00. 目录
01. 命令概述
netstat命令用于显示各种网络相关信息,如网络连接,路由表,接口状态 (Interface Statistics),masquerade 连接,多播成员 (Multicast Memberships) 等等。
从整体上看,netstat的输出结果可以分为两个部分:一个是Active Internet connections,称为有源TCP连接,其中”Recv-Q”和”Send-Q”指%0A的是接收队列和发送队列。这些数字一般都应该是0。如果不是则表示软件包正在队列中堆积。这种情况只能在非常少的情况见到;另一个是Active UNIX domain sockets,称为有源Unix域套接口(和网络套接字一样,但是只能用于本机通信,性能可以提高一倍)。
02. 命令格式
格式:netstat [选项] [参数]
- 1
03. 常用选项
-a或--all:显示所有连线中的Socket;
-A<网络类型>或--<网络类型>:列出该网络类型连线中的相关地址;
-c或--continuous:持续列出网络状态;
-C或--cache:显示路由器配置的快取信息;
-e或--extend:显示网络其他相关信息;
-F或--fib:显示FIB;
-g或--groups:显示多重广播功能群组组员名单;
-h或--help:在线帮助;
-i或--interfaces:显示网络界面信息表单;
-l或--listening:显示监控中的服务器的Socket;
-M或--masquerade:显示伪装的网络连线;
-n或--numeric:直接使用ip地址,而不通过域名服务器;
-N或--netlink或--symbolic:显示网络硬件外围设备的符号连接名称;
-o或--timers:显示计时器;
-p或--programs:显示正在使用Socket的程序识别码和程序名称;
-r或--route:显示Routing Table;
-s或--statistice:显示网络工作信息统计表;
-t或--tcp:显示TCP传输协议的连线状况;
-u或--udp:显示UDP传输协议的连线状况;
-v或--verbose:显示指令执行过程;
-V或--version:显示版本信息;
-w或--raw:显示RAW传输协议的连线状况;
-x或--unix:此参数的效果和指定"-A unix"参数相同;
--ip或--inet:此参数的效果和指定"-A inet"参数相同。
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
04. 参考示例
4.1 列出所有端口 (包括监听和未监听的)
[root@localhost ~]# netstat -a
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:mysql 0.0.0.0:* LISTEN
- 1
- 2
- 3
- 4
4.2 列出所有的TCP端口
[root@localhost ~]# netstat -at
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:mysql 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:sunrpc 0.0.0.0:* LISTEN
- 1
- 2
- 3
- 4
- 5
4.3 列出所有的UDP端口
[root@localhost ~]# netstat -au
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
udp 0 0 0.0.0.0:mdns 0.0.0.0:*
udp 0 0 localhost:323 0.0.0.0:*
- 1
- 2
- 3
- 4
- 5
4.4 显示路由表信息
[root@localhost ~]# netstat -r
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
default gateway 0.0.0.0 UG 0 0 0 ens33
172.16.0.0 0.0.0.0 255.255.254.0 U 0 0 0 ens33
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
[root@localhost ~]#
- 1
- 2
- 3
- 4
- 5
- 6
- 7
4.5 显示网络接口列表
[root@localhost ~]# netstat -i
Kernel Interface table
Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
ens33 1500 193158 0 0 0 7347 0 0 0 BMRU
lo 65536 101 0 0 0 101 0 0 0 LRU
virbr0 1500 0 0 0 0 0 0 0 0 BMU
[root@localhost ~]#
- 1
- 2
- 3
- 4
- 5
- 6
- 7
4.6 显示已连接的TCP端口,以及PID
[root@localhost ~]# netstat -tpnl
jActive Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 1546/mysqld
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 608/rpcbind
tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN 1363/dnsmasq
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 772/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 767/cupsd
tcp6 0 0 :::111 :::* LISTEN 608/rpcbind
tcp6 0 0 :::22 :::* LISTEN 772/sshd
tcp6 0 0 ::1:631 :::* LISTEN 767/cupsd
[root@localhost ~]# j
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
4.7 显示当前用户UDP端口,直接使用IP
[root@localhost ~]# netstat -nu
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
[root@localhost ~]#
- 1
- 2
- 3
- 4
4.8 显示多重广播功能群组组员
[root@localhost ~]# netstat -g
IPv6/IPv4 Group Memberships
Interface RefCnt Group
--------------- ------ ---------------------
lo 1 224.0.0.1
ens33 1 224.0.0.251
ens33 1 224.0.0.1
virbr0 1 224.0.0.251
virbr0 1 224.0.0.1
lo 1 ff02::1
lo 1 ff01::1
ens33 1 ff02::1:ffd5:68de
ens33 1 ff02::1
ens33 1 ff01::1
virbr0 1 ff02::1
virbr0 1 ff01::1
virbr0-nic 1 ff02::1
virbr0-nic 1 ff01::1
[root@localhost ~]#
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
4.9 只显示监听端口
[root@localhost ~]# netstat -l
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:mysql 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:sunrpc 0.0.0.0:* LISTEN
- 1
- 2
- 3
- 4
- 5
4.10 只列出所有监听 tcp 端口
[root@localhost ~]# netstat -lt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:mysql 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:sunrpc 0.0.0.0:* LISTEN
tcp 0 0 localhost.locald:domain 0.0.0.0:* LISTEN
- 1
- 2
- 3
- 4
- 5
- 6
4.11只列出所有监听 udp 端口
[root@localhost ~]# netstat -lu
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
udp 0 0 0.0.0.0:mdns 0.0.0.0:*
udp 0 0 localhost:323 0.0.0.0:*
- 1
- 2
- 3
- 4
- 5
4.12 只列出所有监听 UNIX 端口
[root@localhost ~]# netstat -lx
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 32140 @/tmp/.ICE-unix/1953
unix 2 [ ACC ] STREAM LISTENING 29533 @/tmp/dbus-Jvx5ygyU22
- 1
- 2
- 3
- 4
- 5
4.13 显示所有端口的统计信息
[root@localhost ~]# netstat -s
Ip:
179136 total packets received
0 forwarded
0 incoming packets discarded
179017 incoming packets delivered
6995 requests sent out
32 dropped because of missing route
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
4.14 显示TCP端口的统计信息
[root@localhost ~]# netstat -st
IcmpMsg:
InType0: 10
OutType3: 2
OutType8: 10
- 1
- 2
- 3
- 4
- 5
4.15 显示UDP端口的统计信息
[root@localhost ~]# netstat -su
IcmpMsg:
InType0: 10
OutType3: 2
OutType8: 10
- 1
- 2
- 3
- 4
- 5
4.16 在netstat输出中显示 PID 和进程名称
[root@localhost ~]# netstat -pt
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 96 localhost.localdoma:ssh 172.16.0.51:50412 ESTABLISHED 3560/sshd: deng [pr
[root@localhost ~]#
- 1
- 2
- 3
- 4
- 5
netstat -p可以与其它开关一起使用,就可以添加“PID/进程名称”到netstat输出中,这样debugging的时候可以很方便的发现特定端口运行的程序。
4.17 显示数字端口号,但是不影响主机或用户名的解析
[root@localhost ~]# netstat -a --numeric-ports
- 1
4.18 显示数字形式的主机但是不影响端口或用户名的解析
[root@localhost ~]# netstat -a --numeric-hosts
- 1
4.19 显示数字的用户ID,但是不影响主机和端口名的解析
[root@localhost ~]# netstat -a --numeric-users
- 1
4.20 持续显示网络信息
[root@localhost ~]# netstat -c
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
- 1
- 2
- 3
4.21显示系统不支持的地址族
[root@localhost ~]# netstat --verbose
netstat: no support for `AF IPX' on this system.
netstat: no support for `AF AX25' on this system.
netstat: no support for `AF X25' on this system.
netstat: no support for `AF NETROM' on this system.
- 1
- 2
- 3
- 4
- 5
4.22 显示路由信息
[root@localhost ~]# netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 172.16.0.1 0.0.0.0 UG 0 0 0 ens33
172.16.0.0 0.0.0.0 255.255.254.0 U 0 0 0 ens33
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
[root@localhost ~]#
- 1
- 2
- 3
- 4
- 5
- 6
- 7
4.23 查找指定进程的网络状态信息
[root@localhost ~]# netstat -apn | grep ssh
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 772/sshd
tcp 0 96 172.16.0.76:22 172.16.0.51:50412 ESTABLISHED 3560/sshd: deng [pr
- 1
- 2
- 3
4.24 查找指定端口进程
[root@localhost ~]# netstat -apn | grep -w 22
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 772/sshd
tcp 0 96 172.16.0.76:22 172.16.0.51:50412 ESTABLISHED 3560/sshd: deng [pr
tcp6 0 0 :::22 :::* LISTEN 772/sshd
[root@localhost ~]#
- 1
- 2
- 3
- 4
- 5
4.25 显示所有网络接口信息
[root@localhost ~]# netstat -ie
Kernel Interface table
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.16.0.76 netmask 255.255.254.0 broadcast 172.16.1.255
inet6 fe80::16e5:9e6b:b4d5:68de prefixlen 64 scopeid 0x20<link>
ether 00:50:56:26:d8:88 txqueuelen 1000 (Ethernet)
RX packets 203226 bytes 59605454 (56.8 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 9213 bytes 5044661 (4.8 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 101 bytes 7127 (6.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 101 bytes 7127 (6.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
ether 52:54:00:d2:18:f4 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@localhost ~]#
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
4.26 查看连接某服务端口最多的的IP地址
[root@localhost ~]# netstat -nat | grep "172.16.0.76:22" |awk '{print $5}'|awk -F: '{print $1}'|sort|uniq -c|sort -nr|head -20
1 172.16.0.51
[root@localhost ~]#
- 1
- 2
- 3
4.27 查看3306 端口(mysql)的链接数
[root@localhost ~]# netstat -apn | grep -c 3306
1
[root@localhost ~]#
- 1
- 2
- 3
4.28 统计TCP连接
[root@localhost ~]# netstat -n | awk '/^tcp/{++S[$NF]} END {for (a in S) print a, S[a]}'
ESTABLISHED 1
[root@localhost ~]#
- 1
- 2
- 3
4.29 统计TCP各种状态
[root@localhost ~]# netstat -nt | grep -e 127.0.0.1 -e 0.0.0.0 -e ::: -v | awk '/^tcp/ {++state[$NF]} END {for(i in state) print i,"\t",state[i]}'
ESTABLISHED 1
[root@localhost ~]#
- 1
- 2
- 3
4.30 把状态全都取出来后使用uniq -c统计后再进行排序
[root@localhost ~]# netstat -nat |awk '{print $6}'|sort|uniq -c|sort -rn
8 LISTEN
1 Foreign
1 ESTABLISHED
1 established)
[root@localhost ~]#
- 1
- 2
- 3
- 4
- 5
- 6
评论记录:
回复评论: