ux8u13Z:6379       62.48.69.16:54744      ESTABLISHED 840/redis-server *: 
tcp        0      0 localhost:40940         localhost:metasys       ESTABLISHED 5109/java           
tcp        0      0 iZ135ux8u13Z:6379       128.56.16.10:65097    ESTABLISHED 840/redis-server *:

-i,--interfaces

顯示網(wǎng)絡(luò)接口

[root ~]# netstat -i
Kernel Interface table
Iface      MTU    RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg
docker0   1500  2560782      0      0 0       4151415      0      0      0 BMU
eth0      1500 23379381      0      0 0      34455532      0      0      0 BMRU
eth1      1500 217716581      0      0 0      202343360      0      0      0 BMRU
lo       65536 240937752      0      0 0      240937752      0      0      0 LRU

-r,--route

顯示路由表

[root ~]# netstat -r
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
default         gateway         0.0.0.0         UG        0 0          0 eth1
10.0.0.0        10.165.21.247   255.0.0.0       UG        0 0          0 eth0
10.168.64.0     0.0.0.0         255.255.248.0   U         0 0          0 eth0
100.64.0.0      10.165.21.247   255.192.0.0     UG        0 0          0 eth0
121.40.180.0    0.0.0.0         255.255.252.0   U         0 0          0 eth1
link-local      0.0.0.0         255.255.0.0     U         0 0          0 eth0
link-local      0.0.0.0         255.255.0.0     U         0 0          0 eth1
172.16.0.0      10.165.21.247   255.240.0.0     UG        0 0          0 eth0
192.168.0.0     0.0.0.0         255.255.240.0   U         0 0          0 docker0

-e,--extend

顯示額外信息
-ie能顯示網(wǎng)絡(luò)接口的詳細(xì)信息,和ifconfig命令的顯示內(nèi)容一致
-pe會(huì)顯示進(jìn)程名和用戶名

[root ~]# netstat -pe
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       User       Inode      PID/Program name    
tcp        0      0 iZ135ux8u13Z:42584      121.58.13.94:mysql     ESTABLISHED root       70731166   4815/java           
tcp        0      0 iZ135ux8u13Z:6379       62.48.69.16:54744      ESTABLISHED redis      35176559   840/redis-server *: 
tcp        0      0 localhost:40940         localhost:metasys       ESTABLISHED root       74749821   5109/java           
tcp        0      0 iZ135ux8u13Z:6379       128.56.16.10:65097    ESTABLISHED redis      25990225   840/redis-server *:

-ne,User一列會(huì)顯示id而非用戶名

-s,--statistics

顯示每個(gè)協(xié)議的統(tǒng)計(jì)信息

[root ~]# netstat -s
Ip:
    484627137 total packets received
    6705287 forwarded
    501 with unknown protocol
    0 incoming packets discarded
    477921341 incoming packets delivered
    481921712 requests sent out
    72 dropped because of missing route
Icmp:
    25322 ICMP messages received
    7175 input ICMP message failed.
    InCsumErrors: 9
    ICMP input histogram:
        destination unreachable: 9616
        timeout in transit: 427
        redirects: 94
        echo requests: 15165
        echo replies: 10
        timestamp request: 1
    190825 ICMP messages sent
    0 ICMP messages failed
    ICMP output histogram:
        destination unreachable: 175649
        echo request: 10
        echo replies: 15165
        timestamp replies: 1
.......

用法示例

打印所有監(jiān)聽端口及對(duì)應(yīng)的進(jìn)程id和名稱

[root ~]# netstat -nlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:6379            0.0.0.0:*               LISTEN      840/redis-server *: 
tcp        0      0 0.0.0.0:8080            0.0.0.0:*               LISTEN      5109/java           
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      989/nginx: master p 
tcp        0      0 0.0.0.0:14001           0.0.0.0:*               LISTEN      26902/java          
tcp        0      0 0.0.0.0:8081            0.0.0.0:*               LISTEN      28705/java          
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      836/sshd

查看tcp端口

[root ~]# netstat -tnp
tcp        0   4080 182.92.221.114:22           123.122.21.121:17350        ESTABLISHED 18909/sshd
tcp        0      0 10.172.248.114:6379         10.171.86.96:56562          ESTABLISHED 18441/redis-server
tcp        0      0 10.172.248.114:6379         10.171.86.96:56496          ESTABLISHED 18441/redis-server
tcp        0      0 10.172.248.114:27017        10.171.86.96:46927          ESTABLISHED 21380/mongod

查看端口是否正常監(jiān)聽

查看是否處于監(jiān)聽狀態(tài)

[root ~]# netstat -nlp | grep ":80 "
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      989/nginx: master p

另外可以使用telnet測試遠(yuǎn)程服務(wù)器的端口是否打開:

telnet reomte-ip 80

如果本地正常監(jiān)聽,但telent不通,原因可能是防火墻沒有屏蔽的端口,需檢查防火墻設(shè)置。

各個(gè)監(jiān)聽狀態(tài)的含義

轉(zhuǎn)自:http://www.cnblogs.com/peida/archive/2013/03/08/2949194.html
LISTEN:偵聽來自遠(yuǎn)方的TCP端口的連接請(qǐng)求
SYN-SENT:再發(fā)送連接請(qǐng)求后等待匹配的連接請(qǐng)求(如果有大量這樣的狀態(tài)包,檢查是否中招了)
SYN-RECEIVED:再收到和發(fā)送一個(gè)連接請(qǐng)求后等待對(duì)方對(duì)連接請(qǐng)求的確認(rèn)(如有大量此狀態(tài),估計(jì)被flood攻擊了)
ESTABLISHED:代表一個(gè)打開的連接
FIN-WAIT-1:等待遠(yuǎn)程TCP連接中斷請(qǐng)求,或先前的連接中斷請(qǐng)求的確認(rèn)
FIN-WAIT-2:從遠(yuǎn)程TCP等待連接中斷請(qǐng)求
CLOSE-WAIT:等待從本地用戶發(fā)來的連接中斷請(qǐng)求
CLOSING:等待遠(yuǎn)程TCP對(duì)連接中斷的確認(rèn)
LAST-ACK:等待原來的發(fā)向遠(yuǎn)程TCP的連接中斷請(qǐng)求的確認(rèn)(不是什么好東西,此項(xiàng)出現(xiàn),檢查是否被攻擊)
TIME-WAIT:等待足夠的時(shí)間以確保遠(yuǎn)程TCP接收到連接中斷請(qǐng)求的確認(rèn)
CLOSED:沒有任何連接狀態(tài)

參考: linux man:man netstat

最后編輯于
?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請(qǐng)聯(lián)系作者
平臺(tái)聲明:文章內(nèi)容(如有圖片或視頻亦包括在內(nèi))由作者上傳并發(fā)布,文章內(nèi)容僅代表作者本人觀點(diǎn),簡書系信息發(fā)布平臺(tái),僅提供信息存儲(chǔ)服務(wù)。

推薦閱讀更多精彩內(nèi)容

  • 1、TCP狀態(tài)linux查看tcp的狀態(tài)命令:1)、netstat -nat 查看TCP各個(gè)狀態(tài)的數(shù)量2)、lso...
    北辰青閱讀 9,509評(píng)論 0 11
  • Spring Cloud為開發(fā)人員提供了快速構(gòu)建分布式系統(tǒng)中一些常見模式的工具(例如配置管理,服務(wù)發(fā)現(xiàn),斷路器,智...
    卡卡羅2017閱讀 134,937評(píng)論 18 139
  • 18.1 引言 TCP是一個(gè)面向連接的協(xié)議。無論哪一方向另一方發(fā)送數(shù)據(jù)之前,都必須先在雙方之間建立一條連接。本章將...
    張芳濤閱讀 3,427評(píng)論 0 13
  • 1)OSI與TCP/IP各層的結(jié)構(gòu)與功能,都有哪些協(xié)議。 OSI分層 (7層):物理層、數(shù)據(jù)鏈路層、網(wǎng)絡(luò)層、傳輸層...
    ldlywt閱讀 2,328評(píng)論 0 26
  • 北國的詩 那片紅葉是北國的詩, 沒有搗衣砧,沒有浣花箋, 沒有揚(yáng)州的燈火輝煌, 也沒有江南的綿綿細(xì)絲。 但當(dāng)那片涼...
    燚陽閱讀 487評(píng)論 2 2