用途
打印网络连接,路由表,网卡信息,假连接,组播成员信息
用法
1 显示网络连接信息
netstat [address_family_options] [--tcp|-t] [--udp|-u] [--raw|-w] [--listening|-l] [--all|-a] [--numeric|-n] [--numeric-hosts][--numeric-ports][--numeric-ports] [--symbolic|-N] [--extend|-e[--extend|-e]] [--timers|-o] [--program|-p] [--verbose|-v] [--continuous|-c] [delay]
2 显示路由表
netstat {--route|-r} [address_family_options] [--extend|-e[--extend|-e]] [--verbose|-v] [--numeric|-n] [--numeric-hosts][--numeric-ports][--numeric-ports] [--continuous|-c] [delay]
3 显示网卡统计信息
netstat {--interfaces|-I|-i} [iface] [--all|-a] [--extend|-e] [--verbose|-v] [--program|-p] [--numeric|-n] [--numeric-hosts][--numeric-ports][--numeric-ports] [--continuous|-c] [delay]
4 显示组播信息
netstat {--groups|-g} [--numeric|-n] [--numeric-hosts][--numeric-ports][--numeric-ports] [--continuous|-c] [delay]
5 显示假连接
netstat {--masquerade|-M} [--extend|-e] [--numeric|-n] [--numeric-hosts][--numeric-ports][--numeric-ports] [--continuous|-c] [delay]
6 显示网络连接统计信息
netstat {--statistics|-s} [--tcp|-t] [--udp|-u] [--raw|-w] [delay]
7 显示命令版本信息
netstat {--version|-V}
8 显示命令帮助信息
netstat {--help|-h}
常用选项
--verbose , -v
输出详细信息
--numeric , -n
地址和端口以及用户使用数字显示
--numeric-hosts
地址使用数字显示
--numeric-ports
端口使用数字显示
--numeric-users
用户以用户id的方式显示
--protocol=family , -A
协议族,多个使用英文逗号分隔,常用网络协议族inet, inet6, unix, ipx, ax25, netrom, and ddp,效果和--inet, --inet6, --unix (-x), --ipx, --ax25, --netrom, and --ddp options这些选项等价
-c, --continuous
每秒循环输出信息
-e, --extend
输出更多信息,双选项表示输出更多更多信息
-o, --timers
输出网络定时器信息
-p, --program
输出程序名称
-l, --listening
仅显示正在监听的socket
-a, --all
显示所有状态的连接
-F
从FIB输出路由信息
-C
从路由缓存输出路由信息
-T --notrim
显示完整的长地址
输出字段说明
1 活跃网络连接
Proto
socket使用的网络协议 (TCP, UDP, raw)
Recv-Q
The count of bytes not copied by the user program connected to this socket.
Send-Q
The count of bytes not acknowledged by the remote host.
Local Address
本地地址
Foreign Address
远程地址
State
状态,针对TCP协议
ESTABLISHED
The socket has an established connection.
SYN_SENT
The socket is actively attempting to establish a connection.
SYN_RECV
A connection request has been received from the network.
FIN_WAIT1
The socket is closed, and the connection is shutting down.
FIN_WAIT2
Connection is closed, and the socket is waiting for a shutdown from the remote end.
TIME_WAIT
The socket is waiting after close to handle packets still in the network.
CLOSED The socket is not being used.
CLOSE_WAIT
The remote end has shut down, waiting for the socket to close.
LAST_ACK
The remote end has shut down, and the socket is closed. Waiting for acknowledgement.
LISTEN The socket is listening for incoming connections. Such sockets are not included in the output unless you specify the
--listening (-l) or --all (-a) option.
CLOSING
Both sockets are shut down but we still don’t have all our data sent.
UNKNOWN
The state of the socket is unknown.
User
用户
PID/Program name
程序名称
Timer
网络定时器
2 Active UNIX domain Sockets
Proto
协议,通常是unix
RefCnt
The reference count (i.e. attached processes via this socket).
Flags
The flags displayed is SO_ACCEPTON (displayed as ACC), SO_WAITDATA (W) or SO_NOSPACE (N). SO_ACCECPTON is used on unconnected sockets if their corresponding processes are waiting for a connect request. The other flags are not of normal interest.
Type
There are several types of socket access:
SOCK_DGRAM
The socket is used in Datagram (connectionless) mode.
SOCK_STREAM
This is a stream (connection) socket.
SOCK_RAW
The socket is used as a raw socket.
SOCK_RDM
This one serves reliably-delivered messages.
SOCK_SEQPACKET
This is a sequential packet socket.
SOCK_PACKET
Raw interface access socket.
UNKNOWN
Who ever knows what the future will bring us - just fill in here :-)
State
状态
FREE The socket is not allocated
LISTENING
The socket is listening for a connection request. Such sockets are only included in the output if you specify the
--listening (-l) or --all (-a) option.
CONNECTING
The socket is about to establish a connection.
CONNECTED
The socket is connected.
DISCONNECTING
The socket is disconnecting.
(empty)
The socket is not connected to another one.
UNKNOWN
This state should never happen.
PID/Program name
程序名称
Path
This is the path name as which the corresponding processes attached to the socket.
实践
1 显示系统正在监听的服务
[root@vm ~]# netstat -tlop
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name Timer
tcp 0 0 localhost:irdmi *:* LISTEN 30478/./skynet/skyn off (0.00/0/0)
tcp 0 0 localhost:9121 *:* LISTEN 806/redis_exporter off (0.00/0/0)
tcp 0 0 localhost:websm *:* LISTEN 805/prometheus off (0.00/0/0)
tcp 0 0 localhost:9187 *:* LISTEN 807/postgres_export off (0.00/0/0)
tcp 0 0 *:8070 *:* LISTEN 812/nginx off (0.00/0/0)
tcp 0 0 *:mysql *:* LISTEN 1821/mysqld.bin off (0.00/0/0)
tcp 0 0 localhost:6379 *:* LISTEN 1953/redis-server 1 off (0.00/0/0)
tcp 0 0 localhost:jetdirect *:* LISTEN 813/node_exporter off (0.00/0/0)
tcp 0 0 localhost:9229 *:* LISTEN 811/gitlab-workhors off (0.00/0/0)
tcp 0 0 localhost:webcache *:* LISTEN 960/unicorn master off (0.00/0/0)
tcp 0 0 *:http *:* LISTEN 1892/nginx off (0.00/0/0)
tcp 0 0 localhost:9168 *:* LISTEN 810/ruby off (0.00/0/0)
tcp 0 0 localhost:9236 *:* LISTEN 814/gitaly off (0.00/0/0)
tcp 0 0 *:ssh *:* LISTEN 1430/sshd off (0.00/0/0)
tcp 0 0 *:ddi-tcp-1 *:* LISTEN 30478/./skynet/skyn off (0.00/0/0)
tcp 0 0 localhost:smtp *:* LISTEN 1509/master off (0.00/0/0)
tcp 0 0 *:https *:* LISTEN 1892/nginx off (0.00/0/0)
tcp 0 0 *:8060 *:* LISTEN 812/nginx off (0.00/0/0)
tcp 0 0 *:raid-am *:* LISTEN 30478/./skynet/skyn off (0.00/0/0)
tcp 0 0 localhost:ema-sent-lm *:* LISTEN 30478/./skynet/skyn off (0.00/0/0)
tcp 0 0 localhost:9168 *:* LISTEN 810/ruby off (0.00/0/0)
tcp 0 0 *:ssh *:* LISTEN 1430/sshd off (0.00/0/0)
tcp 0 0 localhost:smtp *:* LISTEN 1509/master off (0.00/0/0)
2 显示所有状态的tcp连接
[root@vm ~]# netstat -at
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 localhost:irdmi *:* LISTEN
tcp 0 0 localhost:9121 *:* LISTEN
tcp 0 0 localhost:websm *:* LISTEN
tcp 0 0 localhost:9187 *:* LISTEN
tcp 0 0 *:8070 *:* LISTEN
tcp 0 0 *:mysql *:* LISTEN
tcp 0 0 localhost:6379 *:* LISTEN
tcp 0 0 localhost:jetdirect *:* LISTEN
tcp 0 0 localhost:9229 *:* LISTEN
tcp 0 0 localhost:webcache *:* LISTEN
tcp 0 0 *:http *:* LISTEN
tcp 0 0 localhost:9168 *:* LISTEN
tcp 0 0 localhost:9236 *:* LISTEN
tcp 0 0 *:ssh *:* LISTEN
tcp 0 0 *:ddi-tcp-1 *:* LISTEN
tcp 0 0 localhost:smtp *:* LISTEN
tcp 0 0 *:https *:* LISTEN
tcp 0 0 *:8060 *:* LISTEN
tcp 0 0 *:raid-am *:* LISTEN
tcp 0 0 localhost:ema-sent-lm *:* LISTEN
tcp 0 0 localhost:webcache localhost:59852 TIME_WAIT
tcp 0 0 localhost:jetdirect localhost:42390 TIME_WAIT
tcp 0 0 localhost:42498 localhost:jetdirect TIME_WAIT
tcp 0 0 localhost:8070 localhost:40552 TIME_WAIT
tcp 0 0 localhost:9236 localhost:45880 TIME_WAIT
tcp 0 0 localhost:50728 localhost:9121 TIME_WAIT
tcp 0 0 localhost:9187 localhost:56396 TIME_WAIT
tcp 0 0 localhost:43358 localhost:http TIME_WAIT
tcp 0 0 localhost:58866 localhost:9229 TIME_WAIT
tcp 0 0 localhost:webcache localhost:59818 TIME_WAIT
tcp 0 0 localhost:9121 localhost:50830 TIME_WAIT
tcp 0 0 localhost:websm localhost:60060 TIME_WAIT
tcp 0 0 localhost:raid-am localhost:53338 ESTABLISHED
tcp 0 0 localhost:9121 localhost:50762 TIME_WAIT
tcp 0 0 10.0.2.4:ssh 10.0.2.2:51548 ESTABLISHED
tcp 0 0 localhost:jetdirect localhost:42424 TIME_WAIT
tcp 0 0 localhost:jetdirect localhost:42458 TIME_WAIT
tcp 0 0 localhost:58832 localhost:9229 TIME_WAIT
tcp 0 0 localhost:9236 localhost:45846 TIME_WAIT
tcp 0 0 localhost:9187 localhost:56430 TIME_WAIT
tcp 0 0 localhost:webcache localhost:59886 TIME_WAIT
tcp 0 0 localhost:9229 localhost:58764 TIME_WAIT
tcp 0 0 localhost:websm localhost:60134 TIME_WAIT
tcp 0 0 localhost:45812 localhost:9236 TIME_WAIT
tcp 0 0 localhost:60094 localhost:websm TIME_WAIT
tcp 0 0 10.0.2.4:ssh 10.0.2.2:63964 ESTABLISHED
tcp 0 0 localhost:webcache localhost:59920 TIME_WAIT
tcp 0 0 localhost:53338 localhost:raid-am ESTABLISHED
tcp 0 0 localhost:9236 localhost:45778 TIME_WAIT
tcp 0 0 localhost:websm localhost:60026 TIME_WAIT
tcp 0 0 localhost:9187 localhost:56362 TIME_WAIT
tcp 0 0 10.0.2.4:ssh 10.0.2.2:63386 ESTABLISHED
tcp 0 0 localhost:9187 localhost:56464 TIME_WAIT
tcp 0 0 localhost:9229 localhost:58798 TIME_WAIT
tcp 0 0 localhost:9121 localhost:50796 TIME_WAIT
tcp 0 0 localhost:8070 localhost:40550 TIME_WAIT
tcp 0 0 localhost:9168 *:* LISTEN
tcp 0 0 *:ssh *:* LISTEN
tcp 0 0 localhost:smtp *:* LISTEN
tcp 0 0 localhost:39366 localhost:9168 TIME_WAIT
tcp 0 0 localhost:9168 localhost:39354 TIME_WAIT
tcp 0 0 localhost:39332 localhost:9168 TIME_WAIT
tcp 0 0 localhost:9168 localhost:39298 TIME_WAIT
tcp 0 0 localhost:9168 localhost:39408 TIME_WAIT
tcp 0 0 localhost:9168 localhost:39400 TIME_WAIT
tcp 0 0 localhost:9168 localhost:39428 TIME_WAIT
tcp 0 0 localhost:9168 localhost:39306 TIME_WAIT
tcp 0 0 localhost:9168 localhost:39320 TIME_WAIT
tcp 0 0 localhost:9168 localhost:39340 TIME_WAIT
tcp 0 0 localhost:9168 localhost:39374 TIME_WAIT
tcp 0 0 localhost:39388 localhost:9168 TIME_WAIT
3 显示网卡统计信息
[root@vm ~]# netstat -i
Kernel Interface table
Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0 1500 0 51912 0 0 0 48318 0 0 0 BMRU
lo 65536 0 877515 0 0 0 877515 0 0 0 LRU
参考资料
【1】 man netstat
【2】TCP Timers
https://learningnetwork.cisco.com/thread/47664